Problem with EAP PEAP Authentication on freeradius 3.22

Alan DeKok aland at deployingradius.com
Thu Apr 23 15:48:19 CEST 2020


On Apr 22, 2020, at 11:27 PM, Gleb Lisikh <in4bit.general at gmail.com> wrote:
> 
> Hello world!
> 
> Trying to enable EPA2 Enterprise authentication for a Cisco Meraki  AP.

  What end-user system are you using?  Windows?  Linux?

  The AP just copies EAP packets between the end-user system and the RADIUS server.  The AP doesn't have anything to do with the EAP methods.

> tls: TLS_accept: Error in SSLv2/v3 read client hello A
> (2) eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read): error:140760FC:SSL
> routines:SSL23_GET_CLIENT_HELLO:unknown protocol

  This is a magically unhelpful error from OpenSSL.  There are many reason why it could happen.  All of these reasons are related to TLS negotiation and/or certificate issues.

> Any idea where I may need to start troubleshooting? I haven't touched
> Authentication at all from its original. Authorization is done through
> python3 and seems to be working just fine.
> By the way, exactly the same error occurs on a different freeradius server
> running 3.021

  Then the issue is the end-user system.

  You can't debug an end-user system by looking at the RADIUS server.  It's looking in entirely the wrong place.  The RADIUS server is just telling you what the error is.  The RADIUS server isn't *creating* the error.

  Alan DeKok.




More information about the Freeradius-Users mailing list