I run clearpass in a two tier system with Tier 1 facing the outside world and running FreeRadius 3.0.15. Tier 2 deals with internal auths (eap-peap/eap-tls etc and any eduroam visitor auth requests get proxied up to Tier 1 for passing onto appropriate destination.
I've been having loads of EAP based errors on the Tier 1 system including things such as
"Wed Sep 20 09:09:56 2017 : Auth: (1606319) Login incorrect (eap: The RADIUS client has mangled the State attribute, OR you are forcing EAP in the wrong situation): [oluwafemi.coker@students.plymouth.ac.uk] (from client clearpass5 port 0 cli F0-DB-E2-D9-DA-57)"
but also errors such as "invalid state variable " in an EAP dialogue and message about packers in an EAP dialogue arriving from multiple hosts.
While I've identified the primary culprit, at the time wanted to know which FR version you use given recent bugs and security notices re FR 3.0.x to see if there was something that might end up in a real support call.
Still need to know why I'm getting the ... mangled.. message though
A