I am trying to speak between my Freeradius server and a Cisco WLSE. I am seeing EAP timeouts while WLSE is trying to authenticate through Freeradius. I have setup the AAA details (server,port,username,password,eap protocol) in the WLSE, and enabled fault tracking, so that polling is able to take place. The WDS Master router has no problems authenticating, it is the WLSE that I am having problems getting authenticated. AP-70#show wlccp wnm status WNM IP Address : 192.168.254.5 Status : NOT AUTHENTICATED AP-70#show wlccp wds MAC: 0014.6a77.1604, IP-ADDR: 192.168.254.70 , Priority: 254 Interface BVI1, State: Administratively StandAlone - ACTIVE AP Count: 43 , MN Count: 9 == The WLSE is speaking with freeradius: (output from tcpdump) 17:40:36.415982 IP wlse.southwestern.edu.32815 > radius.southwestern.edu.radius: rad-access-req 132 [id 3] Attr[ User{wlseacct} NAS_ipaddr{wlse.southwestern.edu} Called_station{ABBAABBAABBA} [|radius] 17:40:36.422513 IP radius.southwestern.edu.radius > wlse.southwestern.edu.32815: rad-access-cha 92 [id 3] Attr[ [|radius] 17:40:36.423393 IP wlse.southwestern.edu.32815 > radius.southwestern.edu.radius: rad-access-req 125 [id 3] Attr[ User{wlseacct} NAS_ipaddr{wlse.southwestern.edu} Called_station{ABBAABBAABBA} [|radius] 17:40:42.433507 IP radius.southwestern.edu.radius > wlse.southwestern.edu.32815: rad-access-reject 20 [id 3] == == ...and the output from Freeradius rad_recv: Access-Request packet from host 192.168.254.10:32815, id=3, length=132 User-Name = "wlseacct" NAS-IP-Address = 192.168.254.10 Called-Station-Id = "ABBAABBAABBA" Calling-Station-Id = "ABBAABBAABBA" NAS-Identifier = "Cisco Secure II" NAS-Port = 29 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200000d01776c736561636374 Message-Authenticator = 0x586aa1b877caeafd3956095cf718be31 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 180 rlm_eap: EAP packet type response id 0 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 180 radius_xlat: 'wlseacct' rlm_sql (sql): sql_set_user escaped user --> 'wlseacct' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'wlseacct' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 0 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'wlseacct' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'wlseacct' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'wlseacct' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 0 modcall[authorize]: module "sql" returns ok for request 180 modcall: group authorize returns updated for request 180 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 180 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 180 modcall: group authenticate returns handled for request 180 Sending Access-Challenge of id 3 to 192.168.254.10:32815 EAP-Message = 0x010100221a0101001d10b063da2c8f5c52273cd537b0c09d69e5776c736561636374 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8c90735921dd51b22bc8ef97379845b8 Finished request 180 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.254.10:32815, id=3, length=125 User-Name = "wlseacct" NAS-IP-Address = 192.168.254.10 Called-Station-Id = "ABBAABBAABBA" Calling-Station-Id = "ABBAABBAABBA" NAS-Identifier = "Cisco Secure II" NAS-Port = 29 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020300060311 Message-Authenticator = 0x070f8a208866000f797e64be5bd48f48 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 181 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 181 radius_xlat: 'wlseacct' rlm_sql (sql): sql_set_user escaped user --> 'wlseacct' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'wlseacct' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'wlseacct' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'wlseacct' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'wlseacct' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 181 modcall: group authorize returns updated for request 181 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 181 rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request rlm_eap: Failed in handler modcall[authenticate]: module "eap" returns invalid for request 181 modcall: group authenticate returns invalid for request 181 auth: Failed to validate the user. rad_lowerpair: User-Name now 'wlseacct' rad_rmspace_pair: User-Name now 'wlseacct' Processing the authorize section of radiusd.conf modcall: entering group authorize for request 181 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 181 radius_xlat: 'wlseacct' rlm_sql (sql): sql_set_user escaped user --> 'wlseacct' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'wlseacct' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'wlseacct' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'wlseacct' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'wlseacct' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns ok for request 181 modcall: group authorize returns updated for request 181 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 181 rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request rlm_eap: Failed in handler modcall[authenticate]: module "eap" returns invalid for request 181 modcall: group authenticate returns invalid for request 181 auth: Failed to validate the user. Delaying request 181 for 1 seconds Finished request 181 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Sending Access-Reject of id 3 to 192.168.254.10:32815 Cleaning up request 181 ID 3 with timestamp 42fa8264 Nothing to do. Sleeping until we see a request. == I have read in places that there are patches, that may fix my issue. Are these patches my solution, and where can I get the most recent version? --johnk