Error: rlm_eap: No EAP session matching the State variable.
Rupesh Kumar
a.rupesh.k at gmail.com
Mon Apr 12 10:10:33 CEST 2010
> I have attached radius server failure log messages
>
> The supplicant starts EAP, and the server responds with a request for
> EAP-TLS. The supplicant NAKs it, and asks for EAP-MD5. The server
> responds with EAP-MD5.
>
> The supplicant then responds with a NAK for EAP-MD5. This packet from
> the AP contains the *old* State variable from the previous NAK.
>
> A close look at the packet traces shows that either the supplicant is
> re-using the old NAK (and confusing the AP), or the AP is re-using an
> old packet (and confusing the supplicant).
>
> Either way, the packet traces on the server show that the server is
> behaving correctly. The error message about "no matching state" is
> because the server has moved on to the *next* step of EAP, and it
> receives a packet from the *previous* step. So there really is "no
> matching state".
>
> Try using another supplicant and/or AP. You won't be able to fix this
> by editing the server configuration.
>
> Alan DeKok.
>
Thanks Alan,
I got the problem. The Access point was corrupting the state variable and
sending same state for both the sessions.
Thanks
Rupesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100412/45dd4afa/attachment.html>
More information about the Freeradius-Users
mailing list