<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi,<br>
<blockquote cite="mid:BAY147-W1D5637F0771E42DCA7721CCED0@phx.gbl"
type="cite">
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
<div dir="ltr">
This kind of Q&A thing helps no one here! </div>
</blockquote>
I think it does...<br>
<br>
<blockquote cite="mid:BAY147-W1D5637F0771E42DCA7721CCED0@phx.gbl"
type="cite">
<div dir="ltr">Many people are reporting the same issue on
different platforms! I don't think the problem is either with
the client or the certificates since I conducted some testing
using the same client and the same certificates but an old FR
version (1.1.7) and the tests pass. It's easier to blame
something else but we could spend that time contributing to the
solution and so helping others!<br>
</div>
</blockquote>
Even more weird, we have had the same issue lately with one
controller model, and not the other. We were using the same config
on the client, on the server, and the same certs.<br>
<br>
I also tend to blame the client tho, maybe EAP is now more strict on
the server side? If you can point us a doc to enable the EAP debug
under windows, I am sure many people (even myself) would be glad to
troubleshoot.<br>
<br>
<blockquote cite="mid:BAY147-W1D5637F0771E42DCA7721CCED0@phx.gbl"
type="cite">
<div dir="ltr"><br>
<br>
<br>
<div>> Date: Wed, 26 Oct 2011 15:36:19 +0200<br>
> From: <a class="moz-txt-link-abbreviated" href="mailto:aland@deployingradius.com">aland@deployingradius.com</a><br>
> To: <a class="moz-txt-link-abbreviated" href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>
> Subject: Re: PEAP with Machine auth<br>
> <br>
> Phil Mayers wrote:<br>
> > Seriously - it's important to understand that the
CLIENT stops<br>
> > responding. FreeRADIUS can't do anything more in
this case - the client<br>
> > has stopped sending EAPOL packets, so the client
must think that<br>
> > something is wrong.<br>
> <br>
> That's the main issue people have with RADIUS. The client
is in<br>
> charge of pretty much everything, and few people
understand that.<br>
> <br>
> Q: Why does the client stop talking to the server?<br>
> A: Because it doesn't like the response from the server<br>
> <br>
> Q: OK... *what* part of the response doesn't it like?<br>
> A: Go ask the client<br>
> <br>
> Q: But I can't! What do I do?<br>
> A: well... we don't know, either. Go ask Microsoft.<br>
> <br>
> > You will have to debug the client. This is very very
painful on Windows;<br>
> > it's hard to even find the EAPOL debugging options,
let alone interpret<br>
> > the results.<br>
> <br>
> Yes. Everyone reading this list should understand CLIENT
issues cause<br>
> you to debug the CLIENT.<br>
> <br>
> If the server returns the wrong thing... you can fix the
server. Fort<br>
> pretty much everything else, blame the client.<br>
> <br>
> Alan DeKok.<br>
> -<br>
> List info/subscribe/unsubscribe? See
<a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a><br>
</div>
</div>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
-
List info/subscribe/unsubscribe? See <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Francois Gaudreault, ing. jr
<a class="moz-txt-link-abbreviated" href="mailto:fgaudreault@inverse.ca">fgaudreault@inverse.ca</a> :: +1.514.447.4918 (x130) :: <a class="moz-txt-link-abbreviated" href="http://www.inverse.ca">www.inverse.ca</a>
Inverse inc. :: Leaders behind SOGo (<a class="moz-txt-link-abbreviated" href="http://www.sogo.nu">www.sogo.nu</a>) and PacketFence (<a class="moz-txt-link-abbreviated" href="http://www.packetfence.org">www.packetfence.org</a>) </pre>
</body>
</html>