Debugging "No EAP session matching the State variable"

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Mon Sep 16 20:39:02 CEST 2013


Hi,

> Sep 16 09:57:56 newdvlanb radiusd[15211]: rlm_eap: No EAP session
> matching the State variable.

turn on full debug for just a single User-Name or Calling-Station-Id
(check radmin docs). whats your authentication clean-up/tidy up times -
as if the clients dont respond then the session is cleared away and so
no matching state/session will be found.  also, what clients are
these? Android, for example, has an annoying thign where 802.1X
networks that have credentials stored need the credential store to be unlocked
before they'll authenticate to that 802.1X network again. 

also, check your wireless domain. find some of these clients (CSI) on
your wireless management dashboard and find out what their relationship with
nearest APs is - they could be being mobile between APs in a nasty way
or during authencication so a packet or 2 is mising. remmeber, with eg 802.1X
and PEAP you've got 11 packets or more to be shunted over wireless (and UDP!)
for an authentication. if you've allowed clients to join to APs at really
low rates and borderline connections, this can cause grief.

alan


More information about the Freeradius-Users mailing list