(4) eap_tls: ERROR: TLS Alert write:fatal:unexpected_message
Michel Verhagen
mike at guruce.com
Tue Jun 15 04:41:54 CEST 2021
Hi Alan,
I finally managed to get back to this project. I have now built the
FreeRadius 3.0.x branch straight from Git. The server reports:
FreeRADIUS Version 3.0.24
When I try to authenticate using TLS (using the certificate ca.pem
created using ./bootstrap), the FreeRadius server outputs this:
(9) Found Auth-Type = eap
(9) # Executing group from file
/usr/local/etc/raddb/sites-enabled/default
(9) authenticate {
(9) eap: Expiring EAP session with state 0xde98ecf7dd9de19b
(9) eap: Finished EAP session with state 0xde98ecf7dd9de19b
(9) eap: Previous EAP request found for state 0xde98ecf7dd9de19b,
released from the list
(9) eap: Peer sent packet with method EAP TLS (13)
(9) eap: Calling submodule eap_tls to process data
(9) eap_tls: (TLS) EAP Done initial handshake
(9) eap_tls: (TLS) Handshake state - Server SSLv3/TLS write server done
(9) eap_tls: (TLS) send TLS 1.2 Alert, fatal unexpected_message
(9) eap_tls: ERROR: (TLS) Alert write:fatal:unexpected_message
(9) eap_tls: ERROR: (TLS) Server : Error in error
(9) eap_tls: ERROR: (TLS) Failed reading from OpenSSL:
error:141A20F4:SSL
routines:ossl_statem_server_read_transition:unexpected message
(9) eap_tls: ERROR: (TLS) System call (I/O) error (-1)
(9) eap_tls: ERROR: (TLS) EAP Receive handshake failed during operation
(9) eap_tls: ERROR: [eaptls process] = fail
(9) eap: ERROR: Failed continuing EAP TLS (13) session. EAP
sub-module failed
(9) eap: Sending EAP Failure (code 4) ID 5 length 4
(9) eap: Failed in EAP select
(9) [eap] = invalid
(9) } # authenticate = invalid
(9) Failed to authenticate the user
(9) Using Post-Auth-Type Reject
Do you have any pointers where to look next?
Thanks,
Mike.
On 16/04/2021 11:13, Alan DeKok wrote:
Regards,
Michel Verhagen
Microsoft eMVP
GuruCE Limited
Microsoft Embedded Partner
NXP Gold Partner
https://guruce.com
240 Ohiwa Harbour Road
RD2
Opotiki, 3198
New Zealand
Ph. +64 (0)7 929 5807
Mob. +64 (0)21 104 6208
CONFIDENTIALITY NOTICE: The information contained in this message and attachments, if any, is confidential and is
intended solely for the use of the individual or entity to whom it is addressed. You should not copy, disclose or
distribute this communication without the authority of GuruCE Ltd. GuruCE Ltd. is neither liable for the proper and
complete transmission of the information contained in this communication nor for any delay in its receipt. GuruCE Ltd.
does not guarantee that the integrity of this communication has been maintained nor that the communication is free of
viruses, interceptions or interference. If you are not the intended recipient of this communication please return the
communication to the sender and delete and destroy all copies. If you are not the intended recipient, you are hereby
notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited.
> On Apr 15, 2021, at 6:39 PM, Michel Verhagen <mike at guruce.com> wrote:
>>> You have to get it from Github, and build it yourself.
>> As I said; I am a n00b when it comes to Linux. Are there any
>> instructions somewhere I can follow on how to do this on FreeBSD?
> The server comes with instructions on how to build it. There are more
> instructions on the Wiki. Typically the process is:
>
> ./configure
> make
> make install
>
> It would be likely worth your while to build a version first using the
> FreeBSD package system. That will install many of the dependencies
> needed by the server.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/devel.html
More information about the Freeradius-Devel
mailing list