On Jul 9, 2020, at 9:13 AM, Клеусов Владимир Сергеевич via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
Thanks for http://wiki.freeradius.org/list-help I hope I sent debug correctly Debug output ... (3) [eap-client] = handled (3) } # authenticate = handled (3) Using Post-Auth-Type Challenge (3) Post-Auth-Type sub-section not found. Ignoring. (3) # Executing group from file /etc/freeradius/sites-enabled/default (3) session-state: Saving cached attributes (3) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (3) TLS-Session-Version = "TLS 1.2" (3) Sent Access-Challenge Id 131 from 10.42.2.128:1812 to 10.99.205.184:55719 length 0 (3) EAP-Message = 0x0105003d15800000003314030300010116030300285f7d126dd63c79758f16821fd74acb7dfe9c81039c98eb635eaa0d5d7d7de30b91d4963396290799 (3) Message-Authenticator = 0x00000000000000000000000000000000 (3) State = 0x800be644830ef39b9c89798185b75a0d (3) Finished request Waking up in 4.9 seconds.
And.... then what? This doesn't show a full authentication which ends in Access-Accept. If it stops here, then the client doesn't like the server certificate. And this has nothing to do with LDAP. Alan DeKok.