EAP session problem
Matthew Newton
mcn4 at leicester.ac.uk
Sat Sep 12 23:52:33 CEST 2015
On Sat, Sep 12, 2015 at 09:25:25PM +0200, Stefano Pardini wrote:
> I'm using PEAP/MSCHAPV2 and OpenLDAP password backend (and Samba3) to
...
> I didn't touch the configuration files in the last few months. Nothing has
> changed. The CA certificate is valid.
10 years is a long time for the server cert - are you sure that's
the server cert you checked, not the CA?
But from the debug logs it's not getting that far.
> rad_recv: Access-Request packet from host 192.168.11.45 port 38247, id=42,
> length=189
> User-Name = "pippo"
...
> EAP-Message = 0x02dc000a01706970706f
EAP response identity "pippo"
> Sending Access-Challenge of id 42 to 192.168.11.45 port 38247
> EAP-Message = 0x01dd00061920
EAP request PEAP
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xa0e49fa1a0398655bdbbb8b91da409d3
> Finished request 0.
...
> Sending duplicate reply to client OpenWrt port 38247 - ID: 42
> Sending Access-Challenge of id 42 to 192.168.11.45 port 38247
> Waking up in 2.0 seconds.
> Cleaning up request 0 ID 42 with timestamp +4
> WARNING:
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> WARNING: !! EAP session for state 0xa0e49fa1a0398655 did not finish!
> WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
> WARNING:
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Client didn't respond to the server.
Again,
> rad_recv: Access-Request packet from host 192.168.11.45 port 38247, id=42,
> length=189
> User-Name = "pippo"
...
> EAP-Message = 0x02dc000a01706970706f
EAP response - identity "pippo"
> Sending Access-Challenge of id 42 to 192.168.11.45 port 38247
> EAP-Message = 0x01dd00061920
Server requests PEAP
> Sending duplicate reply to client OpenWrt port 38247 - ID: 42
> Sending Access-Challenge of id 42 to 192.168.11.45 port 38247
> Waking up in 2.0 seconds.
> Cleaning up request 0 ID 42 with timestamp +4
> WARNING:
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> WARNING: !! EAP session for state 0xa0e49fa1a0398655 did not finish!
> WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
> WARNING:
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Client did not respond.
Didn't get anywhere near as far as a cert exchange.
You say nothing on the server changed. In that case, something on
the AP or the clients did.
You said "users", so I'll blindly assume multiple different
clients are trying to connect, which likely eliminates the
clients unless they are all identical.
In which case, find out what's changed on your AP and fix that.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list