troubles with eap-peap mschapv2

Phil Mayers p.mayers at imperial.ac.uk
Tue Mar 12 16:15:22 CET 2013


On 12/03/13 14:23, Bertrand Poulet wrote:

> Tue Mar 12 15:10:20 2013 : Info: # Executing section authorize from file

When you make debug output, please just use:

radiusd -X

Don't use the other arguments; they just create noise and volume 
(timestamps) that are basically irrelevant.

> Tue Mar 12 15:10:20 2013 : Info: +- entering group authenticate {...}
> Tue Mar 12 15:10:20 2013 : Info: [eap] EAP Identity
> Tue Mar 12 15:10:20 2013 : Info: [eap] processing type tls
> Tue Mar 12 15:10:20 2013 : Info: [tls] Initiate
> Tue Mar 12 15:10:20 2013 : Info: [tls] Start returned 1
> Tue Mar 12 15:10:20 2013 : Info: ++[eap] returns handled
> Sending Access-Challenge of id 247 to 172.20.100.53 port 1645
>          EAP-Message = 0x010300061920
>          Message-Authenticator = 0x00000000000000000000000000000000
>          State = 0x131466f213177f9f58f8ed5fb507e76c
> Tue Mar 12 15:10:20 2013 : Info: Finished request 0.
> Tue Mar 12 15:10:20 2013 : Debug: Going to the next request
> Tue Mar 12 15:10:20 2013 : Debug: Waking up in 4.9 seconds.
> Tue Mar 12 15:10:25 2013 : Info: Cleaning up request 0 ID 247 with
> timestamp +8
> Tue Mar 12 15:10:25 2013 : Debug: WARNING:
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> Tue Mar 12 15:10:25 2013 : Debug: WARNING: !! EAP session for state
> 0x131466f213177f9f did not finish!

This fails really REALLY early in the EAP setup. The certs haven't even 
been exchanged yet.

Start checking other things - check the network path, firewalls, MTU, 
etc. because it doesn't look like you're receiving the PEAP start - just 
the initial EAP identity.


More information about the Freeradius-Users mailing list