TLS handshaking problem
K. Hoercher
wbhoer at gmail.com
Fri Oct 13 10:53:12 CEST 2006
Hi,
maybe a few helpful notes:
On 10/12/06, Giuseppina Venezia <giusy.venezia at gmail.com> wrote:
> I've seen that in the firts request, TLS give an error (
> TLS_accept:error in SSLv3 read client certificate A ) but in the third
> request (whit the same login) it works.
> What's wrong?
"TLS_accept:error" isn't really an error here, just an error message
not to worry about (see the list archives).
The different reuqests/challenges are part of the ongoing EAP
mechanism (normally consisting of approx. 5-15 in either direction).
So after the third one:
> SSL Connection Established
means just that, it's not a successful auth yet.
If configured/working correctly, the next challenge sent by freeradius
would be the requiring the client (meaning supplicant) to provide the
users's credentials inside the now established SSL layer (inside EAP
transmitted inside RADIUS protocol from the client (here meaning nas,
i.e. apparently chillispot)).
Apparently you cut the freeradius debug here, as the chillispot claims:
> Received access reject from radius server
which doesn't show up in freeradius debug output as being sent.
So, whatever (really) fails, is further down the line. You should check that.
regards
K. Hoercher
More information about the Freeradius-Users
mailing list