Problem with EAP PEAP Authentication on freeradius 3.22

Alan DeKok aland at deployingradius.com
Thu Apr 23 22:53:43 CEST 2020


On Apr 23, 2020, at 4:04 PM, Gleb Lisikh <in4bit.general at gmail.com> wrote:
> 
> For the end system OS, I have no idea...  Meraki web-based dashboard has a built-in test tool to validate RADIUS configuration. This is what I used to check my setup so far, and haven't tried any "real" client

  Ah.... then it's rather more difficult to fix.

> Is there any way to see from the RADIUS server side what client is doing/sending wrong/incorrectly?

  That error message from OpenSSL is all we have/

> Meraki does have a set of instructions on how to configure freeRADIUS to work with Meraki EAP-TLS authentication, but those seem to be dated as I could not even find ./etc/freeradius/eap.conf  file that they suggest to edit.
> https://documentation.meraki.com/MR/Encryption_and_Authentication/Freeradius%3A_Configure_freeradius_to_work_with_EAP-TLS_authentication 
> Perhaps you can help me to translate those instructions into 3.022 version terms and files to edit?

  Well... no.  I don't rewrite documentation for vendors.

  We have documentation on how to configure EAP-TLS.  See mods-available/eap.  It's relatively straightforward.

> And lastly, is there anything that had to be done in principle to enable EAP-TLS on the server irrespective of the client behaviour?

  If the error is in OpenSSL, then you have to figure out *what* to configure.

  The server works by default.  There is no magical setting which turns off a *broken* configuration and enables a *working* one.

  Alan DeKok.




More information about the Freeradius-Users mailing list