On Jan 5, 2024, at 1:11 PM, Dario Barbon <dbarbon@olicom.eu> wrote:
Hi Alan, I enabled mschapv2 section inside eap file and it works... thanks again for your support.
That's good.
Regarding the source of my problems, I confirm you that Android 11 devices continue to "lost" the installed client certificate: this time I collected the logs as you suggested after the device lost the certificate. ... (0) Found Auth-Type = eap (0) # Executing group from file /etc/freeradius/sites-enabled/tlcamb-tag (0) authenticate { (0) eap: Peer sent packet with method EAP Identity (1) (0) eap: Calling submodule eap_tls to process data (0) eap_tls: (TLS) Initiating new session (0) eap_tls: (TLS) Setting verify mode to require certificate from client
FreeRADIUS is doing EAP-TLS, and asking for a client cert.
... (1) EAP-Message = 0x020200060300 (1)... (1) eap: Peer sent EAP Response (code 2) ID 2 length 6 (1) eap: Ignoring NAK with request for unknown EAP type
The client sent "No, I'm not doing EAP-TLS, and I have no other options". Yeah, the client is broken. There is nothing you can do to FreeRADIUS to fix it. I'd suggest filing a bug report with Google. Alan DeKok.