"WARNING: !! EAP session for state ... did not finish!", And Other Warnings

Matthew Newton mcn4 at leicester.ac.uk
Sat Oct 3 01:30:31 CEST 2015

> So the question is... why did the client reject the first auth,
> but then immediately re-try and accept the certificate the second
> time.
> I'd look at the client and see if you can get logs off it (hard on
> Windows I know, have to enable eap tracing, it's a right pig to
> read compared to -X on the server side...) to see why it rejected
> the first time - if you can get anything from it. I'm assuming the
> TLS Server OID is in the cert because it works the second time,
> but worth checking anyway.

I just extracted your cert from the EAP-Message, and you've not
got the TLS Server Auth OID ( in it.

On that basis, could you please explain to us all how the heck you
managed to get it to work at all the second time... :-)

Re-generate the server certificate according to
http://wiki.freeradius.org/guide/Certificate_Compatibility (as the
original message said) and you should be good.


Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>

More information about the Freeradius-Users mailing list