eap_peap: We sent a success, but the client did not agree [FreeRadius + samba4 AD + dynamic vlans]
Elias Pereira
empbilly at gmail.com
Thu Jul 19 15:19:36 CEST 2018
Any tips & tricks here? :)
On Wed, Jul 18, 2018 at 5:16 PM Elias Pereira <empbilly at gmail.com> wrote:
> I forgot to mention it in the first email. I configured the ldap module so
> that I could work with groups and redirect to the corresponding vlan.
>
>
>> Read http://wiki.freeradius.org/list-help.
>> We want to see "radiusd -X". Not "radiusd -Xxxxxxxxx"
>
>
> Ok. Thanks!
>
> That message should be clear.
>> > *Wed Jul 18 14:44:25 2018 : ERROR: (71) eap_peap: We sent a success, but
>> > the client did not agree*
>> > *Wed Jul 18 14:44:25 2018 : ERROR: (71) eap: Failed continuing EAP PEAP
>> > (25) session. EAP sub-module failed*
>> OK... so you're ignoring the one useful message, and worrying about two
>> *subsequent* messages?
>
>
> New log in the pastbin. All logs refer to 1 or 2 cell authentication
> attempts.
> https://pastebin.com/raw/45tzkG6w
>
> Yes. When the password is incorrect.
>
>
> At first the password is correct. I put the very easy password to test. :)
>
> If you want to get it working, there is a step-by-step guide on my web
>> site:
>> http://deployingradius.com
>
>
> Ok. Thanks for the guide.
>
> PAP ok
> EAP ok
> Create certificate ok
> Import ?
>
> I tried importing the ca.der to my android, but did not recognize it.
> Which certificate does it import?
>
>
>
> On Wed, Jul 18, 2018 at 3:50 PM Alan DeKok <aland at deployingradius.com>
> wrote:
>
>> On Jul 18, 2018, at 2:12 PM, Elias Pereira <empbilly at gmail.com> wrote:
>> >
>> > At first everything is ok with the settings. I made internal tests with
>> > radtest and the authentication of a domain user is done correctly. I
>> also
>> > tested with pfsense's captiveportal and it worked correctly.
>> >
>> > We have a wifi controller from the motorola and created a ssid and set
>> the
>> > AAA profile as it showed in the extreme support itself.
>> >
>> > After trying to connect via mobile with android, the following error
>> occurs:
>>
>> Read http://wiki.freeradius.org/list-help.
>>
>> We want to see "radiusd -X". Not "radiusd -Xxxxxxxxx"
>>
>> > Wed Jul 18 14:44:25 2018 : Debug: (71) eap_peap: [eaptls process] = ok
>> > Wed Jul 18 14:44:25 2018 : Debug: (71) eap_peap: Session established.
>> > Decoding tunneled attributes
>> > Wed Jul 18 14:44:25 2018 : Debug: (71) eap_peap: PEAP state send tlv
>> success
>> > Wed Jul 18 14:44:25 2018 : Debug: (71) eap_peap: Received EAP-TLV
>> response
>> > Wed Jul 18 14:44:25 2018 : Debug: (71) eap_peap: Client rejected our
>> > response. The password is probably incorrect
>>
>> That message should be clear.
>>
>> > *Wed Jul 18 14:44:25 2018 : ERROR: (71) eap_peap: We sent a success, but
>> > the client did not agree*
>> > *Wed Jul 18 14:44:25 2018 : ERROR: (71) eap: Failed continuing EAP PEAP
>> > (25) session. EAP sub-module failed*
>>
>> OK... so you're ignoring the one useful message, and worrying about two
>> *subsequent* messages?
>>
>> > Has anyone ever had this problem?
>>
>> Yes. When the password is incorrect.
>>
>> If you want to get it working, there is a step-by-step guide on my web
>> site:
>>
>> http://deployingradius.com
>>
>> Alan DeKok.
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
>
> --
> Elias Pereira
>
--
Elias Pereira
More information about the Freeradius-Users
mailing list