A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Thu Nov 19 21:21:54 CET 2015


> As I told on a previous email, we are migrating previous radius (2.1.9)
> authentication to a new instance of freeradius (3.0.10).

new server? new version of openssl on the new server?

if the access accept packet is the same as that from 2.1.9 then the issue
is somewhere else. I'd examine that last access accept packet.

but my first instinct is that this is a MPPE key issue - access accept okay
but the IOS device not likeing the derived keys - validate this by 

disable_tlsv1_2 = yes

into the tls {} section of your eap module

i think this issue is fixed in 3.0.x HEAD  (?)


More information about the Freeradius-Users mailing list