Cardinal-Richards, Emma wrote:
We've run up 2 new pre-prod RADIUS servers with a newer release of freeradius and have indicated they are 'testdev' under our site's eduroam support. When we attempt to login with an account 'username@test.ucl.ac.uk' to our production ORPS we see the request reach our testdev ORPS but it fails to authenticate locally. (We've declared test.ucl.ac.uk as a realm in proxy.conf to be authorised locally to avoid looping back up to the NRPS and back to us etc). It fails with an EAP 'did not finish' (in the style as shown at the bottom section of here http://wiki.freeradius.org/guide/Certificate-Compatibility, the client is linux) failing to see it as a new session. Our certificates are the same on both production and testdev.
If you get EAP "did not finish", it's almost always the fault of the client. For this, you'll have to run the server with "-Xx", in order to get timing information.
The other odd behaviour is that despite getting a REJECT from this testdev server, I get authenticated by our production ORPS using 'username@test.ucl.ac.uk' which is not a declared local realm on the production ORPS.
See the debug output on the production servers for why that's happening. Alan DeKok.