I've managed to resolve problem. Client device to verify certificate needs domain listed in the server's certificate CN or SAN, but I've got only server's FQDN in CN and IP in SAN. When I pass FQDN as domain it work's as expected. czw., 27 maj 2021 o 21:18 Alan DeKok <aland@deployingradius.com> napisaĆ(a):
On May 27, 2021, at 1:06 PM, Piotr Rudzki <ryba.lodz@gmail.com> wrote:
I've strange problem with freeradius. It was working as expected and suddenly stopped authenticate wpa2-eap users to active directory.
I've recreated whole VM with freeradius server without success.
Same credentials work for ikev2 mschapv2 authentication but not for wireless wpa2-eap (android and windows clients). Am I missing something? ... (9) eap_peap: <<< recv TLS 1.2 [length 0002] (9) eap_peap: ERROR: TLS Alert read:fatal:internal error (9) eap_peap: TLS_accept: Need to read more data: error (9) eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read):
error:14094438:SSL
routines:ssl3_read_bytes:tlsv1 alert internal error
Try 3.0.22. It has much better error messages for TLS.
But the errors are in the TLS layer. i.e. OpenSSL. It's very difficult for us to know what to do here.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html