On Thu, Aug 11, 2005 at 07:02:19PM -0400, Alan DeKok wrote: > [EMAIL PROTECTED] wrote: > > I am trying to speak between my Freeradius server and a Cisco WLSE. > > I am seeing EAP timeouts while WLSE is trying to authenticate > > through Freeradius. > > Short summary: the supplicant is broken. > > > Sending Access-Challenge of id 3 to 192.168.254.10:32815 > > EAP-Message = > > 0x010100221a0101001d10b063da2c8f5c52273cd537b0c09d69e5776c736561636374 > > Message-Authenticator = 0x00000000000000000000000000000000 > > State = 0x8c90735921dd51b22bc8ef97379845b8 > ... > > rad_recv: Access-Request packet from host 192.168.254.10:32815, id=3, > > length=125 > > User-Name = "wlseacct" > > NAS-IP-Address = 192.168.254.10 > > Called-Station-Id = "ABBAABBAABBA" > > Calling-Station-Id = "ABBAABBAABBA" > > NAS-Identifier = "Cisco Secure II" > > NAS-Port = 29 > > Framed-MTU = 1400 > > NAS-Port-Type = Wireless-802.11 > > EAP-Message = 0x020300060311 > > Message-Authenticator = 0x070f8a208866000f797e64be5bd48f48 > > The client is sending a NACK, and asking for another EAP type. But > it's changing the EAP ID in a broken way, which means that the AP > doesn't add the State attribute from the previous challenge. > > In the last packet, FreeRADIUS is seeing the middle of a > conversation, without any way to know what the conversation was about. > > The supplicant is broken. Use another one.
I am stuck using WLSE. Are there plans on an "official" fix in Freeradius, to work with whatever is broken in WLSE? Cisco APs are only good if you have decent management. --johnk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html