Hi, In the recent development, finally I found the problem. So the "failure" was due to the fragment_size option inside tls stanza was "too small" (i.e. 1024). According to the debug log, I found this statement: "*Received packet will be too large! Set "fragment_size = 1071""* I doubled the value to 2048 seems solved the problem. Regards -- *Muhammad Farhan SJAUGI, S.Kom. M.Sc. * Head | Information Technology Dept. | Senior Lecturer | Centre for Computing - Centre for Bioinformatics | School of Data Sciences Perdana University | Block D1, MAEPS Building, MARDI Complex, Jalan MAEPS Perdana, Serdang 43400, Selangor D.E. Malaysia Tel: (60) 3-89418646 (ext: 197) GMT+8h | Fax: (65) 3-89417661 | Email: farhan@perdanauniversity.edu.my Homepage: http://perdanauniversity.edu.my/pusps/programmes/bioinformatics/our-team/muh... <fhn@cbcommunity.or.id> On Wed, Aug 9, 2017 at 1:04 AM, Alex Sharaz <alex.sharaz@york.ac.uk> wrote:
Hi I'm using both FR 3.0.15 + radsecproxy and FR 3.0.15 with internal radsec support . I'm on holiday at the moment it can send u details when I get back to work on 21st. A
Sent from my iPhone 6 plus
On 8 Aug 2017, at 18:51, Muhammad Farhan SJAUGI < farhan@perdanauniversity.edu.my> wrote:
Greetings,
Currently I am working on "migrating" our radius proxy server from radsecproxy to freeradius 3.0.15 with radsec. At the client side, majority of them are using radsecproxy+freeradius 2.2.9.
Connection from the radius proxy via radius port (1812)/non-radsec works well. However, if we change the connection from the radius proxy via radsec it doesn't work.
Below is the error message from the proxy server's log (full debug log attached):
(1) eap: ERROR: rlm_eap (EAP): No EAP session matching state 0xcacb836ecaca9624 (1) eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request (1) eap: Failed to get handler, probably already removed, not inserting EAP-Failure
, while at the client side (full debug log attached):
rlm_eap: No EAP session matching the State variable. [eap] Either EAP-request timed out OR EAP-response to an unknown EAP-request [eap] Failed in handler ++[eap] = invalid +} # group authenticate = invalid
I used eapol_test to test the authentication.
I there anyone faced similar problem before? if yes, would you mind to share the solution?
Regards
--
*Muhammad Farhan SJAUGI, S.Kom. M.Sc. *
Head | Information Technology Dept. | Senior Lecturer | Centre for Computing - Centre for Bioinformatics | School of Data Sciences
Perdana University | Block D1, MAEPS Building, MARDI Complex, Jalan MAEPS Perdana, Serdang 43400, Selangor D.E. Malaysia
Tel: (60) 3-89418646 (ext: 197) GMT+8h | Fax: (65) 3-89417661 | Email: farhan@perdanauniversity.edu.my
Homepage: http://perdanauniversity.edu.my/pusps/programmes/ bioinformatics/our-team/muhammad-farhan-sjaugi/
<fhn@cbcommunity.or.id>
-- DISCLAIMER: This e-mail and any files transmitted with it ("Message") is intended only for the use of the recipient(s) named above and may contain confidential information. You are hereby notified that the taking of any action in reliance upon, or any review, retransmission, dissemination, distribution, printing or copying of this Message or any part thereof by anyone other than the intended recipient(s) is strictly prohibited. If you have received this Message in error, you should delete this Message immediately and advise the sender by return e-mail. Opinions, conclusions and other information in this Message that do not relate to the official business of Perdana University shall be understood as neither given nor endorsed by any of the forementioned. <radius client.txt> <radius proxy.txt> - List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
-- DISCLAIMER: This e-mail and any files transmitted with it ("Message") is intended only for the use of the recipient(s) named above and may contain confidential information. You are hereby notified that the taking of any action in reliance upon, or any review, retransmission, dissemination, distribution, printing or copying of this Message or any part thereof by anyone other than the intended recipient(s) is strictly prohibited. If you have received this Message in error, you should delete this Message immediately and advise the sender by return e-mail. Opinions, conclusions and other information in this Message that do not relate to the official business of Perdana University shall be understood as neither given nor endorsed by any of the forementioned.