>>Switches are configured to send RADIUS requests directly to each node’s real IP (round-robin). >From my understanding, you need to send the request to the cluster VIP address(es) - we have an L3 cluster - 3 nodes on subnet A and 2 nodes on subnet B - we configure our switches to sent to the VIPs for both subnets
Hope this helps! -John On Fri, Aug 15, 2025 at 6:14 AM Jigar Kumar Singh via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote: > Hello Team, > > > > We are experiencing authentication failures in our PacketFence v13.2 L3 > cluster due to EAP session mismatches. > > > > Current Setup: > > 4 PacketFence v13.2 nodes (Debian 11), L3 cluster. > > 4 zones, each with 1 node. > > cluster.conf configured with a dummy VIP instead of a real one. > > Switches are configured to send RADIUS requests directly to each node’s > real IP (round-robin). > > All client computers use 802.1X authentication with EAP-MSCHAPv2. > > Switch ports are configured for 802.1X port-based authentication. > > > > Issue Observed: > > In /usr/local/pf/logs/radius.log, multiple errors appear: > > eap: ERROR: No EAP session matching state 0x... > > Login incorrect (eap: rlm_eap (EAP): No EAP session matching state...) > > This occurs because different packets of the same EAP authentication > session are hitting different nodes. EAP session state is stored in node > memory and is not shared between nodes, causing authentication to fail. > > > > Impact: > > Frequent authentication failures for both machine and user logins over > 802.1X (PEAP/EAP-MSCHAPv2). > > End users intermittently unable to connect to the network. > > > > Probable Root Cause: > > No session stickiness in the RADIUS request flow. EAP conversations are > being split across multiple nodes, breaking authentication. > > > > Logs: > > tail -f /usr/local/pf/logs/radius.log > > Aug 13 18:31:20 tbnac1 auth[259262]: (180854) Login OK: [341A4CED2AC5] > (from client pf port 7 cli 34:1a:4c:ed:2a:c5) > > Aug 13 18:31:26 tbnac1 auth[259262]: (180856) eap: ERROR: rlm_eap (EAP): > No EAP session matching state 0x6e3497d46e088e7e > > Aug 13 18:31:26 tbnac1 auth[259262]: (180856) eap: ERROR: rlm_eap (EAP): > No EAP session matching state 0x6e3497d46e088e7e > > Aug 13 18:31:26 tbnac1 auth[259262]: (180856) Login incorrect (eap: > rlm_eap (EAP): No EAP session matching state 0x6e3497d46e088e7e): > [ABCD\10041184] (from client pf port 29 cli 34:2f:4c:ed:3d:8f) > > Aug 13 18:31:33 tbnac1 auth[259262]: (180858) eap: ERROR: rlm_eap (EAP): > No EAP session matching state 0x1326436013005ab2 > > Aug 13 18:31:33 tbnac1 auth[259262]: (180858) eap: ERROR: rlm_eap (EAP): > No EAP session matching state 0x1326436013005ab2 > > Aug 13 18:31:33 tbnac1 auth[259262]: (180858) Login incorrect (eap: > rlm_eap (EAP): No EAP session matching state 0x1326436013005ab2): > [ABCD\80009164] (from client pf port 10 cli 34:2d:4c:ed:48:36) > > Aug 13 18:31:46 tbnac1 auth[259262]: (180861) eap: ERROR: rlm_eap (EAP): > No EAP session matching state 0x4fe37b664f5d62b3 > > Aug 13 18:31:46 tbnac1 auth[259262]: (180861) eap: ERROR: rlm_eap (EAP): > No EAP session matching state 0x4fe37b664f5d62b3 > > Aug 13 18:31:46 tbnac1 auth[259262]: (180861) Login incorrect (eap: > rlm_eap (EAP): No EAP session matching state 0x4fe37b664f5d62b3): [host/ > WH-JSD-02-AI024.xyz.co.in] (from client pf port 8 cli 00:f4:4c:09:59:03) > > Aug 13 18:31:55 tbnac1 auth[259262]: (180863) eap: ERROR: rlm_eap (EAP): > No EAP session matching state 0x9743b7cc9740ae21 > > Aug 13 18:31:55 tbnac1 auth[259262]: (180863) eap: ERROR: rlm_eap (EAP): > No EAP session matching state 0x9743b7cc9740ae21 > > Aug 13 18:31:55 tbnac1 auth[259262]: (180863) Login incorrect (eap: > rlm_eap (EAP): No EAP session matching state 0x9743b7cc9740ae21): [host/ > JI-JSA-01-AI044.xyz.co.in] (from client pf port 30 cli 34:1a:4c:ed:53:78) > > Aug 13 18:31:55 tbnac1 auth[259262]: (180864) eap: ERROR: rlm_eap (EAP): > No EAP session matching state 0xc905a5b4c920bcc5 > > Aug 13 18:31:55 tbnac1 auth[259262]: (180864) eap: ERROR: rlm_eap (EAP): > No EAP session matching state 0xc905a5b4c920bcc5 > > Aug 13 18:31:55 tbnac1 auth[259262]: (180864) Login incorrect (eap: > rlm_eap (EAP): No EAP session matching state 0xc905a5b4c920bcc5): [host/ > JS-JSJ-11-AI103.xyz.co.in] (from client pf port 34 cli 34:3g:4c:ed:3b:45) > > Aug 13 18:32:08 tbnac1 auth[259262]: (180867) eap: ERROR: rlm_eap (EAP): > No EAP session matching state 0x9ca21c389c680558 > > Aug 13 18:32:08 tbnac1 auth[259262]: (180867) eap: ERROR: rlm_eap (EAP): > No EAP session matching state 0x9ca21c389c680558 > > Aug 13 18:32:08 tbnac1 auth[259262]: (180867) Login incorrect (eap: > rlm_eap (EAP): No EAP session matching state 0x9ca21c389c680558): > [ABCD\10038053] (from client pf port 8 cli 00:e0:4c:09:59:4h) > > Aug 13 18:32:32 tbnac1 auth[259262]: (180876) eap: ERROR: rlm_eap (EAP): > No EAP session matching state 0x3c4730d83c902948 > > Aug 13 18:32:32 tbnac1 auth[259262]: (180876) eap: ERROR: rlm_eap (EAP): > No EAP session matching state 0x3c4730d83c902948 > > Aug 13 18:32:32 tbnac1 auth[259262]: (180876) Login incorrect (eap: > rlm_eap (EAP): No EAP session matching state 0x3c4730d83c902948): > [ABCD\10038053] (from client pf port 8 cli 00:e0:4c:09:59:5g) > > Aug 13 18:32:32 tbnac1 auth[259262]: (180877) eap: ERROR: rlm_eap (EAP): > No EAP session matching state 0x5d4099a45d5f805a > > Aug 13 18:32:32 tbnac1 auth[259262]: (180877) eap: ERROR: rlm_eap (EAP): > No EAP session matching state 0x5d4099a45d5f805a > > Aug 13 18:32:32 tbnac1 auth[259262]: (180877) Login incorrect (eap: > rlm_eap (EAP): No EAP session matching state 0x5d4099a45d5f805a): [host/ > SD-HFD-01-AI044.xyz.co.in] (from client pf port 30 cli > 34:1a:4c:ed:53:78)34:1a:4c:ed:53:78) > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
