On 20.1.2015 22.12, Michael Hulko wrote: > I have two new servers that I am trying to put into production for > our eduroam users. Both servers are identical. Configs are > identical (with the minor changes required to make them indentifiable > to the outside world). However, that is where it appears to stop.
Hello Michael, since EAP is used, you should how the requests are distributed among the servers. If one of the servers is receiving, for example, EAP 25 (PEAP) requests but it has no previous EAP authentication state with the client, you will get the message you have quoted in the subject. In other words, there was an EAP 25 response but the server had no idea that it had started EAP 25 authentication with the client. What should happen is that first there is EAP 1 response which tells the client's EAP identity. Radiator will then respond with, for example, EAP 25 (PEAP) start request and the next reponse from the client should be EAP 25 response (or NAK if the client desires some other EAP method). > Authentications to one server fails, while authentications to the > other server succeeds. I am stumped. It appears from the trace that > the client request makes it to the first Handler but never makes it > to the TunnlledByPeap=1 handler to finish the authentication. > > Attached is a trace 4 log capture and the current config. I see that there are a number of Access-Accepts too, so my take is that the RADIUS messages are distributed to the two servers in such a way that the server that starts EAP message authentication does not get all the messages that are part of the whole authentication exchange. Some messages are sent to the other server which then logs the message in the subject. Thanks, Heikki -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
