rlm_eap_tls: SSL_read failed in a system call
Sean McNamara
sean.mcnamara at villanova.edu
Tue Apr 24 16:38:52 CEST 2007
Hello all,
I saw there was a bit of talk in 2006 over this issue, but, I wasn't
able to track down a definitive solution. We're running FreeRADIUS
1.1.5 with EAP/TTLS (openSSL 0.9.8d) on Solaris 10. The server will
come up and process clients for a few days, but, every now and then it
begins denying all auth-requests with the following error:
Apr 24 09:56:12 as2.villanova.edu radiusd[1033]: [ID 702911
daemon.notice] Login incorrect (rlm_ldap: User not found): [anonymous]
(from client VillanovaWireless port 5191 cli 000b.7d22.b3a9)
Apr 24 09:56:12 as2.villanova.edu radiusd[1033]: [ID 702911
daemon.error] TLS Alert write:fatal:bad record mac
Apr 24 09:56:12 as2.villanova.edu radiusd[1033]: [ID 702911
daemon.error] TLS_accept:error in SSLv3 read certificate verify A
Apr 24 09:56:12 as2.villanova.edu radiusd[1033]: [ID 702911
daemon.error] rlm_eap: SSL error error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac
Apr 24 09:56:12 as2.villanova.edu radiusd[1033]: [ID 702911
daemon.error] rlm_eap_tls: SSL_read failed in a system call (-1), TLS
session fails.
A restart makes the server happy and it goes back to properly auth'ing
clients...
As of the moment I'm compiling FreeRADIUS 1.1.6 and hoping for some
improvement, but, does anyone have any additional advice or experience
with this issue. .. or better yet, does anyone know the fix?
Thanks for your time!
..Sean.
More information about the Freeradius-Users
mailing list