Brooks, Kyle wrote:
We have been trying to setup the new FreeRadius server, version 2.0.3 on Fedora 9. We are very close as during testing a user was able to authenticate to AD via LDAP. Radtest was ok, but there is no accept packet/acknowledgment sent back, so the network switch thinks the user hasn't been authenticated yet. Below is the radius log, sensitive information has been taken out. I'm hoping someone can help us figure out what we are doing wrong. The log below has been shorten.
See my web site for instructions on setting up and testing EAP.
Sending Access-Challenge of id 21 to 10.0.1.9 port 1645 EAP-Message = 0x0109005b19001703010050acf799d4d09f9221585544ed0d61e14e0eb13d4781dcbe9e6fe7423d1f1f6620939f16d7c7113f3c7be0735d0bcf4a463c760c12da2d85a850a3c22ed81efecdba83d919935cda81ca7bcc377b51825e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x87d5a69b81dcbf58ea7c4f63c1b50a12 Finished request 6. Going to the next request Waking up in 4.8 seconds. Cleaning up request 0 ID 15 with timestamp +20
This is in the FAQ, and documented in the comments in raddb/eap.conf. The client is Windows, and you likely haven't used the FreeRADIUS certificate creation scripts. If you have used it, then see recent posts to the list on other PEAP problems. Or, maybe the switch is broken. 3Com seems to be having a lot of trouble with older models. Alan DeKok.