Duplicate "Auth: Login OK:"
John.Hayward at wheaton.edu
John.Hayward at wheaton.edu
Fri Mar 25 04:12:25 CET 2011
Free Radius Fans,
First - thanks to the people who contribute to this product!
Our environment - Wireless 802.1x, Novell NDSLdap to lookup passwords or
mysql, Peap with mschapv2.
I observe when a client successfully authenticates to the radius server
there are two "Auth: Login OK:" messages - one with a via TLS tunnel and
one without. In looking at the eap messages (ID 9 or 10) it appears that
the inner tunnel return a success but the outer sends another request.
I wonder if this is what is expected, or if I have a configuration issue,
or if there is a bug in the free radius code.
In looking at the RFCs for eap a success packet is to have no data. It
appears that mschap-v2 passes back a success packet with an authenticator
response string (S=...). I am not sure what the exact sequence of packets
should be at the end of a successful authentication.
The log file running radius -x -x -X are at:
http://cs.wheaton.edu/~johnh/FreeRadius
if people want to see.
TIA for help you can provide.
johnh...
More information about the Freeradius-Users
mailing list