Hi,
This kind of Q&A thing helps no one here!
I think it does...
Many people are reporting the same issue on different platforms! I
don't think the problem is either with the client or the certificates
since I conducted some testing using the same client and the same
certificates but an old FR version (1.1.7) and the tests pass. It's
easier to blame something else but we could spend that time
contributing to the solution and so helping others!
Even more weird, we have had the same issue lately with one controller
model, and not the other. We were using the same config on the client,
on the server, and the same certs.
I also tend to blame the client tho, maybe EAP is now more strict on the
server side? If you can point us a doc to enable the EAP debug under
windows, I am sure many people (even myself) would be glad to troubleshoot.
> Date: Wed, 26 Oct 2011 15:36:19 +0200
> From: al...@deployingradius.com
> To: freeradius-users@lists.freeradius.org
> Subject: Re: PEAP with Machine auth
>
> Phil Mayers wrote:
> > Seriously - it's important to understand that the CLIENT stops
> > responding. FreeRADIUS can't do anything more in this case - the
client
> > has stopped sending EAPOL packets, so the client must think that
> > something is wrong.
>
> That's the main issue people have with RADIUS. The client is in
> charge of pretty much everything, and few people understand that.
>
> Q: Why does the client stop talking to the server?
> A: Because it doesn't like the response from the server
>
> Q: OK... *what* part of the response doesn't it like?
> A: Go ask the client
>
> Q: But I can't! What do I do?
> A: well... we don't know, either. Go ask Microsoft.
>
> > You will have to debug the client. This is very very painful on
Windows;
> > it's hard to even find the EAPOL debugging options, let alone
interpret
> > the results.
>
> Yes. Everyone reading this list should understand CLIENT issues cause
> you to debug the CLIENT.
>
> If the server returns the wrong thing... you can fix the server. Fort
> pretty much everything else, blame the client.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
