Currently working on WiFi security project and one of the tasks is to run the WPA2 Enterprise for corporate network. We use Okta as an IDP, thought that the easiest way would be to set up Freeradius and connect it with Okta LDAP. After the configuration (TTLS/PAP) and setting up the Okta LDAP , when the user is trying to connect , getting the following logs on freeradius.
`Thu May 25 14:25:24 2023 : Auth: (13) Login OK: [user@domain.com] (from client test-wifi port 0 via TLS tunnel) Thu May 25 14:25:24 2023 : Auth: (13) Login OK: [user@domain.com] (from client test-wifi port 0 cli bcd0744b1fe9) Thu May 25 14:25:29 2023 : Error: (6) Ignoring duplicate packet from client test-wifi port 36576 - ID: 92 due to unfinished request in component authenticate module eap_ttls Thu May 25 14:25:40 2023 : Error: (20) Ignoring duplicate packet from client test-wifi port 36576 - ID: 106 due to unfinished request in component authenticate module eap_ttls Thu May 25 14:25:45 2023 : Auth: (6) Login OK: [user@domain.com] (from client test-wifi port 0 via TLS tunnel) Thu May 25 14:25:45 2023 : Auth: (6) Login OK: [user@domain.com] (from client test-wifi port 0 cli bcd0744b1fe9) Thu May 25 14:25:48 2023 : Auth: (20) Login OK: [user@domain.com] (from client test-wifi port 0 via TLS tunnel) Thu May 25 14:25:48 2023 : Auth: (20) Login OK: [user@domain.com] (from client test-wifi port 0 cli bcd0744b1fe9) Thu May 25 14:26:01 2023 : Error: (27) Ignoring duplicate packet from client test-wifi port 36576 - ID: 112 due to unfinished request in component authenticate module eap_ttls Thu May 25 14:26:03 2023 : Auth: (27) Login OK: [user@domain.com] (from client test-wifi port 0 via TLS tunnel) Thu May 25 14:26:03 2023 : Auth: (27) Login OK: [user@domain.com] (from client test-wifi port 0 cli bcd0744b1fe9)
While user is connecting to the WiFi , receives a storm of push notifications from Okta Verify. As an additional information - the APs we use are Aruba AP 505.
I tested current configuration on Unifi devices and there everything works fine.
