1st time authentication of a supplicant loops

Alan DeKok aland at deployingradius.com
Tue Dec 1 14:00:12 CET 2020

On Dec 1, 2020, at 5:15 AM, Axel Rau <Axel.Rau at chaos1.de> wrote:
>> What does the debug log look like when that happens?
> Appended at the end.

  That's doing MAC address authentication.  You configured the switch / AP to do MAC address authentication.  I suggest paying attention to what you've done

  Reading the debug output for that "failed" authentication is pretty simple.  Things like "No EAP message, not doing EAP" should clue you in that it's not doing EAP.

  And for some reason when you add the MAC as a name / password, then MAC address authentication succeeds.  Any idea what that happens?

>> The default configuration works if you just add a name / password to mods-config/files/authorize.  So what else did you change?
> I’m not sure.
> I did now a fresh installation on OpenBSD 6.7 from ports and configured it.
> Axel
> PS: These are my changes of the default installation (certs dir omitted:
  "I dunno what I did.  Here's a dump of stuff.  You guys figure it out".

  What a waste of time, and what a terrible attitude.

  Read the documentation on what to post to the list:  http://wiki.freeradius.org/list-help

  And read the documentation for how to read the debug output:  http://wiki.freeradius.org/radiusd-X

  And *think* about what's going on.  What is in the debug output for the "failed" authentication?  MAC addresses?  Hmm.. any idea what's going on there?

  This whole approach of "I dunno, you guys figure it out" is not appropriate.  If you don't have the time to understand the system you're configuring, then there's no reason for us to take the time to help you.

  Alan DeKok.

More information about the Freeradius-Users mailing list