The users session was previously rejected

Tim Pretlove T.Pretlove at liverpool.ac.uk
Sat Oct 31 18:14:11 CET 2015


Hi Alan,

On Sat, 31 Oct 2015, Alan DeKok wrote:

> On Oct 31, 2015, at 5:40 AM, Pretlove, Tim <T.Pretlove at liverpool.ac.uk> wrote:
>> I fairly new at Freeradius and I have been upgrading our version 2 servers to version 3.0.10 and I have what I believe is a configuration issue.
>> 
>> The user is correctly rejected by eap/MSCHAP but it continues into eap/PEAP where I get the error
>> 
>> Sat Oct 31 09:08:24 2015 : Info: (11) eap_peap:   The users session was previously rejected: returning reject (again.)
>
>  Those messages say "Info".  Not "Error".

The Error message is

ERROR: (11) eap: Failed continuing EAP PEAP (25) session.  EAP sub-module 
failed.

and in Debug I also see

Debug: (11) eap: Sending EAP Failure (code 4) ID 11 length 4
Debug: (11) eap: Failed in EAP select

>
>> How do I avoid dropping into the peap section if the user is rejected further up the chain?
>
>  You don't.  It's doing PEAP as expected.

Okay that's fine

>
>  The message is there for people who read only the last few lines of the debug output.  It tells them to read the PREVIOUS messages to see the error.

I see this appearing in the log file without debug enabled.

>
>  Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Thanks

Tim Pretlove
Computing Services
University of Liverpool
Brownlow Hill


More information about the Freeradius-Users mailing list