No EAP session matching state ...
Alan DeKok
aland at deployingradius.com
Wed Oct 25 16:56:32 CEST 2017
On Oct 25, 2017, at 10:48 AM, Fikais Ladislav <fikais at cuni.cz> wrote:
>
> If I do that it says:
>
> raddb/sites-enabled/tls[7]: Threading must be enabled for TLS sockets to
> function properly
> raddb/sites-enabled/tls[7]: You probably need to do 'radiusd -fxx -l stdout'
> for debugging
That's fine.
> This output was generated with "radiusd -fxxx -l stdout". Isn't it "same"
> (+timestamps)?
Yes... and the timestamps aren't useful in 99% of the situations.
It's good to follow instructions.
> I've FRv2 (+RadSecProxy) which works and if I replace it with the this new
> 3.0.15 (w/o RadSecproxy, config from source), then local auth (WiFi
> controlers, subordinate FRs) works fine.
Then something else is going wrong. A normal FreeRADIUS configuration doesn't do that.
The main reason for these messages is that FR sends a response, times it out after 5 seconds, and then after *that*, the client / AP sends the next packet of an EAP session.
This just isn't the fault of FreeRADIUS.
> Yes, there are a few "No EAP sess..."
> messages maybe like you are saying because something in WiFi network is
> broken/bad signal/etc. But the main problem is that it behaves like this (even
> worst - most requests are rejected) if the requests comes over radsec from
> Czech national eduroam server at CESNET (they are using Radiator). They're
> saying the problem is on my side...
Are they getting the replies? If so, then the problem isn't on your end.
> Isn't it possible there is something wrong in FRv3 radsec? Maybe some
> packets are lost? Is there a way to debug it? It's TCP so if there is some
> kind of network packet lost (which I think isn't) it shoud "survive", right?
Packets aren't lost over TCP.
Alan DeKok.
More information about the Freeradius-Users
mailing list