"WARNING: !! EAP session for state ... did not finish!", And Other Warnings

Jim Seymour jseymour at LinxNet.com
Sat Oct 3 02:58:12 CEST 2015

On Sat, 3 Oct 2015 00:30:31 +0100
Matthew Newton <mcn4 at leicester.ac.uk> wrote:

> I just extracted your cert from the EAP-Message, and you've not
> got the TLS Server Auth OID ( in it.
> On that basis, could you please explain to us all how the heck you
> managed to get it to work at all the second time... :-)

*You* are asking *me*? :)

> Re-generate the server certificate according to
> http://wiki.freeradius.org/guide/Certificate_Compatibility (as the
> original message said) and you should be good.

I saw that page.  Several times.  Nothing I saw there appeared to
lead me to any... well, anything, really.  But, based on your
re-urging, I looked at it again, went "Hmmm... I wonder...?", took a
guess and tried (on the server where FreeRADIUS is installed)...

    $ locate xpextensions

Ohhh kay.  (I won't ask why that wasn't just put on the Wiki
page--I suppose there's a good reason.) Looked...

Now I *know* I never had to do that before.  In fact: The certs on my
existing server expired just a month ago or so and I had to generate
new ones...  Just double-checked: The FreeRADIUS on current production
server is using the same self-signed certs as everything else on that

My confusion increases.  How is it I've been running everything from
MS-Win95 through MS-Win7 on my existing network, using FreeRadius
1.1.1, and plain old self-signed server certs, w/o any special OIDs,
all these years?  And never installing CA certs (which eventually
expire) on all the PCs?

Help me to understand, please?  Is this a result of some change
between 1.1.x and 2.x.x?

Is this how you add those OIDs:



Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.

More information about the Freeradius-Users mailing list