On 15 ott 2015, at 19:58, Alan DeKok <aland@deployingradius.com> wrote:
On Oct 15, 2015, at 1:28 PM, Tod A. Sandman <sandmant@rice.edu> wrote:
Android users here who have upgraded to Marshmallow can no longer connect, even after I upgraded from freeradius-2.2.8 to freeradius-2.2.9. My server is RHEL6.4 with "OpenSSL 1.0.1e-fips 11 Feb 2013". We are using PEAP/EAP-MSCHAPv2.
You should update your eap.conf to disable tls 1.2:
eap { ... tls { ... disable_tlsv1_2= yes ... } }
That will likely help.
This feature was added for situations like this. :( And not documented because we hoped it was never needed.
Well done anyway ! They say "Better safe than sorry”. Alan is this undocumented rule available also in FR 3.x ?
But as a user described: No error message, it just hangs and times out. I'll get "Authenticating..." and "Scanning..." for a while then it will just say Disconnected.
Most supplicants give useless error messages.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
------------------------------------------------------------------------------------------------ Paolo Barbato Consorzio RFX corso Stati Uniti,4 35127 Padova - Italy Network Administrator phone: +39 049 8295097 fax: +39 049 8700718 ------------------------------------------------------------------------------------------------