ERROR: rlm_eap (EAP): No EAP session matching state

deepak rawat deepakrawat.singh at yahoo.com
Tue Feb 1 16:39:29 UTC 2022


Hi Alan,
Thank you Alan for your answer.
After setting the max_request_time=120 in radiusd.conf file the failure of No EAP session matching state failure in radius server is reduced abruptly but still after some days we saw this behavior and we need to give the block/deblock the port on user device to get the authentication.

So to troubleshoot further on our User where we have the logs with timespan but in freeradius -X are coming without any date or time. Can anyone help me how i can add the time in the freeradius logs.
Objective: As you said we need to check the user why the reply is not coming within 30second for a EAP message. So we were checking our user logs where we were comparing the failure and successful one but it is good if we get the timespan in Radius to compare the logs.

Kind Regards,Deepak Rawat |
 

    On Friday, January 28, 2022, 09:37:36 PM GMT+1, Alan DeKok <aland at deployingradius.com> wrote:  
 
 On Jan 28, 2022, at 12:08 PM, deepak rawat via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> 
> Thanks Alan.
> I check the system logs of a  user which need authentication and for security purpose i can not share them here

  We don't need to see them.

> but we can see the EAPOL message exchange between the Radius server and User is with 1s

  You're looking at the wrong thing.

  One EAP session sends *many* packets between the user, NAS, and RADIUS server.  If the first 5 packets go back and forth quickly, but the sixth one takes 30 seconds, then you'll get that error.

> When you're using EAP, the user SHOULD NOT be prompted for anything.  Their name / password should be cached, and used without prompting the user. -- I am not sure what does this mean and how could i stop this, Any suggestion.

  I really don't know how to say this any other way.

  The issue is NOT FreeRADIUS.  The issue is the user and/or the NAS (or access point).  Nothing you do to FreeRADIUS will fix the problem.  No amount of looking at the FreeRADIUS logs will fix the problem.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
  


More information about the Freeradius-Users mailing list