ERROR: rlm_eap (EAP): No EAP session matching state

[Alan DeKok]

On Jan 28, 2022, at 9:37 AM, deepak rawat via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I need a help to know why this problem is coming in Free radius which i am usuing as it was working properly before but now when we connect the Cisco 9000 Series nexus switch we are facing this problem.
> Should we need to tweak some parameter in freeradius file to recover this. I have no idea how can i recover it can anyone help or guide.
> 
> (7) eap: Expiring EAP session with state 0x287d8eea2e74834b(7) eap: ERROR: rlm_eap (EAP): No EAP session matching state 0x287d8eea2d75834b(7) eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request(7) eap: Failed in handler(7)     [eap] = invalid(7)   } # authenticate = invalid(7) Failed to authenticate the user(7) Using Post-Auth-Type Reject(7) # Executing group from file /etc/freeradius/3.0/sites-enabled/default(7)   Post-Auth-Type REJECT {(7) attr_filter.access_reject: EXPAND %{User-Name}(7) attr_filter.access_reject:    --> E23D364711.x.com(7) 

  That's pretty bad.

  I don't mean the error messages.  I mean the formatting.  It's completely unreadable.

  The error message is pretty clear.  The EAP session is *supposed* to finish very quickly.  i.e. less than a second for all packets.  Each packet is supposed to be sent very quickly after the reply to the previous packet.

  That's not happening here.

  Instead, the packet which is producing the error is coming 30 seconds after the previous reply.  There's simply no good reason for that.

  What else is going on?

  Alan DeKok.