rlm_eap problem after upgrade from 2.1.12 to 2.2.5 via radsecproxy

Alan DeKok aland at deployingradius.com
Tue Sep 2 18:13:15 CEST 2014

Thomas Boettcher wrote:
> my setup are two boxes with Freeradius and radsecproxy 1.6.5 in an
> eduroam environment.
> after upgrading from 2.1.12 to 2.2.5 without any configuration changes I
> register an enormous (times 31 (562:17678 per day)) amount of error
> messages:
> "rlm_eap: No EAP session matching the State variable."

  That's generally a proxy problem.  The client transmits a packet
through proxy A, and retransmits the same packet through proxy B.

> Users from the remote locations brought me to the Problem since they are
> authenticated OK and just seconds later the above error results in a
> "Login incorrect".

  No.  If they're authenticated OK, then they're authenticated.  There
is no way to remotely fail an authentication which previously succeeded.

> I do not understand why the eap state variable could be mixed up by a
> Software Upgrade to a "stable" version, so it looks to me that the
> problem resides within the freeradius programming. At the moment I do
> not fully understand all code differences between the two versions.

  There are a LOT of differences between the two versions.  But nothing
(to my knowledge) that would create this problem.

> Any ideas to debug the problem are welcome.

  Run the server in debugging mode.

> Does anyone see similar problems with 2.2.5?

  I don't think so.

  Alan DeKok.

More information about the Freeradius-Users mailing list