"WARNING: !! EAP session for state ... did not finish!", And Other Warnings

Alan DeKok aland at deployingradius.com
Sat Oct 3 03:38:58 CEST 2015

On Oct 2, 2015, at 8:58 PM, Jim Seymour <jseymour at LinxNet.com> wrote:
> Now I *know* I never had to do that before.  In fact: The certs on my
> existing server expired just a month ago or so and I had to generate
> new ones...  Just double-checked: The FreeRADIUS on current production
> server is using the same self-signed certs as everything else on that
> server.

  And... how did you create the self-signed certs?

> My confusion increases.  How is it I've been running everything from
> MS-Win95 through MS-Win7 on my existing network, using FreeRadius
> 1.1.1, and plain old self-signed server certs, w/o any special OIDs,
> all these years?  And never installing CA certs (which eventually
> expire) on all the PCs?

  No idea.  It's Windows.

> Help me to understand, please?  Is this a result of some change
> between 1.1.x and 2.x.x?

  No.  The OIDs are required by Windows, not by FreeRADIUS.

> Is this how you add those OIDs:
>    http://.../tutorial_radiusserver.html

  No, no, no, and no.

  I have *zero* clue how people find random third-party web sites from nearly a decade ago, and cannot find the documentation that ships with the server.

  The method to create certs is documented in raddb/certs/ .  It's been there since before that crappy page was written.

  PLEASE read the documentation that we've written.  Pretty much everything else is old, broken, crappy, and lying to you.

  Alan DeKok.

More information about the Freeradius-Users mailing list