EAP failure since upgrade

Jonathan Gazeley jonathan.gazeley at bristol.ac.uk
Thu Jun 26 12:49:53 CEST 2008


Hi Nicolas,

Yes of course, the output of radiusd -X is attached to this email.

Thanks for your help,

Jonathan

----------------------------
Jonathan Gazeley
ResNet | Wireless & VPN Team
Information Services
University of Bristol
----------------------------



Nicolas Goutte wrote:
> And what does your Freeradius server tell? (i.e. the classical email 
> of this mailing list: "What is the ouput of radiusd -X ?")
>
> Have a nice day!
>
> Am 26.06.2008 um 11:41 schrieb Jonathan Gazeley:
>
>> Hello,
>>
>> Until a couple of days ago, my FreeRadius setup was working perfectly 
>> normally - running FreeRadius 2.0.1 on a Centos 5 server.  FreeRadius 
>> was compiled from source, not installed from a repository. Two days 
>> ago I received some automatic updates from standard Centos repo, and 
>> since then Radius has not worked.
>>
>> Running eapol test gives some output, including this (more of the 
>> output can be supplied on demand):
>>
>> EAPOL: SUPP_BE entering state RECEIVE
>> Received 44 bytes from RADIUS server
>> Received RADIUS message
>> RADIUS message: code=3 (Access-Reject) identifier=9 length=44
>>   Attribute 79 (EAP-Message) length=6
>>      Value: 04 09 00 04
>>   Attribute 80 (Message-Authenticator) length=18
>>      Value: 43 9e 23 c8 74 b1 a0 9f 8c 3b 83 be e8 36 a8 30
>> STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending 
>> request, round trip time 0.20 sec
>> RADIUS packet matching with station
>> decapsulated EAP packet (code=4 id=9 len=4) from RADIUS server: EAP 
>> Failure
>> EAPOL: Received EAP-Packet frame
>> EAPOL: SUPP_BE entering state REQUEST
>> EAPOL: getSuppRsp
>> EAP: EAP entering state RECEIVED
>> EAP: Received EAP-Failure
>> EAP: EAP entering state FAILURE
>> CTRL-EVENT-EAP-FAILURE EAP authentication failed
>> EAPOL: SUPP_PAE entering state HELD
>> EAPOL: SUPP_BE entering state RECEIVE
>> EAPOL: SUPP_BE entering state FAIL
>> EAPOL: SUPP_BE entering state IDLE
>> eapol_sm_cb: success=0
>> EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
>> ENGINE: engine deinit
>> MPPE keys OK: 0  mismatch: 1
>> FAILURE
>>
>> I checked and verified all the Freeradius configs. I recompiled 2.0.1 
>> , and later compiled and installed 2.0.5 but this shows identical 
>> symptoms.
>>
>> I have attached the relevant section of my yum.log to show which 
>> packages were updated. The Radius server was tested once every minute 
>> by authenticating with a test account. This was first reported to 
>> fail at 10:48
>>
>> I do not know which package could have caused this behaviour - has 
>> anyone else seen anything like this?
>>
>> It is quite urgent that I get this fixed asap as it is a production 
>> box at Bristol university. Currently we are running on the backup 
>> box, where I was luckily able to disable automatic updates before 
>> they were applied.
>>
>> Any advice will be gratefully received.
>>
>> Cheers,
>> Jonathan
>>
>> ----------------------------
>> Jonathan Gazeley
>> Systems Support Specialist
>> ResNet | Wireless & VPN Team
>> Information Services
>> University of Bristol
>> ----------------------------
>>
>> Jun 24 13:45:09 Updated: libgcc.i386 4.1.2-42.el5
>> Jun 24 13:45:25 Updated: glibc-common.i386 2.5-24
>> Jun 24 13:45:32 Updated: glibc.i686 2.5-24
>> Jun 24 13:45:34 Updated: bash.i386 3.2-21.el5
>> Jun 24 13:45:35 Updated: libselinux.i386 1.33.4-5.el5
>> Jun 24 13:45:36 Updated: chkconfig.i386 1.3.30.1-2
>> Jun 24 13:45:37 Updated: audit-libs.i386 1.6.5-9.el5
>> Jun 24 13:45:37 Updated: popt.i386 1.10.2-48.el5
>> Jun 24 13:45:42 Updated: shadow-utils.i386 2:4.0.17-13.el5
>> Jun 24 13:45:43 Updated: device-mapper.i386 1.02.24-1.el5
>> Jun 24 13:45:44 Updated: e2fsprogs-libs.i386 1.39-15.el5
>> Jun 24 13:45:44 Updated: libstdc++.i386 4.1.2-42.el5
>> Jun 24 13:45:51 Updated: perl.i386 4:5.8.8-10.el5_2.3
>> Jun 24 13:45:52 Updated: dbus.i386 1.0.0-7.el5
>> Jun 24 13:45:53 Updated: libX11.i386 1.0.3-9.el5
>> Jun 24 13:45:54 Updated: nspr.i386 4.7.0.99.2-1.el5
>> Jun 24 13:46:14 Updated: nss.i386 3.11.99.5-2.el5.centos
>> Jun 24 13:46:15 Updated: freetype.i386 2.2.1-20.el5_2
>> Jun 24 13:46:16 Updated: cairo.i386 1.2.4-5.el5
>> Jun 24 13:46:16 Updated: libacl.i386 2.2.39-3.el5
>> Jun 24 13:46:20 Updated: coreutils.i386 5.97-14.el5
>> Jun 24 13:46:22 Updated: pam.i386 0.99.6.2-3.27.el5
>> Jun 24 13:46:23 Updated: krb5-libs.i386 1.6.1-25.el5
>> Jun 24 13:46:25 Updated: openssl.i686 0.9.8b-10.el5
>> Jun 24 13:46:30 Updated: python.i386 2.4.3-21.el5
>> Jun 24 13:46:31 Updated: module-init-tools.i386 3.3-0.pre3.1.37.el5
>> Jun 24 13:46:31 Updated: newt.i386 0.52.2-10.el5
>> Jun 24 13:46:32 Updated: cups-libs.i386 1:1.2.4-11.18.el5_2.1
>> Jun 24 13:46:36 Updated: gtk2.i386 2.10.4-20.el5
>> Jun 24 13:46:37 Updated: udev.i386 095-14.16.el5
>> Jun 24 13:46:39 Updated: util-linux.i386 2.13-0.47.el5
>> Jun 24 13:46:41 Updated: binutils.i386 2.17.50.0.6-6.el5
>> Jun 24 13:46:42 Updated: bind-libs.i386 30:9.3.4-6.P1.el5
>> Jun 24 13:46:43 Updated: mysql.i386 5.0.45-7.el5
>> Jun 24 13:46:44 Updated: kpartx.i386 0.4.7-17.el5
>> Jun 24 13:46:45 Updated: procps.i386 3.2.7-9.el5
>> Jun 24 13:46:45 Updated: hwdata.noarch 0.213.6-1.el5
>> Jun 24 13:46:46 Updated: pciutils.i386 2.2.3-5
>> Jun 24 13:46:47 Updated: e2fsprogs.i386 1.39-15.el5
>> Jun 24 13:46:48 Updated: iptables.i386 1.3.5-4.el5
>> Jun 24 13:46:49 Updated: psmisc.i386 22.2-6
>> Jun 24 13:46:49 Updated: make.i386 1:3.81-3.el5
>> Jun 24 13:46:50 Updated: diffutils.i386 2.8.1-15.2.3.el5
>> Jun 24 13:46:51 Updated: iproute.i386 2.6.18-7.el5
>> Jun 24 13:46:52 Updated: pcsc-lite-libs.i386 1.4.4-0.1.el5
>> Jun 24 13:46:53 Updated: dmraid.i386 1.0.0.rc13-9.el5
>> Jun 24 13:46:56 Updated: libgcj.i386 4.1.2-42.el5
>> Jun 24 13:46:57 Updated: libuser.i386 0.54.7-2.el5.5
>> Jun 24 13:46:58 Updated: usermode.i386 1.88-3.el5.1
>> Jun 24 13:46:59 Updated: libvolume_id.i386 095-14.16.el5
>> Jun 24 13:46:59 Updated: libgomp.i386 4.1.2-42.el5
>> Jun 24 13:47:00 Updated: libnl.i386 1.0-0.10.pre5.5
>> Jun 24 13:47:01 Updated: file.i386 4.17-13
>> Jun 24 13:47:02 Updated: libgfortran.i386 4.1.2-42.el5
>> Jun 24 13:47:03 Updated: iptables-ipv6.i386 1.3.5-4.el5
>> Jun 24 13:47:04 Updated: device-mapper-multipath.i386 0.4.7-17.el5
>> Jun 24 13:47:05 Updated: paps.i386 0.6.6-18.el5
>> Jun 24 13:47:05 Updated: yum-metadata-parser.i386 1.1.2-2.el5
>> Jun 24 13:47:06 Updated: libselinux-python.i386 1.33.4-5.el5
>> Jun 24 13:47:06 Updated: audit-libs-python.i386 1.6.5-9.el5
>> Jun 24 13:47:07 Updated: wpa_supplicant.i386 1:0.4.8-10.2.el5
>> Jun 24 13:47:09 Updated: samba-common.i386 3.0.28-0.el5.8
>> Jun 24 13:47:10 Updated: audit.i386 1.6.5-9.el5
>> Jun 24 13:47:11 Updated: nscd.i386 2.5-24
>> Jun 24 13:47:13 Updated: nss-tools.i386 3.11.99.5-2.el5.centos
>> Jun 24 13:47:14 Updated: e2fsprogs-devel.i386 1.39-15.el5
>> Jun 24 13:47:15 Updated: net-tools.i386 1.60-78.el5
>> Jun 24 13:47:16 Updated: libselinux-devel.i386 1.33.4-5.el5
>> Jun 24 13:47:17 Updated: krb5-devel.i386 1.6.1-25.el5
>> Jun 24 13:47:19 Updated: openssl-devel.i386 0.9.8b-10.el5
>> Jun 24 13:47:20 Updated: gzip.i386 1.3.5-10.el5.centos
>> Jun 24 13:47:20 Updated: pkgconfig.i386 1:0.21-2.el5
>> Jun 24 13:47:22 Updated: kernel-headers.i386 2.6.18-92.1.1.el5
>> Jun 24 13:47:23 Updated: glibc-headers.i386 2.5-24
>> Jun 24 13:47:25 Updated: glibc-devel.i386 2.5-24
>> Jun 24 13:47:25 Updated: centos-release-notes.i386 5.2-2
>> Jun 24 13:47:26 Updated: centos-release.i386 10:5-2.el5.centos
>> Jun 24 13:47:28 Updated: initscripts.i386 8.45.19.EL-1.el5.centos.1
>> Jun 24 13:47:30 Updated: pcsc-lite.i386 1.4.4-0.1.el5
>> Jun 24 13:47:32 Updated: kbd.i386 1.12-20.el5
>> Jun 24 13:47:32 Updated: openssh.i386 4.3p2-26.el5
>> Jun 24 13:47:33 Updated: dhclient.i386 12:3.0.5-13.el5
>> Jun 24 13:47:34 Updated: coolkey.i386 1.1.0-6.el5
>> Jun 24 13:47:35 Updated: nss_ldap.i386 253-12.el5
>> Jun 24 13:47:36 Updated: nss_db.i386 2.2-35.3
>> Jun 24 13:47:37 Updated: crash.i386 4.0-5.0.3.el5.centos
>> Jun 24 13:47:39 Updated: at-spi.i386 1.7.11-3.el5
>> Jun 24 13:47:39 Installed: python-iniparse.noarch 0.2.3-4.el5
>> Jun 24 13:47:40 Installed: gamin-python.i386 0.1.7-8.el5
>> Jun 24 13:47:40 Updated: libpcap.i386 14:0.9.4-12.el5
>> Jun 24 13:47:41 Updated: sudo.i386 1.6.8p12-12.el5
>> Jun 24 13:47:44 Updated: libstdc++-devel.i386 4.1.2-42.el5
>> Jun 24 13:47:45 Updated: parted.i386 1.8.1-17.el5
>> Jun 24 13:47:45 Updated: apr-util.i386 1.2.7-7.el5
>> Jun 24 13:47:46 Installed: device-mapper-event.i386 1.02.24-1.el5
>> Jun 24 13:47:48 Updated: lvm2.i386 2.02.32-4.el5
>> Jun 24 13:47:49 Updated: cpp.i386 4.1.2-42.el5
>> Jun 24 13:47:51 Updated: gcc.i386 4.1.2-42.el5
>> Jun 24 13:47:51 Updated: nash.i386 5.1.19.6-28
>> Jun 24 13:47:52 Updated: mkinitrd.i386 5.1.19.6-28
>> Jun 24 13:48:02 Installed: kernel.i686 2.6.18-92.1.1.el5
>> Jun 24 13:48:04 Updated: systemtap-runtime.i386 0.6.2-1.el5
>> Jun 24 13:48:06 Updated: systemtap.i386 0.6.2-1.el5
>> Jun 24 13:48:07 Updated: gcc-c++.i386 4.1.2-42.el5
>> Jun 24 13:48:08 Updated: gcc-gfortran.i386 4.1.2-42.el5
>> Jun 24 13:48:09 Updated: openssh-clients.i386 4.3p2-26.el5
>> Jun 24 13:48:10 Updated: openssh-server.i386 4.3p2-26.el5
>> Jun 24 13:48:11 Updated: irqbalance.i386 2:0.55-10.el5
>> Jun 24 13:48:13 Updated: sysklogd.i386 1.4.1-44.el5
>> Jun 24 13:48:14 Installed: dhcpv6-client.i386 1.0.10-4.el5_2.2
>> Jun 24 13:48:17 Updated: cups.i386 1:1.2.4-11.18.el5_2.1
>> Jun 24 13:48:21 Updated: samba.i386 3.0.28-0.el5.8
>> Jun 24 13:48:21 Updated: microcode_ctl.i386 1:1.17-1.47.el5
>> Jun 24 13:48:22 Updated: freetype-devel.i386 2.2.1-20.el5_2
>> Jun 24 13:48:23 Updated: mysql-devel.i386 5.0.45-7.el5
>> Jun 24 13:48:24 Updated: amtu.i386 1.0.6-1.el5
>> Jun 24 13:48:25 Updated: system-config-securitylevel-tui.i386 
>> 1.6.29.1-2.1.el5
>> Jun 24 13:48:26 Updated: authconfig.i386 5.3.21-3.el5
>> Jun 24 13:48:35 Updated: frysk.i686 0.0.1.2008.03.19.rh1-1.el5
>> Jun 24 13:48:36 Updated: grub.i386 0.97-13.2
>> Jun 24 13:48:37 Updated: autofs.i386 1:5.0.1-0.rc2.88
>> Jun 24 13:48:39 Updated: mysql-server.i386 5.0.45-7.el5
>> Jun 24 13:48:40 Updated: bind-utils.i386 30:9.3.4-6.P1.el5
>> Jun 24 13:48:42 Updated: oprofile.i386 0.9.3-16.el5
>> Jun 24 13:48:43 Updated: nfs-utils.i386 1:1.0.9-33.el5
>> Jun 24 13:48:44 Updated: krb5-workstation.i386 1.6.1-25.el5
>> Jun 24 13:48:46 Updated: pygtk2.i386 2.10.1-12.el5
>> Jun 24 13:48:48 Updated: notification-daemon.i386 0.3.5-9.el5
>> Jun 24 13:48:48 Updated: ntsysv.i386 1.3.30.1-2
>> Jun 24 13:48:50 Updated: m2crypto.i386 0.16-6.el5.2
>> Jun 24 13:48:52 Updated: ntp.i386 4.2.2p1-8.el5.centos.1
>> Jun 24 13:48:53 Updated: tcpdump.i386 14:3.9.4-12.el5
>> Jun 24 13:48:55 Updated: Deployment_Guide-en-US.noarch 5.2-9.el5.centos
>> Jun 24 13:48:56 Updated: logwatch.noarch 7.3-6.el5
>> Jun 24 13:48:57 Updated: ksh.i386 20060214-1.7
>> Jun 24 13:48:58 Updated: xorg-x11-xinit.i386 1.0.2-15.el5
>> Jun 24 13:48:59 Updated: acl.i386 2.2.39-3.el5
>> Jun 24 13:49:01 Updated: libX11-devel.i386 1.0.3-9.el5
>> Jun 24 13:49:01 Updated: redhat-rpm-config.noarch 8.0.45-24.el5
>> Jun 24 13:49:02 Updated: cpuspeed.i386 1:1.2.1-3.el5
>> Jun 24 13:49:04 Updated: xorg-x11-server-Xvfb.i386 1.1.1-48.41.el5_2.1
>> Jun 24 13:49:05 Updated: shared-mime-info.i386 0.19-5.el5
>> Jun 24 13:49:07 Updated: gdb.i386 6.5-37.el5_2.2
>> Jun 24 13:49:08 Updated: mdadm.i386 2.6.4-1.el5
>> Jun 24 13:49:08 Updated: htmlview.noarch 4.0.0-2.el5
>> Jun 24 13:49:09 Updated: traceroute.i386 3:2.0.1-3.el5
>> Jun 24 13:49:10 Updated: ltrace.i386 0.5-7.45svn.el5
>> Jun 24 13:49:10 Updated: diffstat.i386 1.41-1.2.3.el5
>> Jun 24 13:49:11 Updated: checkpolicy.i386 1.33.1-4.el5
>> Jun 24 13:49:12 Installed: libhugetlbfs.i386 1.2-5.el5
>> Jun 24 13:49:13 Updated: hal.i386 0.5.8.1-35.el5
>> Jun 24 13:49:16 Updated: rpm.i386 4.4.2-48.el5
>> Jun 24 13:49:17 Updated: rpm-libs.i386 4.4.2-48.el5
>> Jun 24 13:49:18 Updated: policycoreutils.i386 1.33.12-14.el5
>> Jun 24 13:49:19 Updated: rpm-python.i386 4.4.2-48.el5
>> Jun 24 13:49:20 Updated: oddjob-libs.i386 0.27-9.el5
>> Jun 24 13:49:21 Updated: kudzu.i386 1.2.57.1.17-1
>> Jun 24 13:49:22 Updated: pm-utils.i386 0.99.3-6.el5.centos.19
>> Jun 24 13:49:24 Updated: selinux-policy.noarch 2.4.6-137.el5
>> Jun 24 13:49:25 Updated: bind.i386 30:9.3.4-6.P1.el5
>> Jun 24 13:49:26 Updated: NetworkManager.i386 1:0.6.4-8.el5
>> Jun 24 13:49:27 Updated: oddjob.i386 0.27-9.el5
>> Jun 24 13:49:28 Updated: bind-chroot.i386 30:9.3.4-6.P1.el5
>> Jun 24 13:50:11 Updated: selinux-policy-targeted.noarch 2.4.6-137.el5
>> Jun 24 13:50:13 Updated: system-config-network-tui.noarch 
>> 1.3.99.10-2.el5
>> Jun 24 13:50:14 Updated: rpm-build.i386 4.4.2-48.el5
>> Jun 24 13:50:15 Updated: smartmontools.i386 1:5.36-4.el5
>> Jun 24 13:50:16 Updated: yum.noarch 3.2.8-9.el5.centos.2.1
>> Jun 24 13:50:17 Installed: yum-fastestmirror.noarch 1.1.10-9.el5.centos
>> Jun 24 13:50:17 Updated: yum-updatesd.noarch 1:0.9-2.el5
>> Jun 24 13:51:23 Erased: dhcpv6_client
>> Jun 24 13:52:04 Erased: libhugetlbfs-lib
>> Jun 24 13:52:30 Updated: Deployment_Guide-en-US.noarch 5.2-9.el5.centos
>> Jun 24 13:52:31 Updated: bind-chroot.i386 30:9.3.4-6.P1.el5
>> -
>> List info/subscribe/unsubscribe? See 
>> http://www.freeradius.org/list/users.html
>
> Nicolas Goutte
>
>
> extragroup GmbH - Karlsruhe
> Waldstr. 49
> 76133 Karlsruhe
> Germany
>
> Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle
> Registergericht: Amtsgericht Münster / HRB: 5624
> Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radius.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080626/9a977f0e/attachment.txt>


More information about the Freeradius-Users mailing list