Re: more explanation for "EAP session for state ... did not finish!"
Phil Mayers (p.may...@imperial.ac.uk) [11.12.08 16:31] wrote: > On 08/12/11 13:18, Zeus V Panchenko wrote: > >Alan DeKok (al...@deployingradius.com) [11.10.14 13:05] wrote: > >>>so, may be it is worth to mention that somewhere amongst the possible > >>>causes? > >> > >> The wiki can be edited by anyone. Go for it. > >> > > > >since you reply i was trying several times to do that ... though i do > >not use nither twitter nor github, i registered with github and trying > >to authenticate on http://wiki.freeradius.org > > > >but each time i fail with: > > > >Authentication failed > >Invalid data from provider, 'info => name' must not be empty or whitespace > > You must edit GitHub your profile, and put a value in for the "name" > e.g. "Z Panchenko" thanks much! it have helped -- Zeus V. Panchenko JID:z...@gnu.org.ua GMT+2 (EET) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: more explanation for "EAP session for state ... did not finish!"
Alan DeKok (al...@deployingradius.com) [11.10.14 13:05] wrote: > > so, may be it is worth to mention that somewhere amongst the possible > > causes? > > The wiki can be edited by anyone. Go for it. > since you reply i was trying several times to do that ... though i do not use nither twitter nor github, i registered with github and trying to authenticate on http://wiki.freeradius.org but each time i fail with: Authentication failed Invalid data from provider, 'info => name' must not be empty or whitespace so, is it my fail? i can successfully authenticate with github itself, on theirs site https://github.com/ -- Zeus V. Panchenko JID:z...@gnu.org.ua GMT+2 (EET) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
more explanation for "EAP session for state ... did not finish!"
Hi, I'd like to offer to add some details to this warning or to mention the details somewhere else WARNING: !! WARNING: !! EAP session for state 0x6097435463935ad2 did not finish! WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility WARNING: !! i was long time struggling the problem with this warning, and the cause was *not* in incompatibility of certificates at all (I was writing that in thread "EAP-TLS + Symbian = weird behavior") the cause was MTU issue, and it is due to it the last response from client was not received by radius and consequently the warning was written to debug ... so, may be it is worth to mention that somewhere amongst the possible causes? -- Zeus V. Panchenko JID:z...@gnu.org.ua GMT+2 (EET) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 802.1x authentication
hi, gary (gary.y...@browan.com) [11.10.13 09:21] wrote: > Hi All > I am trying to set up 802.1x with EAP PEAP/TTLS method by using intel PROSset > client tool with the PC. > Sometimes authentication success but mostly it fail. > Log attached could someone give me some direction?thanks a lot. > looks like the problem i faced too have a look at thread "EAP-TLS + Symbian = weird behaviour" here in ml -- Zeus V. Panchenko JID:z...@gnu.org.ua GMT+2 (EET) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TLS + Symbian = weird behaviour
finally the cause was found! in my case it was MTU, the default value for ethernet and ADSL was not allowing for the client responce with certificate to get radius side after decreasing mtu to 1350 i finally got every mobile device in my network authenticated Zeus V Panchenko (z...@ibs.dn.ua) [11.04.10 12:11] wrote: > Hi, > > may somebody advice, please > > i have: > > uname > > FreeBSD 8.1-RELEASE amd64 > > > radiusd -v > > radiusd: FreeRADIUS Version 2.1.10, for host amd64-portbld-freebsd8.1, > built on Apr 4 2011 at 22:44:15 > > radiusd configured with EAP-TLS only and works fine with xNIX-es, > WinXP, Android and Maemo > > with Symbian (Nokia E51, E52) i face much weird picture ... > > the same device works fine (getting authorized well) via one AP in my > LAN and remote VPN, but receiving > > !! > !! EAP session for state ... did not finish! > !! Please read http://wiki.freeradius.org/Certificate_Compatibility > !! > > via another AP (in remote VPN, while other OS still authorized well) > > AP are the same models and configured the same way > > what can cause this behaviour? > ---end quoted text--- -- Zeus V. Panchenko JID:z...@gnu.org.ua GMT+2 (EET) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: distributed authentification scheme advice needed
thanks for quick reply
Arran Cudbard-Bell (a.cudba...@freeradius.org) [11.09.28 08:28] wrote:
>
> Yes, home server pools let you specify a 'fallback' home server
> which can point to a virtual server. It should be working in v2.1.x
> but is currently broken in 3.x.
>
> See proxy.conf for details.
>
if i have core.radius.my.domain as my primary radius server and
fallback.radius.my.domain as radius installed on AP
than i need in proxy.conf
home_server_pool my_auth_failover {
type = fail-over
home_server = core.radius.my.domain
fallback = fallback.radius.my.domain
}
but than, I need configure EAP/TLS on fallback.radius.my.domain
identical to core.radius.my.domain one, correct?
since without the same server certificates my clients will not be able
authenticate with fallback.radius.my.domain
am I correct?
--
Zeus V. Panchenko
JID:z...@gnu.org.ua GMT+2 (EET)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
distributed authentification scheme advice needed
Hi, *please*, I need advice in choosing the strategy for the distributed EAP authentification scheme so, here are details of what I have and want: I run FreeRadius with EAP configured all my WiFi AP are configured to communicate with the radiusd and everything works fine now I need to extend my VPN with several remote branches where inet connection is not stable, but I need to provide WiFi access there too even in case when inet connection is off ... so, is it possible to use local (for each branch) radiusd to allow access, *but* : 1. if inet is alive, than authenticate via the central radius 2. if inet connection is not established, authenticate via local mechanism (preferably EAP) -- Zeus V. Panchenko JID:z...@gnu.org.ua GMT+2 (EET) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: "EAP session ... did not finish!" with VPN connections
Fajar A. Nugraha (l...@fajar.net) [11.04.16 10:58] wrote: > > I suggest check your VPN. Something might be interfering with UDP > packets (making it slow, missing, etc). > ---end quoted text--- wan interface exposed collisions, after reboot the problem disappeared ... -- Zeus V. Panchenko IT Dpt., IBS ltdGMT+2 (EET) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"EAP session ... did not finish!" with VPN connections
Hi, it is my another attempt to know, how to cope with `EAP session ... did not finish' warning ... i have: OS: FreeBSD-8.x amd64 FreeRADIUS v.2.1.10 core freeradius configured with eap-tls, devices in my lan Symbian (Nokia E51,E52,E71,E72,E90) Android (HTC DesireS) Maemo (Nokia N900) xNIX (ASUS EeePC900) WindowsXP (various hardware) receiving authorization and ip address via dhcp without any problem but remote symbian devices behind vpn sometimes experience troubles ... in `radiusd -X' output, the problem looks this way: Going to the next request Waking up in 4.9 seconds. Cleaning up request 44 ID 6 with timestamp +3088 WARNING: !! WARNING: !! EAP session for state 0x3866e92b3b62e4aa did not finish! WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility WARNING: !! Ready to process requests. the same remote symbian device which experienced problems via vpn, is experiencing no problem if i try to get authorization for it from lan or if i install clone (the same version with the same configuration) of core freeradius locally at the remote vpn side, than i can get authorization for the device which was unable to get it with core freeradius remotely so, what can be the cause of this weird behaviour? -- Zeus V. Panchenko IT Dpt., IBS ltdGMT+2 (EET) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TLS + Symbian = weird behaviour
some additional details: the same behaviour with different AP i use AP mostly under OpenWRT but now have tried Lynksys WAP54G which was working at the place where no problem found and now no it's no way to authorize via it ... any idea? -- Zeus V. Panchenko IT Dpt., IBS ltdGMT+2 (EET) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TLS + Symbian = weird behaviour
Daniel Deptuła (daniel.dept...@gmail.com) [11.04.10 16:36] wrote: > > I assume SSIDs for both WLANs are the same. yes, they are all configurations differs only by IP addresses > Have your tried to connect the remote AP in your LAN? yes, and it works, i mean the device with problems began to get authorization successfully > Maybe Nokia saves something about the certain > AP in the network profile? i was trying to delete the profile and to create it from the beginning, no effect > Or maybe there's a problem with timeouts or > packet fragmentation caused by the VPN tunnel... hm ... how and what to test? the weird thing is that i have two offices with the same ISP connected to via ADSL (FreeBSD+ppp), both offices are using the same OpenVPN server, the same radius with the same CA ... for one everything is ok but another one shows "EAP session did not finish" ... -- Zeus V. Panchenko IT Dpt., IBS ltdGMT+2 (EET) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TLS + Symbian = weird behaviour
Daniel Deptuła (daniel.dept...@gmail.com) [11.04.10 14:16] wrote: > > ... > >the same device works fine (getting authorized well) via one AP in my > >LAN and remote VPN, but receiving > > ... > > Have you installed the CA certificate on the phones?? You can check it > propably somewhere in Menu-> Settings -> Phone -> Phone management -> > Security -> Certificates management. > For example in Nokia 5800 there are only VeriSign's CA certs installed > by default. > as written above, *the_same_device* with *the_same_certificates_(CA_and_personal)* works via one AP but not via another ... it worth to be mentioned, that as it written, the last packet from radiusd is challenge after what "EAP session for state ... did not finish!" appears ... while other OS-es works perfectly in any point. -- Zeus V. Panchenko IT Dpt., IBS ltdGMT+2 (EET) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-TLS + Symbian = weird behaviour
Hi, may somebody advice, please i have: > uname FreeBSD 8.1-RELEASE amd64 > radiusd -v radiusd: FreeRADIUS Version 2.1.10, for host amd64-portbld-freebsd8.1, built on Apr 4 2011 at 22:44:15 radiusd configured with EAP-TLS only and works fine with xNIX-es, WinXP, Android and Maemo with Symbian (Nokia E51, E52) i face much weird picture ... the same device works fine (getting authorized well) via one AP in my LAN and remote VPN, but receiving !! !! EAP session for state ... did not finish! !! Please read http://wiki.freeradius.org/Certificate_Compatibility !! via another AP (in remote VPN, while other OS still authorized well) AP are the same models and configured the same way what can cause this behaviour? -- Zeus V. Panchenko IT Dpt., IBS ltdGMT+2 (EET) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
