The users session was previously rejected
Tim Pretlove
T.Pretlove at liverpool.ac.uk
Sat Oct 31 18:14:11 CET 2015
Hi Alan,
On Sat, 31 Oct 2015, Alan DeKok wrote:
> On Oct 31, 2015, at 5:40 AM, Pretlove, Tim <T.Pretlove at liverpool.ac.uk> wrote:
>> I fairly new at Freeradius and I have been upgrading our version 2 servers to version 3.0.10 and I have what I believe is a configuration issue.
>>
>> The user is correctly rejected by eap/MSCHAP but it continues into eap/PEAP where I get the error
>>
>> Sat Oct 31 09:08:24 2015 : Info: (11) eap_peap: The users session was previously rejected: returning reject (again.)
>
> Those messages say "Info". Not "Error".
The Error message is
ERROR: (11) eap: Failed continuing EAP PEAP (25) session. EAP sub-module
failed.
and in Debug I also see
Debug: (11) eap: Sending EAP Failure (code 4) ID 11 length 4
Debug: (11) eap: Failed in EAP select
>
>> How do I avoid dropping into the peap section if the user is rejected further up the chain?
>
> You don't. It's doing PEAP as expected.
Okay that's fine
>
> The message is there for people who read only the last few lines of the debug output. It tells them to read the PREVIOUS messages to see the error.
I see this appearing in the log file without debug enabled.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks
Tim Pretlove
Computing Services
University of Liverpool
Brownlow Hill
More information about the Freeradius-Users
mailing list