"WARNING: !! EAP session for state ... did not finish!", And Other Warnings
Matthew Newton
mcn4 at leicester.ac.uk
Sat Oct 3 01:30:31 CEST 2015
> So the question is... why did the client reject the first auth,
> but then immediately re-try and accept the certificate the second
> time.
>
> I'd look at the client and see if you can get logs off it (hard on
> Windows I know, have to enable eap tracing, it's a right pig to
> read compared to -X on the server side...) to see why it rejected
> the first time - if you can get anything from it. I'm assuming the
> TLS Server OID is in the cert because it works the second time,
> but worth checking anyway.
I just extracted your cert from the EAP-Message, and you've not
got the TLS Server Auth OID (1.3.6.1.5.5.7.3.1) in it.
On that basis, could you please explain to us all how the heck you
managed to get it to work at all the second time... :-)
Re-generate the server certificate according to
http://wiki.freeradius.org/guide/Certificate_Compatibility (as the
original message said) and you should be good.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list