Error: rlm_eap: No EAP session matching the State variable.

Rupesh Kumar a.rupesh.k at
Mon Apr 12 10:10:33 CEST 2010

> I have attached radius server failure log messages
>   The supplicant starts EAP, and the server responds with a request for
> EAP-TLS.  The supplicant NAKs it, and asks for EAP-MD5.  The server
> responds with EAP-MD5.
>  The supplicant then responds with a NAK for EAP-MD5.  This packet from
> the AP contains the *old* State variable from the previous NAK.
>  A close look at the packet traces shows that either the supplicant is
> re-using the old NAK (and confusing the AP), or the AP is re-using an
> old packet (and confusing the supplicant).
>  Either way, the packet traces on the server show that the server is
> behaving correctly.  The error message about "no matching state" is
> because the server has moved on to the *next* step of EAP, and it
> receives a packet from the *previous* step.  So there really is "no
> matching state".
>  Try using another supplicant and/or AP.  You won't be able to fix this
> by editing the server configuration.
>  Alan DeKok.

Thanks Alan,

I got the problem. The Access point was corrupting the state variable and
 sending same state for both the sessions.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list