Sebastian Rieger <[EMAIL PROTECTED]> wrote:
> The messages look quite ok, but as soon as the secand request is
> handeled EAP is complainig about "rlm_eap: State verification
> failed.". As I looked out for the State Attribute of the last
> message, I found it some chars shorter than it was in the message
> before.
That's the problem.
> tried to adjust the fragment size, but could'nt solve the
> problem. The packet has a length of 144 bytes, so it should not be a
> big deal with (standard) 1024 byte fragments.
The fragment size isn't the problem. The problem is that the RADIUS
client is chopping the state off at 16 bytes. This means that the
RADIUS client isn't implementing the RFC's properly.
You have two choices:
1. Edit the rlm_eap code so that it generates a state which is only
16 bytes. This MAY be feasible.
2. Complain to whoever wrote the RADIUS client, and tell them to fix
their software so that it actually implements the RADIUS RFC's,
instead of being broken.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
