EAP-PEAP authentication failed with FUNK Radius Server.

felix · ‎09-16-2004

Hi.

Does anyone know the the meaning of the following error message on Funk Radius server:

EAP-PEAP authentication failed - client issued alert 'client closed the session before handshake was completed'

We use PEAP to authenticate Windows XP client with Funk Radius server and the client always disconnected to be requested to input the username and password again. When this happened, above error message always appeared in log of the radius server.

Thanks.

dixho · ‎09-23-2004

There are two phrases in PEAP. The first phrase is set up a TLS tunnel; so that the authentication server (i.e. radius server) can authenticate the supplicant in a secured tunnel. Please go to the following URL for the PEAP phrase:

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2086/products_white_paper09186a008009256b.shtml#wp39068

If you use a Cisco AP, you can enable the following debugs:

1. debug radius authentication

2. debug dot11 aaa authenticator process

3. debug dot11 aaa authenticator state

4. debug dot11 aaa authenticator rxdata

5. debug dot11 aaa authenticator txdata

If you use IOS version 12.2(13)JA4 or earlier, please replace #2-5 by debug dot11 aaa all

Please be aware that the above debugs consumes a lot of CPU resource on the AP. I suggest you to run the debugs when there is only one wireless client trying to associate. Please go to the following URL about the debugs:

http://www.cisco.com/en/US/products/hw/wireless/ps430/products_tech_note09186a008024aa4f.shtml