Sebastian Rieger wrote: > > Hi there! > > I've got a big prob. Thanks to the excellent howto of Adam Sulmicki, I finally > managed to move back from my Win2k RADIUS towards freeRADIUS. I'm using > freeRADIUS with eap tls enabled (cvs snaptshot 2002-04-08), a 3Com 8000 WLAN > AP and xsupplicant under Linux to auth via 802.1x/EAP-TLS. > > The messages look quite ok, but as soon as the secand request is handeled EAP > is complainig about "rlm_eap: State verification failed.". As I looked out > for the State Attribute of the last message, I found it some chars shorter > than it was in the message before. I tried to adjust the fragment size, but > could'nt solve the problem. The packet has a length of 144 bytes, so it > should not be a big deal with (standard) 1024 byte fragments.
State Attribute has nothing to do with the Fragment size. Fragment size is meant for EAP-TLS packet only. > State = > 0x3df30ad930886ee1c76b2ec405f54c47455db43c219ab001a93e6b8dfbf601baf54db839 > rad_recv: Access-Request packet from host 134.76.4.7:1812, id=12, length=144 > State = 0x3df30ad930886ee1c76b2ec405f54c47455db43c219a The problem is here. Radius Server is sending Access-Challenge packet with State Attribute. During the Challenge response, Your AP should send the same State Attribute UN-MODIFIED. Find out why your AP is truncating this Value. -Raghu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html