rlm_eap problem after upgrade from 2.1.12 to 2.2.5 via radsecproxy

Alan DeKok aland at deployingradius.com
Wed Sep 3 16:06:17 CEST 2014

Thomas Boettcher wrote:
> what me concerns is, that the problem occurs, when MY freeradius is
> upgraded. So it looks to me that the software is handling something
> within the eap more strictly.

  That could be true.  It could also be true that the SSL interactions
are different.  Windows is *very* picky about SSL in EAP.

> I analysed my logs and picked some users with high amounts of Login
> problems. Running in 2.1.12 there is also a high amount of Logins for
> this user at the remote site. The only difference is, that they all are
> accepted. In 2.2.5 I get this:
> 2 Login OK (outer and inner Tunnel)
> 5-10 secs later: rlm_eap State variable error with Login incorrect.
> This repeats mostly every 30 seconds.

  That's a problem.  The user shouldn't be authenticating every 30s.

> Leads me to the assumption, that the remote NAS is doing Login requests
> very ofter (maybe WLAN coverage holes or many autonomous APs).

  Which can lead to network problems.

  Alan DeKok.

More information about the Freeradius-Users mailing list