Alan DeKok <aland <at> ox.org> writes:
I would suggest going through the debug logs for the two different servers, and comparing the packets in detail. Find out what the differences are, and why. That will tell you what's going on.
the problems start with the following difference: from glibc-2.2 radius: rlm_eap_tls: Length Included eaptls_verify returned 11 TLS_accept: SSLv3 read client key exchange A TLS_accept: SSLv3 read finished A TLS_accept: SSLv3 write change cipher spec A TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully from glibc-2.3 radius: rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully
Are you *sure* that the only differences in the two installations is glibc? Maybe there's incompatible OpenSSL versions?
The captured packets are completely different, the glibc-2.2 capture contains a NAS identifier, NAS Port, Framed MTU, NAS Port Type in the Access Request but the glibc-2.3 capture seems to lack this information. While the request came from the same accesspoint! (with an other radius server configured) Does this ring a bell? Thanks so far, greetings Dick