The EAP-TLS packet will contain more data than we can process
Jan Schermer / ET NETERA
jan.schermer at etnetera.cz
Tue May 29 11:09:42 CEST 2007
Hi,
I'll give 2.0-pre1 a try, to see if it works. I will revert to 1.1.6 if needed.
> The supplicant is tunnelling additional data inside of EAP-TLS.
> FreeRADIUS doesn't support that
Supplicant - do you mean Mikrotik AP or wpa_supplicant on the client? I'm not sure what exactly Mikrotik does with EAP-TLS (and
there are several options - EAP-TLS or passthrough, and verify cert. x don't verify cert x no certificate) - I thought the AP
doesn't care about certificates, only forwards it to the RADIUS service (I already set this up once on a different AP and it had
no such options)
Thanks
Jan
Alan Dekok wrote:
> Jan Schermer / ET NETERA wrote:
>> I'm setting up a Mikrotik wireless AP with a freeradius server behind it
>> and EAP-TLS, client connects "fine" (those errors are meaningless,
>> right? can I get rid of them?):
>
> Upgrade to 1.1.6.
>
>> but after a while, the connection is renegotiated (maybe because of weak
>> signal), but then it starts failing:
> ...
>> Tue May 29 12:02:44 2007 : Error: rlm_eap_tls: The EAP-TLS packet will
>> contain more data than we can process.
>
> The supplicant is tunnelling additional data inside of EAP-TLS.
> FreeRADIUS doesn't support that.
>
> Alan DeKok.
> --
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jan.schermer.vcf
Type: text/x-vcard
Size: 341 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070529/0e39e590/attachment.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7538 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070529/0e39e590/attachment.bin>
More information about the Freeradius-Users
mailing list