Rob Brickhouse wrote: > I hope someone can help me with this. I tested setting up freeradius > 2.1.6 on an opensuse 10.2 box and was able to get everything > authenticating against novell edirectory. Now that I'm finally ready to > put it on my production box, only 2.1.8 is available but I figure no big > deal since it appeared to have alot of fixes. After going through and > setting everything up like I did before, I can use my test utility to > verify that I can successfully read the username and password from > edirectory but I get the message "Invalid packet code 11 sent to > authentication port from client TESAP8 port 1041 : IGNORED" when my > Netgear access point connects.
The AP is broken. Throw it in the garbage and buy one that implements RADIUS. > I can change the ip to my 2.1.6 > freeradius box and it works so I don't think the issue is with my AP > even though that is what the message seems to indicate. I don't see why that would make any difference. What does the debug log from 2.1.6 look like? ... > Sending Access-Challenge of id 20 to 10.6.4.108 port 1041 > EAP-Message = 0x010100160410eae98bafd4b076dcf8b6341b415000fe > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x731ac834731bcca6975b39a87528fad1 > Finished request 1. > Going to the next request > Waking up in 4.9 seconds. > Invalid packet code 11 sent to authentication port from client TESAP8 > port 1041 : IGNORED IIRC, this is similar to a bug seen before. If it sees an Access-Challenge with State *after* Message-Authenticator, it "bounces" the packet back to the RADIUS server. This is two errors: 1) order of attributes does not matter 2) clients do not send Access-Challenge to a server. There is NO WAY that an AP should send an Access-Challenge to a server. If it does, then the AP is horribly broken. My guess is that this is a very old AP using a broken firmware image. Or, it's a new one, and the vendor didn't bother to implement RADIUS correctly. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
