eap_peap: We sent a success, but the client did not agree [FreeRadius + samba4 AD + dynamic vlans]

Elias Pereira empbilly at gmail.com
Wed Jul 18 22:16:43 CEST 2018


I forgot to mention it in the first email. I configured the ldap module so
that I could work with groups and redirect to the corresponding vlan.


> Read http://wiki.freeradius.org/list-help.
>   We want to see "radiusd -X".  Not "radiusd -Xxxxxxxxx"


Ok. Thanks!

That message should be clear.
> > *Wed Jul 18 14:44:25 2018 : ERROR: (71) eap_peap: We sent a success, but
> > the client did not agree*
> > *Wed Jul 18 14:44:25 2018 : ERROR: (71) eap: Failed continuing EAP PEAP
> > (25) session.  EAP sub-module failed*
>   OK... so you're ignoring the one useful message, and worrying about two
> *subsequent* messages?


New log in the pastbin. All logs refer to 1 or 2 cell authentication
attempts.
https://pastebin.com/raw/45tzkG6w

Yes.  When the password is incorrect.


At first the password is correct. I put the very easy password to test. :)

 If you want to get it working, there is a step-by-step guide on my web
> site:
> http://deployingradius.com


Ok. Thanks for the guide.

PAP ok
EAP ok
Create certificate ok
Import ?

I tried importing the ca.der to my android, but did not recognize it. Which
certificate does it import?



On Wed, Jul 18, 2018 at 3:50 PM Alan DeKok <aland at deployingradius.com>
wrote:

> On Jul 18, 2018, at 2:12 PM, Elias Pereira <empbilly at gmail.com> wrote:
> >
> > At first everything is ok with the settings. I made internal tests with
> > radtest and the authentication of a domain user is done correctly. I also
> > tested with pfsense's captiveportal and it worked correctly.
> >
> > We have a wifi controller from the motorola and created a ssid and set
> the
> > AAA profile as it showed in the extreme support itself.
> >
> > After trying to connect via mobile with android, the following error
> occurs:
>
>   Read http://wiki.freeradius.org/list-help.
>
>   We want to see "radiusd -X".  Not "radiusd -Xxxxxxxxx"
>
> > Wed Jul 18 14:44:25 2018 : Debug: (71) eap_peap: [eaptls process] = ok
> > Wed Jul 18 14:44:25 2018 : Debug: (71) eap_peap: Session established.
> > Decoding tunneled attributes
> > Wed Jul 18 14:44:25 2018 : Debug: (71) eap_peap: PEAP state send tlv
> success
> > Wed Jul 18 14:44:25 2018 : Debug: (71) eap_peap: Received EAP-TLV
> response
> > Wed Jul 18 14:44:25 2018 : Debug: (71) eap_peap: Client rejected our
> > response.  The password is probably incorrect
>
>   That message should be clear.
>
> > *Wed Jul 18 14:44:25 2018 : ERROR: (71) eap_peap: We sent a success, but
> > the client did not agree*
> > *Wed Jul 18 14:44:25 2018 : ERROR: (71) eap: Failed continuing EAP PEAP
> > (25) session.  EAP sub-module failed*
>
>   OK... so you're ignoring the one useful message, and worrying about two
> *subsequent* messages?
>
> > Has anyone ever had this problem?
>
>   Yes.  When the password is incorrect.
>
>   If you want to get it working, there is a step-by-step guide on my web
> site:
>
> http://deployingradius.com
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



-- 
Elias Pereira


More information about the Freeradius-Users mailing list