ERROR: rlm_eap (EAP): No EAP session matching state

Alan DeKok aland at
Fri Jan 28 19:17:51 UTC 2022

On Jan 28, 2022, at 12:08 PM, deepak rawat via Freeradius-Users <freeradius-users at> wrote:
> Thanks Alan.
> I check the system logs of a  user which need authentication and for security purpose i can not share them here

  We don't need to see them.

> but we can see the EAPOL message exchange between the Radius server and User is with 1s

  You're looking at the wrong thing.

  One EAP session sends *many* packets between the user, NAS, and RADIUS server.   If the first 5 packets go back and forth quickly, but the sixth one takes 30 seconds, then you'll get that error.

> When you're using EAP, the user SHOULD NOT be prompted for anything.  Their name / password should be cached, and used without prompting the user. -- I am not sure what does this mean and how could i stop this, Any suggestion.

  I really don't know how to say this any other way.

  The issue is NOT FreeRADIUS.  The issue is the user and/or the NAS (or access point).  Nothing you do to FreeRADIUS will fix the problem.  No amount of looking at the FreeRADIUS logs will fix the problem.

  Alan DeKok.

More information about the Freeradius-Users mailing list