Error: rlm_eap: No EAP session matching the State variable.

Rupesh Kumar a.rupesh.k at gmail.com
Mon Apr 12 10:10:33 CEST 2010


> I have attached radius server failure log messages
>
>   The supplicant starts EAP, and the server responds with a request for
> EAP-TLS.  The supplicant NAKs it, and asks for EAP-MD5.  The server
> responds with EAP-MD5.
>
>  The supplicant then responds with a NAK for EAP-MD5.  This packet from
> the AP contains the *old* State variable from the previous NAK.
>
>  A close look at the packet traces shows that either the supplicant is
> re-using the old NAK (and confusing the AP), or the AP is re-using an
> old packet (and confusing the supplicant).
>
>  Either way, the packet traces on the server show that the server is
> behaving correctly.  The error message about "no matching state" is
> because the server has moved on to the *next* step of EAP, and it
> receives a packet from the *previous* step.  So there really is "no
> matching state".
>
>  Try using another supplicant and/or AP.  You won't be able to fix this
> by editing the server configuration.
>
>  Alan DeKok.
>

Thanks Alan,

I got the problem. The Access point was corrupting the state variable and
 sending same state for both the sessions.

Thanks
Rupesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100412/45dd4afa/attachment.html>


More information about the Freeradius-Users mailing list