hi David Baer wrote: > hi, thanks for looking at the matter, Artur. > >> in fact, unless you shortened your post, there seems to be two >> requests one after another or am i wrong? because radius actually >> doesn't do anything about the wrong request. it denies the next >> one... well, it's perhaps normal. > > well strange is (or is it a normal retry?), that it has two rad_recv > of id=95. one at (*A*) and than the other one at (*B*). then he is > sending the reject message on the line (*E*) to id=95, but it is not > clear to which. However, I think the problem really is between line > (*C*) and (*D*) which prevents me from getting an Access-Accept This > error seems to happen from time to time, I've found another post in > the mailing list > (http://www.mail-archive.com/[email protected]/msg115- > 98.html). But there isn't a solution (or even a guess, as to where it > comes from) around. Advice is appreciated. david
it's probably a bug in your AP implementation. try the newest firmware, e.g. effectively, it's a re-request since the id-number is the same. the TLS error probably comes from the shortened message or something similar, the data seems to be corrupted in some way. radius seems to just reject from that moment on, it doesn't seem to check the second message for its correctness (IMHO, it should however, since it's udp). compare the two messages by snooping on the interface. if the error is always the same, try to change some parameters (framed-mtu value, perhaps even another user-name, etc.) ciao artur -- Artur Hecker De'partement Informatique et Re'seaux, ENST Paris http://www.infres.enst.fr/~hecker - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
