hi > Looking at the logs i see that the AP sends an Access Request, the radius > server replies with the Access Challenge, and then the radius server ignores > the reply from the AP with this message: > > Reply packet code 11 sent to a non-proxy reply port from client > intel-AP:1024, ID 149 : IGNORED > rl_next: returning NULL
code 11 is an access challenge (s. http://www.freeradius.org/rfc/rfc2865.html, page 21). the radius server is kind of confused since it gets access challenges and not challenge replies. indeed, the only reasonable possibility for it to get an access challenge message is to be in the proxy mode and to get such message on its way down to the client (client<-proxy<-server). in that case, the access challenge would be sent to the (default) port 1814. this is not the case, so server is ignoring the packet. why is your AP sending access challenges? are you using proxying with wrong configuration? normally, you should post the whole log, the configuration of the client (intel-AP) and of the concerned users, since otherwise it's generally difficult to understand what's wrong. > I think this is because the radius server by default is listening only to > port 1814 for proxy requests, right? nope. by default it listens to 1812, 1813 and 1814. > How can i change this? firmware update? configuration review? i don't know, i don't get it. > Why is the AP sending authentication packets to port 1024, even though i > chose port 1812? it doesn't. the message comes from port 1024 of the AP. ciao artur -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
