problem with PEAP/MSCHAPv2
Christian Pinedo Zamalloa
chr.pinedo at gmail.com
Wed Mar 31 11:31:10 CEST 2010
hello,
I have found some errors in my freeradius server logs. It seems that some
clients are having problems to authenticate againts them. I'm using
PEAP/MSCHAPv2 with the latest freeradius version and SUSE OS.
Mon Mar 29 14:20:56 2010 : Error: TLS Alert write:fatal:protocol version
Mon Mar 29 14:20:56 2010 : Error: rlm_eap: SSL error error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number
Mon Mar 29 14:20:56 2010 : Error: SSL: SSL_read failed in a system call
(-1), TLS session fails.
I have debuged the servers and when this error appears there are differences
in the TLS negotiation of PEAP:
example of succesful negotiation:
------------------------------------------------
[peap] processing EAP-TLS
TLS Length 102
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0061], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 05aa], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
[peap] TLS_accept: SSLv3 write key exchange A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
example of unsuccesful negotiation:
----------------------------------------------------
[peap] processing EAP-TLS
TLS Length 109
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0061], ClientHello
[peap] TLS_accept: SSLv3 read client hello C
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 05aa], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
[peap] TLS_accept: SSLv3 write key exchange A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] >>> Unknown TLS version [length 0002]
TLS Alert write:fatal:protocol version
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate
A
rlm_eap: SSL error error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
num
ber
SSL: SSL_read failed in a system call (-1), TLS session fails.
TLS receive handshake failed during operation
[peap] eaptls_process returned 4
[peap] EAPTLS_OTHERS
I will look if something is bad configured in the user's wifi profile, but
does anybody have this problem previously? Thanks,
--
Christian Pinedo Zamalloa (zako)
PGP keyID: 0x828D0C80
Fingerprint: 7BFF 4105 F46B 7977 BD96 348C 1007 4FF8 828D 0C80
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100331/4b8fb5b1/attachment.html>
More information about the Freeradius-Users
mailing list