eap: ERROR: Failed continuing EAP PEAP (25) session.

Stefano Pardini stefanopardini at gmail.com
Mon Aug 1 13:10:26 CEST 2016

Hi guys.

I'm authenticating users against Samba4 using Winbindd (PEAP-MSCHAPv2).
With radtest everything is working fine; the user information are
correctly extracted and the authentication process is successful.

I'm now trying to access through a WiFi client.
The access point is configured properly and can communicate with the
FreeRADIUS server.
But I'm encountering the following error (radiusd -X):

(8) eap_peap: Continuing EAP-TLS
(8) eap_peap: [eaptls verify] = ok
(8) eap_peap: Done initial handshake
(8) eap_peap: [eaptls process] = ok
(8) eap_peap: Session established.  Decoding tunneled attributes
(8) eap_peap: PEAP state send tlv success
(8) eap_peap: Received EAP-TLV response
(8) eap_peap: Client rejected our response.  The password is probably incorrect
(8) eap_peap: ERROR: We sent a success, but the client did not agree
(8) eap: ERROR: Failed continuing EAP PEAP (25) session.  EAP sub-module failed
(8) eap: Sending EAP Failure (code 4) ID 232 length 4
(8) eap: Failed in EAP select
(8)     [eap] = invalid
(8)   } # authenticate = invalid
(8) Failed to authenticate the user

I made some tests even with eapol_test, using the EAP-MSCHAPv2 config
file reported in http://deployingradius.com:
decapsulated EAP packet (code=4 id=8 len=4) from RADIUS server: EAP Failure

I'm using the following FreeRADIUS version.
radiusd: FreeRADIUS Version 3.0.12 (git #ae2f29c), for host
x86_64-unknown-linux-gnu, built on Jul 29 2016 at 11:17:40
FreeRADIUS Version 3.0.12

And the following Samba version (Debian 8.5): 4.2.10.

To understand the problem tell me if you need more accurate log.
Thanks in advance.

More information about the Freeradius-Users mailing list