Duplicate "Auth: Login OK:"

John.Hayward at wheaton.edu John.Hayward at wheaton.edu
Fri Mar 25 04:12:25 CET 2011

Free Radius Fans,

First - thanks to the people who contribute to this product!

Our environment - Wireless 802.1x, Novell NDSLdap to lookup passwords or
mysql, Peap with mschapv2.

I observe when a client successfully authenticates to the radius server
there are two "Auth: Login OK:" messages - one with a via TLS tunnel and
one without.  In looking at the eap messages (ID 9 or 10) it appears that
the inner tunnel return a success but the outer sends another request.

I wonder if this is what is expected, or if I have a configuration issue,
or if there is a bug in the free radius code.

In looking at the RFCs for eap a success packet is to have no data.  It
appears that mschap-v2 passes back a success packet with an authenticator
response string (S=...).  I am not sure what the exact sequence of packets
should be at the end of a successful authentication.

The log file running radius -x -x -X are at:

if people want to see.

TIA for help you can provide.

More information about the Freeradius-Users mailing list