EAP Session problems

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Mon Sep 8 11:21:33 CEST 2014


> We've run up 2 new pre-prod RADIUS servers with a newer release of freeradius and have indicated they are 'testdev' under our site's eduroam support.  When we attempt to login with an account 'username at test.ucl.ac.uk' to our production ORPS we see the request reach our testdev ORPS but it fails to authenticate locally.   (We've declared test.ucl.ac.uk as a realm in proxy.conf to be authorised locally to avoid looping back up to the NRPS and back to us etc).  It fails with an EAP 'did not finish' (in the style as shown at the bottom section of here http://wiki.freeradius.org/guide/Certificate-Compatibility, the client is linux)  failing to see it as a new session.  Our certificates are the same on both production and testdev.  

what happens if you just fire requests straight to this new box using another client - eg a linux box with eapol_test
or a windows box with JRADIUSSimulator or NTRADping etc?   you should be able to test/validate behaviour of
packet handling/authentication with another local client (as thats all a remote proxy would be treated as) before
opening up to another remote client.  

you state the above works - so a full radiusd debug of what happends when a local client connects
versus what happens when the remote proxy connects should look the same - you need to validate/verify that.


More information about the Freeradius-Users mailing list