Derek Orpen <[EMAIL PROTECTED]> wrote: > The AP responds correctly to the first challenge sent by freeradius. > But freeradius doesn't seem to know what to do with the challenge > from the AP.
The AP isn't sending challenges... > Sending Access-Challenge of id 231 to 209.47.155.132:1255 > EAP-Message = 0x03030004 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0xa0c5f9550e7600ebdc8e2ea363823f9d > Finished request 22 Note the "0x0303" from the EAP-Message. It indicates EAP success, and an sequence number of 3. > rad_recv: Access-Request packet from host 209.47.155.132:1256, id=232, > length=179 .... > State = 0xa0c5f9550e7600ebdc8e2ea363823f9d ... > EAP-Message = 0x010000161101000889df7f1f20328e24646f7270656e The State is OK. That's good. The EAP-Message starts off with "0x0100", which looks like the correct EAP packet type (1), but the wrong sequence number (0). The client SHOULD have responded with a sequence number of 4, I think. At least, that's what the Cisco clients do. > rlm_eap: Request not found in the list > rlm_eap: Either EAP-request timed out OR EAP-response to an unknown > EAP-request And the EAP module doesn't see a sequence number of 4, so it ignores the request. It should be possible to fix the server to be a little more forgiving, but my first question is why does that LEAP client do something different from every other LEAP client... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
