[eap] ERROR! Our request for tls was NAK'd with a request for tls. Skipping the requested type.
Alan DeKok
aland at deployingradius.com
Mon Jun 29 08:29:37 CEST 2009
excelsio at gmx.net wrote:
> Freeradius is 2.x on a Debian 5.0. My first attempt was with MD5, which works without any problem.
> Next step is TLS, which works at 50%. Well, the client authentication of TLS works, but when I configure to do a server authentication within the IP phone´s setup, it fails.
...
> =============================================================================================================================
> As soon as I enable "Server Authentication" wthin the IP phone, it fails:
> =============================================================================================================================
>
>
> Going to the next request
> Ready to process requests.
> rad_recv: Access-Request packet from host 192.168.10.130 port 1812, id=146, length=336
EAP Identity...
> Sending Access-Challenge of id 146 to 192.168.10.130 port 1812
> Framed-Protocol = PPP
> Framed-Compression = Van-Jacobson-TCP-IP
> EAP-Message = 0x011800060d20
Starting EAP-TLS...
> rad_recv: Access-Request packet from host 192.168.10.130 port 1812, id=147, length=343
...
> EAP-Message = 0x02180006030d
Ugh.
> [eap] ERROR! Our request for tls was NAK'd with a request for tls. Skipping the requested type.
Yup.
> Well, what´s going wrong?
The client is badly written. It shouldn't NAK tls with a request for
TLS. The likely cause is that the client (for some unknown reason)
doesn't like the server certificate.
I would suggest trying with different certificates, and possibly
different EAP types.
Alan DeKok.
More information about the Freeradius-Users
mailing list