Hello Team,
We are experiencing authentication failures in our PacketFence v13.2 L3 cluster due to EAP session mismatches. Current Setup: 4 PacketFence v13.2 nodes (Debian 11), L3 cluster. 4 zones, each with 1 node. cluster.conf configured with a dummy VIP instead of a real one. Switches are configured to send RADIUS requests directly to each node’s real IP (round-robin). All client computers use 802.1X authentication with EAP-MSCHAPv2. Switch ports are configured for 802.1X port-based authentication. Issue Observed: In /usr/local/pf/logs/radius.log, multiple errors appear: eap: ERROR: No EAP session matching state 0x... Login incorrect (eap: rlm_eap (EAP): No EAP session matching state...) This occurs because different packets of the same EAP authentication session are hitting different nodes. EAP session state is stored in node memory and is not shared between nodes, causing authentication to fail. Impact: Frequent authentication failures for both machine and user logins over 802.1X (PEAP/EAP-MSCHAPv2). End users intermittently unable to connect to the network. Probable Root Cause: No session stickiness in the RADIUS request flow. EAP conversations are being split across multiple nodes, breaking authentication. Logs: tail -f /usr/local/pf/logs/radius.log Aug 13 18:31:20 tbnac1 auth[259262]: (180854) Login OK: [341A4CED2AC5] (from client pf port 7 cli 34:1a:4c:ed:2a:c5) Aug 13 18:31:26 tbnac1 auth[259262]: (180856) eap: ERROR: rlm_eap (EAP): No EAP session matching state 0x6e3497d46e088e7e Aug 13 18:31:26 tbnac1 auth[259262]: (180856) eap: ERROR: rlm_eap (EAP): No EAP session matching state 0x6e3497d46e088e7e Aug 13 18:31:26 tbnac1 auth[259262]: (180856) Login incorrect (eap: rlm_eap (EAP): No EAP session matching state 0x6e3497d46e088e7e): [ABCD\10041184] (from client pf port 29 cli 34:2f:4c:ed:3d:8f) Aug 13 18:31:33 tbnac1 auth[259262]: (180858) eap: ERROR: rlm_eap (EAP): No EAP session matching state 0x1326436013005ab2 Aug 13 18:31:33 tbnac1 auth[259262]: (180858) eap: ERROR: rlm_eap (EAP): No EAP session matching state 0x1326436013005ab2 Aug 13 18:31:33 tbnac1 auth[259262]: (180858) Login incorrect (eap: rlm_eap (EAP): No EAP session matching state 0x1326436013005ab2): [ABCD\80009164] (from client pf port 10 cli 34:2d:4c:ed:48:36) Aug 13 18:31:46 tbnac1 auth[259262]: (180861) eap: ERROR: rlm_eap (EAP): No EAP session matching state 0x4fe37b664f5d62b3 Aug 13 18:31:46 tbnac1 auth[259262]: (180861) eap: ERROR: rlm_eap (EAP): No EAP session matching state 0x4fe37b664f5d62b3 Aug 13 18:31:46 tbnac1 auth[259262]: (180861) Login incorrect (eap: rlm_eap (EAP): No EAP session matching state 0x4fe37b664f5d62b3): [host/ WH-JSD-02-AI024.xyz.co.in] (from client pf port 8 cli 00:f4:4c:09:59:03) Aug 13 18:31:55 tbnac1 auth[259262]: (180863) eap: ERROR: rlm_eap (EAP): No EAP session matching state 0x9743b7cc9740ae21 Aug 13 18:31:55 tbnac1 auth[259262]: (180863) eap: ERROR: rlm_eap (EAP): No EAP session matching state 0x9743b7cc9740ae21 Aug 13 18:31:55 tbnac1 auth[259262]: (180863) Login incorrect (eap: rlm_eap (EAP): No EAP session matching state 0x9743b7cc9740ae21): [host/ JI-JSA-01-AI044.xyz.co.in] (from client pf port 30 cli 34:1a:4c:ed:53:78) Aug 13 18:31:55 tbnac1 auth[259262]: (180864) eap: ERROR: rlm_eap (EAP): No EAP session matching state 0xc905a5b4c920bcc5 Aug 13 18:31:55 tbnac1 auth[259262]: (180864) eap: ERROR: rlm_eap (EAP): No EAP session matching state 0xc905a5b4c920bcc5 Aug 13 18:31:55 tbnac1 auth[259262]: (180864) Login incorrect (eap: rlm_eap (EAP): No EAP session matching state 0xc905a5b4c920bcc5): [host/ JS-JSJ-11-AI103.xyz.co.in] (from client pf port 34 cli 34:3g:4c:ed:3b:45) Aug 13 18:32:08 tbnac1 auth[259262]: (180867) eap: ERROR: rlm_eap (EAP): No EAP session matching state 0x9ca21c389c680558 Aug 13 18:32:08 tbnac1 auth[259262]: (180867) eap: ERROR: rlm_eap (EAP): No EAP session matching state 0x9ca21c389c680558 Aug 13 18:32:08 tbnac1 auth[259262]: (180867) Login incorrect (eap: rlm_eap (EAP): No EAP session matching state 0x9ca21c389c680558): [ABCD\10038053] (from client pf port 8 cli 00:e0:4c:09:59:4h) Aug 13 18:32:32 tbnac1 auth[259262]: (180876) eap: ERROR: rlm_eap (EAP): No EAP session matching state 0x3c4730d83c902948 Aug 13 18:32:32 tbnac1 auth[259262]: (180876) eap: ERROR: rlm_eap (EAP): No EAP session matching state 0x3c4730d83c902948 Aug 13 18:32:32 tbnac1 auth[259262]: (180876) Login incorrect (eap: rlm_eap (EAP): No EAP session matching state 0x3c4730d83c902948): [ABCD\10038053] (from client pf port 8 cli 00:e0:4c:09:59:5g) Aug 13 18:32:32 tbnac1 auth[259262]: (180877) eap: ERROR: rlm_eap (EAP): No EAP session matching state 0x5d4099a45d5f805a Aug 13 18:32:32 tbnac1 auth[259262]: (180877) eap: ERROR: rlm_eap (EAP): No EAP session matching state 0x5d4099a45d5f805a Aug 13 18:32:32 tbnac1 auth[259262]: (180877) Login incorrect (eap: rlm_eap (EAP): No EAP session matching state 0x5d4099a45d5f805a): [host/ SD-HFD-01-AI044.xyz.co.in] (from client pf port 30 cli 34:1a:4c:ed:53:78)34:1a:4c:ed:53:78)
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
