EAP Taking Too Long to Authenticate

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Sat Nov 7 00:03:05 CET 2015


hi,


your server is configured to use md5 as the initial EAP method. do you use MD5 ...at all? I would suggest
that you change that to PEAP to 1) improve performance and 2) to deal with clients that dont like the NAK
and fall-through to peap..

secondly, the debug shows the client timing out due to not liking the RADIUS server cert....ensure your
clients are properly configured and know/trust the CA of the RADIUS server and the commonname in the server
cert of the RADIUS server

sort those 2 bits out, then see behaviour... its very likely that the EAP failure is causing some other kit in the chain
(eg access point or wireless controller for example) to block the EAP for XX seconds due to repeated failures.

alan


More information about the Freeradius-Users mailing list