EAP-TTLS: Access Reject comes randomly from AAA

Rathod Subhashchandra rathod at tataelxsi.co.in
Sat Oct 20 14:07:55 CEST 2012 

Dear All,

I am using EAP-TTLS authentication mechanism for between WiMAX client and AAA on Linux environment

During EAP negotiation phase following steps are successfully completed.
1.                  Identity exchange
2.                  Server/Client EAP-TTLS start
3.                  Client Hello
4.                  Server Hello-Server Certificate-Server Key Exchange-Server Hello Done


EAP_Failure is coming consistently during "Client Key Exchange phase".

This issue is coming consistently for multiple clients during Network Entry.

Following is the error from AAA.

2012/06/04 15:52:41:686525 : <FREERADIUS LOG>   rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal unknown_ca


2012/06/04 15:52:41:686541 : <FREERADIUS LOG> TLS Alert read:fatal:unknown CA

2012/06/04 15:52:41:686559 : <FREERADIUS LOG>     TLS_accept:failed in SSLv3 read client certificate A

2012/06/04 15:52:41:686579 : <FREERADIUS LOG> rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca

2012/06/04 15:52:41:686593 : <FREERADIUS LOG> rlm_eap_tls: SSL_read failed inside of TLS (-1), TLS session fails.

2012/06/04 15:52:41:686605 : <FREERADIUS LOG>   eaptls_process returned 13

2012/06/04 15:52:41:686618 : <FREERADIUS LOG>   rlm_eap: Freeing handler
2012/06/04 15:52:41:686650 : <FREERADIUS LOG> ++[eap] returns reject
2012/06/04 15:52:41:686663 : <FREERADIUS LOG> auth: Failed to validate the user.
2012/06/04 15:52:41:686688 : [TX] Access-Reject


To resolve this issue, your timely help will be appreciated.

Thanks !
Rathod.

Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121020/13462d49/attachment.html>

More information about the Freeradius-Users mailing list