EAP-PEAP-GTC issue
Alan DeKok
aland at deployingradius.com
Fri Dec 16 00:39:29 CET 2016
On Dec 15, 2016, at 6:07 PM, Arjan Sinnige <a.sinnige at sae.edu> wrote:
>
> Last week I got 20 new phones (3 models) and I got 18 of them working but 2 of them are a model which can only do EAP-MD5, EAP-PEAP-GTC and EAP-TTLS-EAP-GTC. (Yealink W52P)
> My system is 2.2.10 from git (love to upgrade to 3.0 but that will have to wait. Will happen in first half 2017 though..
OK.
> The other phones connect up with EAP-PEAP-MSCHAPv2 which works without a hitch. So I assume my uploaded CA certificates are ok. I have +/- 300 students connecting with Windows/OSX/Linux/Android/ipads/iphones and Windows Phone without an issue.
>
> But GTC is new for me.. Is there working support for GTC in 2.2.10 (build from git last march)??
Yes. It should work.
> When looking at the logs I notice these things :
> - it never gets to the inner-tunnel
>
> - TTLS does not seem to finish.
> [ttls] TLS_accept: unknown state
> [ttls] TLS_accept: unknown state
> [ttls] TLS_accept: unknown state
> [ttls] TLS_accept: Need to read more data: unknown state
> [ttls] TLS_accept: Need to read more data: unknown state
>
> - I get a fatal error. (My only guess to this is that my switch could be stopping after a number of retries(cannot disable this), or my phones are broken.)
>
> [ttls] <<< TLS 1.0 Alert [length 0002], fatal decrypt_error
> TLS Alert read:fatal:decrypt error
> TLS_accept: failed in unknown state
> rlm_eap: SSL error error:1409441B:SSL routines:ssl3_read_bytes:tlsv1 alert decrypt error
> SSL: SSL_read failed inside of TLS (-1), TLS session fails.
>
> Any hints for me ??
Something is going wrong with TLS. What is going wrong? Upgrade to v3 to get better error messages.
Alan DeKok.
More information about the Freeradius-Users
mailing list