On Thu, Aug 05, 2021 at 08:01:04AM -0700, James Prestwood wrote: > I am running into a problem where the radius server thinks there was a > duplicate access request during FILS reassocation. I have two EAP/FILS > enabled APs. Here is the sequence of events: > > - Authenicate over EAP to AP1 > - Disconnect from AP1 and authenticate using FILS to AP1 > - Reassociate to AP2 using FILS > > Everything appears to be working fine initially (my identity is found) > but then the radius server throws the message away claiming the > sequence number is a duplicate: .. Which station implementation are you using here and would you be able to provide debug logs from both the authentication server and station for all those authentication attempts? > EAP: SEQ=0 replayed (already received SEQ=0) .. > And sure enough, if I remove the sequence number check it all works as > expected and I am able to reassociate: Well, I don't think I'd call that "as expected" taken into account reuse of the same sequence number is incorrect and a potential security vulnerability.. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
