I have a single user that cannot associate to a AP. By chance, it's
actually me.
I'm failing 802.1x authentication . (We're using PEAP, with the XP
client) with FreeRadius talking to AD
Other users get on the AP fine.
Watching the radius.log I see this error message. (I have not had a
chance to put the server into Debug mode, that would affect a few
hundred users, and right now it's just me, )
Wed Nov 30 09:49:40 2005 : Error: rlm_eap: UserIdentity Unknown
Wed Nov 30 09:49:40 2005 : Error: rlm_eap: Identity Unknown,
authentication failed
Wed Nov 30 09:49:40 2005 : Auth: Login incorrect: [no User-Name
attribute] (from client Wireless-network-2 port 2 cli
00-14-a5-45-e9-22)
Wed Nov 30 09:49:41 2005 : Info: rlm_eap_tls: Length Included
Wed Nov 30 09:49:41 2005 : Error: TLS_accept:error in SSLv3 read
client certificate A
Wed Nov 30 09:49:41 2005 : Info: rlm_eap_tls: Length Included
Wed Nov 30 09:49:41 2005 : Error: TLS_accept:error in SSLv3 read
client certificate A
Wed Nov 30 09:49:41 2005 : Info: rlm_eap_tls: Received EAP-TLS ACK
message
Wed Nov 30 09:49:41 2005 : Info: rlm_eap_tls: Received EAP-TLS ACK
message
Wed Nov 30 09:49:41 2005 : Info: rlm_eap_tls: Received EAP-TLS ACK
message
Wed Nov 30 09:49:41 2005 : Info: rlm_eap_tls: Received EAP-TLS ACK
message
Wed Nov 30 09:49:41 2005 : Info: rlm_eap_tls: Length Included
Wed Nov 30 09:49:41 2005 : Info: (other): SSL negotiation finished
successfully
Wed Nov 30 09:49:41 2005 : Info: rlm_eap_tls: Length Included
Wed Nov 30 09:49:41 2005 : Info: (other): SSL negotiation finished
successfully
Wed Nov 30 09:49:41 2005 : Info: rlm_eap_tls: Received EAP-TLS ACK
message
Wed Nov 30 09:49:41 2005 : Info: rlm_eap_tls: Received EAP-TLS ACK
message
Wed Nov 30 09:49:42 2005 : Info: rlm_eap_mschapv2: Issuing Challenge
Wed Nov 30 09:49:42 2005 : Info: rlm_eap_mschapv2: Issuing Challenge
Wed Nov 30 09:49:51 2005 : Error: Discarding duplicate request from
client Wireless-network-2:1025 - ID: 227 due to unfinished request
4837665
Wed Nov 30 09:49:51 2005 : Error: rlm_radutmp: Logout entry for NAS
Wireless-network-2 port 1 has wrong ID
Wed Nov 30 09:49:53 2005 : Error: Discarding duplicate request from
client Wireless-network-2:1025 - ID: 227 due to unfinished request
4837665
Wed Nov 30 09:49:53 2005 : Info: rlm_eap_tls: Length Included
Wed Nov 30 09:49:53 2005 : Error: TLS_accept:error in SSLv3 read
client certificate A
Wed Nov 30 09:49:53 2005 : Info: rlm_eap_tls: Received EAP-TLS ACK
message
Wed Nov 30 09:49:53 2005 : Info: rlm_eap_tls: Received EAP-TLS ACK
message
Wed Nov 30 09:49:53 2005 : Info: rlm_eap_tls: Length Included
Wed Nov 30 09:49:53 2005 : Info: (other): SSL negotiation finished
successfully
Wed Nov 30 09:49:55 2005 : Error: rlm_radutmp: Logout entry for NAS
Wireless-network-2 port 2 has wrong ID
Now, the first line is not my MAC, so I don't think it's me.
I get timed out at 9:49:51
So my question:
That last entry Logout entry for NAS Wireless-network-2 port 2 has wrong
ID, I think that's an Accounting message. Correct?
I know that without the debug logs, it's hard to actually diagnose my
acutal problem.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
