<div>Is it possible the issue is with the network card in the server and not the AP's? I've tried setting it up on another machine and everything works on it exactly as configured. Using a Cisco AP didn't work and the version of freeradius I install on the box reporting errors doesn't make a difference either since I downloaded and installed 2.1.6 identical to my test machine and got the same errors. In any event I think I'm going to move DNS/DHCP to my test box and and then switch it to my production unit. Thanks for the help guys.</div>
<div>Rob<br><br></div>
<div class="gmail_quote">On Fri, Mar 19, 2010 at 1:56 PM, Alan DeKok <span dir="ltr"><<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div class="im">Rob Brickhouse wrote:<br>> I hope someone can help me with this. I tested setting up freeradius<br>> 2.1.6 on an opensuse 10.2 box and was able to get everything<br>> authenticating against novell edirectory. Now that I'm finally ready to<br>
> put it on my production box, only 2.1.8 is available but I figure no big<br>> deal since it appeared to have alot of fixes. After going through and<br>> setting everything up like I did before, I can use my test utility to<br>
> verify that I can successfully read the username and password from<br>> edirectory but I get the message "Invalid packet code 11 sent to<br>> authentication port from client TESAP8 port 1041 : IGNORED" when my<br>
> Netgear access point connects.<br><br></div> The AP is broken. Throw it in the garbage and buy one that implements<br>RADIUS.<br>
<div class="im"><br>> I can change the ip to my 2.1.6<br>> freeradius box and it works so I don't think the issue is with my AP<br>> even though that is what the message seems to indicate.<br><br></div> I don't see why that would make any difference. What does the debug<br>
log from 2.1.6 look like?<br><br>...<br>
<div class="im">> Sending Access-Challenge of id 20 to 10.6.4.108 port 1041<br>> EAP-Message = 0x010100160410eae98bafd4b076dcf8b6341b415000fe<br>> Message-Authenticator = 0x00000000000000000000000000000000<br>
> State = 0x731ac834731bcca6975b39a87528fad1<br>> Finished request 1.<br>> Going to the next request<br>> Waking up in 4.9 seconds.<br>> Invalid packet code 11 sent to authentication port from client TESAP8<br>
> port 1041 : IGNORED<br><br></div> IIRC, this is similar to a bug seen before. If it sees an<br>Access-Challenge with State *after* Message-Authenticator, it "bounces"<br>the packet back to the RADIUS server. This is two errors:<br>
<br> 1) order of attributes does not matter<br> 2) clients do not send Access-Challenge to a server.<br><br> There is NO WAY that an AP should send an Access-Challenge to a<br>server. If it does, then the AP is horribly broken.<br>
<br> My guess is that this is a very old AP using a broken firmware image.<br> Or, it's a new one, and the vendor didn't bother to implement RADIUS<br>correctly.<br><font color="#888888"><br> Alan DeKok.<br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</font></blockquote></div><br>