eap_peap: We sent a success, but the client did not agree [FreeRadius + samba4 AD + dynamic vlans]

Elias Pereira empbilly at gmail.com
Thu Jul 19 20:11:09 CEST 2018


New logs shows.

...
(11) eap_peap:   The users session was previously rejected: returning
reject (again.)
(11) eap_peap:   This means you need to read the PREVIOUS messages in the
debug output
(11) eap_peap:   to find out the reason why the user was rejected
(11) eap_peap:   Look for "reject" or "fail".  Those earlier messages will
tell you
(11) eap_peap:   what went wrong, and how to fix the problem
(11) eap: ERROR: Failed continuing EAP PEAP (25) session.  EAP sub-module
failed
...

Full log: https://pastebin.com/raw/8qaPZwqK​

On Thu, Jul 19, 2018 at 10:19 AM Elias Pereira <empbilly at gmail.com> wrote:

> Any tips & tricks here? :)
>
> On Wed, Jul 18, 2018 at 5:16 PM Elias Pereira <empbilly at gmail.com> wrote:
>
>> I forgot to mention it in the first email. I configured the ldap module
>> so that I could work with groups and redirect to the corresponding vlan.
>>
>>
>>> Read http://wiki.freeradius.org/list-help.
>>>   We want to see "radiusd -X".  Not "radiusd -Xxxxxxxxx"
>>
>>
>> Ok. Thanks!
>>
>> That message should be clear.
>>> > *Wed Jul 18 14:44:25 2018 : ERROR: (71) eap_peap: We sent a success,
>>> but
>>> > the client did not agree*
>>> > *Wed Jul 18 14:44:25 2018 : ERROR: (71) eap: Failed continuing EAP PEAP
>>> > (25) session.  EAP sub-module failed*
>>>   OK... so you're ignoring the one useful message, and worrying about
>>> two *subsequent* messages?
>>
>>
>> New log in the pastbin. All logs refer to 1 or 2 cell authentication
>> attempts.
>> https://pastebin.com/raw/45tzkG6w
>>
>> Yes.  When the password is incorrect.
>>
>>
>> At first the password is correct. I put the very easy password to test. :)
>>
>>  If you want to get it working, there is a step-by-step guide on my web
>>> site:
>>> http://deployingradius.com
>>
>>
>> Ok. Thanks for the guide.
>>
>> PAP ok
>> EAP ok
>> Create certificate ok
>> Import ?
>>
>> I tried importing the ca.der to my android, but did not recognize it.
>> Which certificate does it import?
>>
>>
>>
>> On Wed, Jul 18, 2018 at 3:50 PM Alan DeKok <aland at deployingradius.com>
>> wrote:
>>
>>> On Jul 18, 2018, at 2:12 PM, Elias Pereira <empbilly at gmail.com> wrote:
>>> >
>>> > At first everything is ok with the settings. I made internal tests with
>>> > radtest and the authentication of a domain user is done correctly. I
>>> also
>>> > tested with pfsense's captiveportal and it worked correctly.
>>> >
>>> > We have a wifi controller from the motorola and created a ssid and set
>>> the
>>> > AAA profile as it showed in the extreme support itself.
>>> >
>>> > After trying to connect via mobile with android, the following error
>>> occurs:
>>>
>>>   Read http://wiki.freeradius.org/list-help.
>>>
>>>   We want to see "radiusd -X".  Not "radiusd -Xxxxxxxxx"
>>>
>>> > Wed Jul 18 14:44:25 2018 : Debug: (71) eap_peap: [eaptls process] = ok
>>> > Wed Jul 18 14:44:25 2018 : Debug: (71) eap_peap: Session established.
>>> > Decoding tunneled attributes
>>> > Wed Jul 18 14:44:25 2018 : Debug: (71) eap_peap: PEAP state send tlv
>>> success
>>> > Wed Jul 18 14:44:25 2018 : Debug: (71) eap_peap: Received EAP-TLV
>>> response
>>> > Wed Jul 18 14:44:25 2018 : Debug: (71) eap_peap: Client rejected our
>>> > response.  The password is probably incorrect
>>>
>>>   That message should be clear.
>>>
>>> > *Wed Jul 18 14:44:25 2018 : ERROR: (71) eap_peap: We sent a success,
>>> but
>>> > the client did not agree*
>>> > *Wed Jul 18 14:44:25 2018 : ERROR: (71) eap: Failed continuing EAP PEAP
>>> > (25) session.  EAP sub-module failed*
>>>
>>>   OK... so you're ignoring the one useful message, and worrying about
>>> two *subsequent* messages?
>>>
>>> > Has anyone ever had this problem?
>>>
>>>   Yes.  When the password is incorrect.
>>>
>>>   If you want to get it working, there is a step-by-step guide on my web
>>> site:
>>>
>>> http://deployingradius.com
>>>
>>>   Alan DeKok.
>>>
>>>
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>
>>
>>
>> --
>> Elias Pereira
>>
>
>
> --
> Elias Pereira
>


-- 
Elias Pereira


More information about the Freeradius-Users mailing list