PEAP with Machine auth

Alan DeKok aland at deployingradius.com
Wed Oct 26 15:36:19 CEST 2011


Phil Mayers wrote:
> Seriously - it's important to understand that the CLIENT stops
> responding. FreeRADIUS can't do anything more in this case - the client
> has stopped sending EAPOL packets, so the client must think that
> something is wrong.

  That's the main issue people have with RADIUS.  The client is in
charge of pretty much everything, and few people understand that.

Q: Why does the client stop talking to the server?
A: Because it doesn't like the response from the server

Q: OK... *what* part of the response doesn't it like?
A: Go ask the client

Q: But I can't!  What do I do?
A: well... we don't know, either.  Go ask Microsoft.

> You will have to debug the client. This is very very painful on Windows;
> it's hard to even find the EAPOL debugging options, let alone interpret
> the results.

  Yes.  Everyone reading this list should understand CLIENT issues cause
you to debug the CLIENT.

  If the server returns the wrong thing... you can fix the server.  Fort
pretty much everything else, blame the client.

  Alan DeKok.



More information about the Freeradius-Users mailing list