EAP Session problems

Cardinal-Richards, Emma e.cardinal-richards at ucl.ac.uk
Mon Sep 8 10:18:58 CEST 2014


I'm experiencing a problem with EAP sessions/new conversations not starting when I'm using the Janet testing as shown below.


We've run up 2 new pre-prod RADIUS servers with a newer release of freeradius and have indicated they are 'testdev' under our site's eduroam support.  When we attempt to login with an account 'username at test.ucl.ac.uk' to our production ORPS we see the request reach our testdev ORPS but it fails to authenticate locally.   (We've declared test.ucl.ac.uk as a realm in proxy.conf to be authorised locally to avoid looping back up to the NRPS and back to us etc).  It fails with an EAP 'did not finish' (in the style as shown at the bottom section of here http://wiki.freeradius.org/guide/Certificate-Compatibility, the client is linux)  failing to see it as a new session.  Our certificates are the same on both production and testdev.  

The other odd behaviour is that despite getting a REJECT from this testdev server, I get authenticated by our production ORPS using 'username at test.ucl.ac.uk' which is not a declared local realm on the production ORPS.  

If I connect directly to the testdev ORPS it's fine.  

I've contacted the Janet Service desk but not got anywhere as yet, but they suggested I contact here to.  I've attached the debug output (zipped to reduce size).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: radiusdx.txt.zip
Type: application/x-zip-compressed
Size: 14987 bytes
Desc: radiusdx.txt.zip
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140908/66508797/attachment-0001.bin>

More information about the Freeradius-Users mailing list