Ok. That was me having a senior moment. Our server got a brand new name with corresponding device cert/CN. Some of those Windows boxes were checking for the old name. I moved everything to the new setup, and the problem is gone. Thanks, guys, for looking into this for me. Bests, Mike -----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+freeradius=machichemicals.com@lists.freeradius.org] On Behalf Of Matthew Newton Sent: Friday, February 28, 2020 4:47 AM To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>; freeradius@lunchinglads.net Subject: Re: EAP-TLS Fragmentation Error On 28 February 2020 06:01:01 GMT, freeradius@lunchinglads.net wrote:
eap_tls: <<< recv TLS 1.2 [length 0002] eap_tls: ERROR: TLS Alert read:fatal:access denied
Check file permissions of the certificate and key (and parent directories) and make sure that the user FreeRADIUS runs as can read them.
There appears to be no method to this madness. Same setup[1] at our auxiliary site and everything works fine.
I'm guessing same file contents but different mode. -- Matthew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html