eap_peap: We sent a success, but the client did not agree [FreeRadius + samba4 AD + dynamic vlans]
Elias Pereira
empbilly at gmail.com
Wed Jul 18 22:16:43 CEST 2018
I forgot to mention it in the first email. I configured the ldap module so
that I could work with groups and redirect to the corresponding vlan.
> Read http://wiki.freeradius.org/list-help.
> We want to see "radiusd -X". Not "radiusd -Xxxxxxxxx"
Ok. Thanks!
That message should be clear.
> > *Wed Jul 18 14:44:25 2018 : ERROR: (71) eap_peap: We sent a success, but
> > the client did not agree*
> > *Wed Jul 18 14:44:25 2018 : ERROR: (71) eap: Failed continuing EAP PEAP
> > (25) session. EAP sub-module failed*
> OK... so you're ignoring the one useful message, and worrying about two
> *subsequent* messages?
New log in the pastbin. All logs refer to 1 or 2 cell authentication
attempts.
https://pastebin.com/raw/45tzkG6w
Yes. When the password is incorrect.
At first the password is correct. I put the very easy password to test. :)
If you want to get it working, there is a step-by-step guide on my web
> site:
> http://deployingradius.com
Ok. Thanks for the guide.
PAP ok
EAP ok
Create certificate ok
Import ?
I tried importing the ca.der to my android, but did not recognize it. Which
certificate does it import?
On Wed, Jul 18, 2018 at 3:50 PM Alan DeKok <aland at deployingradius.com>
wrote:
> On Jul 18, 2018, at 2:12 PM, Elias Pereira <empbilly at gmail.com> wrote:
> >
> > At first everything is ok with the settings. I made internal tests with
> > radtest and the authentication of a domain user is done correctly. I also
> > tested with pfsense's captiveportal and it worked correctly.
> >
> > We have a wifi controller from the motorola and created a ssid and set
> the
> > AAA profile as it showed in the extreme support itself.
> >
> > After trying to connect via mobile with android, the following error
> occurs:
>
> Read http://wiki.freeradius.org/list-help.
>
> We want to see "radiusd -X". Not "radiusd -Xxxxxxxxx"
>
> > Wed Jul 18 14:44:25 2018 : Debug: (71) eap_peap: [eaptls process] = ok
> > Wed Jul 18 14:44:25 2018 : Debug: (71) eap_peap: Session established.
> > Decoding tunneled attributes
> > Wed Jul 18 14:44:25 2018 : Debug: (71) eap_peap: PEAP state send tlv
> success
> > Wed Jul 18 14:44:25 2018 : Debug: (71) eap_peap: Received EAP-TLV
> response
> > Wed Jul 18 14:44:25 2018 : Debug: (71) eap_peap: Client rejected our
> > response. The password is probably incorrect
>
> That message should be clear.
>
> > *Wed Jul 18 14:44:25 2018 : ERROR: (71) eap_peap: We sent a success, but
> > the client did not agree*
> > *Wed Jul 18 14:44:25 2018 : ERROR: (71) eap: Failed continuing EAP PEAP
> > (25) session. EAP sub-module failed*
>
> OK... so you're ignoring the one useful message, and worrying about two
> *subsequent* messages?
>
> > Has anyone ever had this problem?
>
> Yes. When the password is incorrect.
>
> If you want to get it working, there is a step-by-step guide on my web
> site:
>
> http://deployingradius.com
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
--
Elias Pereira
More information about the Freeradius-Users
mailing list