"Invalid packet code 11 sent to authentication port from client" error

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Fri Mar 19 20:30:18 CET 2010


Hi,

you SAY you are using 2.1.8

but this config....

>  filter = "(&(objectClass=inetOrgPerson)(uid=%{Stripped-User-Name:-%{User-Name}}))"

which leads to this error/warning

> [ldap] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details

was fixed in 2.1.8  (basically, config file now correct).

does this mean you've dumped a 2.1.6 config into a 2.1.8 system rather
than just editing the config files properly?

dont do that

> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] EAP Identity
> [eap] processing type md5
> rlm_eap_md5: Issuing Challenge
> ++[eap] returns handled

hmm, since MD5 cannot be used for wireless authentication , suggest
you chane the default type in the eap.conf.

it might be that your AP doesnt expect to see a challenge or attempt
from the server. 

change default_eap_type in the EAP {} part of eap.conf to eg peap


I noted an MTU of 1488 - the LAN should be okay with 1500 but if
the AP isnt liking things, the ensure the fragment size is decreaed
in eap.conf too  eg uncomment to activate the line fragment_size = 1024
in eap.conf


alan



More information about the Freeradius-Users mailing list