Authentication with Novell 802.1x client fails but WinXP supplicant works fine ?
Phil Mayers
p.mayers at imperial.ac.uk
Sat May 5 12:05:58 CEST 2007
Marc Charbonneau wrote:
> continue it's login process. Based on the RADIUSD logs, I'm not getting
> a proper PEAP authentication at the Novell login prompt stage. Once
> this stage times out and I log in locally to the WinXP workstation, the
> PEAP authentication works fine.
>
> The timeout error is:
> 802.1x Authentication Failed. Timeout waiting for authentication to
> finish. Logging to workstation only. <OK>
From the logs, the Novell client simply stops sending data:
> rad_recv: Access-Request packet from host 192.168.242.4:32768, id=158,
<snip>
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> rlm_eap_tls: Received EAP-TLS ACK message
> rlm_eap_tls: ack handshake fragment handler
> eaptls_verify returned 1
> eaptls_process returned 13
> rlm_eap_peap: EAPTLS_HANDLED
> modcall[authenticate]: module "eap" returns handled for request 5048
> modcall: group authenticate returns handled for request 5048
> Sending Access-Challenge of id 158 to 192.168.242.4:32768
<snip>
> Finished request 5048
> Going to the next request
> Waking up in 6 seconds...
> .................truncated log...................
...assuming you mean "that's where FR stops" as opposed to "that's where
I stopped copying text from the log".
As you can see, FreeRadius is working fine - it sends an access
challenge, but the supplicant stops responding to the conversation.
You'll need to examine the supplicant to find out why
More information about the Freeradius-Users
mailing list