Authentication with Novell 802.1x client fails but WinXP supplicant works fine ?

Phil Mayers p.mayers at imperial.ac.uk
Sat May 5 12:05:58 CEST 2007


Marc Charbonneau wrote:
> continue it's login process.  Based on the RADIUSD logs, I'm not getting 
> a proper PEAP authentication at the Novell login prompt stage.  Once 
> this stage times out and I log in locally to the WinXP workstation, the 
> PEAP authentication works fine.
>  
> The timeout error is:
> 802.1x Authentication Failed.  Timeout waiting for authentication to 
> finish. Logging to workstation only. <OK>


 From the logs, the Novell client simply stops sending data:

> rad_recv: Access-Request packet from host 192.168.242.4:32768, id=158, 
<snip>
>   rlm_eap: Request found, released from the list
>   rlm_eap: EAP/peap
>   rlm_eap: processing type peap
>   rlm_eap_peap: Authenticate
>   rlm_eap_tls: processing TLS
> rlm_eap_tls: Received EAP-TLS ACK message
>   rlm_eap_tls: ack handshake fragment handler
>   eaptls_verify returned 1
>   eaptls_process returned 13
>   rlm_eap_peap: EAPTLS_HANDLED
>   modcall[authenticate]: module "eap" returns handled for request 5048
> modcall: group authenticate returns handled for request 5048
> Sending Access-Challenge of id 158 to 192.168.242.4:32768
<snip>
> Finished request 5048
> Going to the next request
> Waking up in 6 seconds...
> .................truncated log...................

...assuming you mean "that's where FR stops" as opposed to "that's where 
I stopped copying text from the log".

As you can see, FreeRadius is working fine - it sends an access 
challenge, but the supplicant stops responding to the conversation. 
You'll need to examine the supplicant to find out why



More information about the Freeradius-Users mailing list