EAP-TLS works but not PEAP/EAP-TLS

John Carter jcarter at identitynetworks.com
Tue Sep 17 08:54:12 CEST 2013


Hi,

I've got a Windows 7 machine attempting to connect to FreeRADIUS 2.2.0.
EAP-TLS with a client certificate works fine, but with PEAP/EAP-TLS it
doesn't.

Is there anything I'm missing? The problem appears to be that the client
doesn't send over the client cert. I know Windows is very fussy with what
it accepts as a cert for EAP-TLS, but I'm confused as to why it works for
one and not the other.

Mon Sep 16 12:56:55 2013 : Info: [tls] Length Included
Mon Sep 16 12:56:55 2013 : Info: [tls] eaptls_verify returned 11
Mon Sep 16 12:56:55 2013 : Info: [tls]     (other): before/accept
initialization
Mon Sep 16 12:56:55 2013 : Info: [tls]     TLS_accept: before/accept
initialization
Mon Sep 16 12:56:55 2013 : Info: [tls] <<< TLS 1.0 Handshake [length 005a],
ClientHello
Mon Sep 16 12:56:55 2013 : Info: [tls]     TLS_accept: SSLv3 read client
hello A
Mon Sep 16 12:56:55 2013 : Info: [tls] >>> TLS 1.0 Handshake [length 0031],
ServerHello
Mon Sep 16 12:56:55 2013 : Info: [tls]     TLS_accept: SSLv3 write server
hello A
Mon Sep 16 12:56:55 2013 : Info: [tls] >>> TLS 1.0 Handshake [length 053e],
Certificate
Mon Sep 16 12:56:55 2013 : Info: [tls]     TLS_accept: SSLv3 write
certificate A
Mon Sep 16 12:56:55 2013 : Info: [tls] >>> TLS 1.0 Handshake [length 000d],
CertificateRequest
Mon Sep 16 12:56:55 2013 : Info: [tls]     TLS_accept: SSLv3 write
certificate request A
Mon Sep 16 12:56:55 2013 : Info: [tls]     TLS_accept: SSLv3 flush data
Mon Sep 16 12:56:55 2013 : Info: [tls]     TLS_accept: Need to read more
data: SSLv3 read client certificate A
Mon Sep 16 12:56:55 2013 : Debug: In SSL Handshake Phase
...
Mon Sep 16 12:57:00 2013 : Debug: WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Mon Sep 16 12:57:00 2013 : Debug: WARNING: !! EAP session for state
0x7c569f3d755a860c did not finish!
Mon Sep 16 12:57:00 2013 : Debug: WARNING: !! Please read
http://wiki.freeradius.org/Certificate_Compatibility
Mon Sep 16 12:57:00 2013 : Debug: WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Mon Sep 16 12:57:00 2013 : Info: Ready to process requests.

radius.log: http://pastebin.com/9fBdxfYt
eap.conf: http://pastebin.com/7dL69pmQ
inner-tunnel: http://pastebin.com/BGzJSKz0

Thanks,

John.

-- 
John Carter
Identity Networks
jcarter at identitynetworks.com
skype:jcartermeru
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130917/ab7fddbe/attachment-0001.html>


More information about the Freeradius-Users mailing list