LAN Enforcer kernel panic caused guest user authentication with Extensible Authentication Protocol - Transport Layer Security (EAP-TLS)

Article:TECH148016  |  Created: 2011-01-12  |  Updated: 2012-01-04  |  Article URL http://www.symantec.com/docs/TECH148016
Article Type
Technical Solution

Product(s)

Environment

Issue



LAN Enforcer kernel panic caused by guest user authentication with EAP-TLS.


Error



The LAN Enforcer will halt, displaying the message "Kernel Panic".

The packet capture will show that the client MAC address does not have SNAC installed, it is configured with EAP-TLS method, and it sends empty user name in EAP-Identity.

Kenel.log will show:  [  radproxy.c][ 2080]: Empty USER NAME, replace with 'Guest' instead


Environment



LAN ENFORCER RU6a MP1/RU5
SEPM RU4
Transparent Mode
Failover
Switch: Cisco 2950


Cause



The EAP-Identity with empty user name leads to Kernel Panic later after client authentication.

 


Solution



Code changes made to prevent kernel panic; Upgrade to SNAC RU6 MP2




Article URL http://www.symantec.com/docs/TECH148016


Terms of use for this information are found in Legal Notices