EAP-PEAP-GTC issue

Alan DeKok aland at deployingradius.com
Fri Dec 16 00:39:29 CET 2016


On Dec 15, 2016, at 6:07 PM, Arjan Sinnige <a.sinnige at sae.edu> wrote:
> 
> Last week I got 20 new phones (3 models) and I got 18 of them working but 2 of them are a model which can only do EAP-MD5, EAP-PEAP-GTC and EAP-TTLS-EAP-GTC. (Yealink W52P)
> My system is 2.2.10 from git (love to upgrade to 3.0 but that will have to wait. Will happen in first half 2017 though..

  OK.

> The other phones connect up with EAP-PEAP-MSCHAPv2 which works without a hitch. So I assume my uploaded CA certificates are ok. I have +/- 300 students connecting with Windows/OSX/Linux/Android/ipads/iphones and Windows Phone without an issue.
> 
> But GTC is new for me..  Is there working support for GTC in 2.2.10 (build from git last march)??

  Yes.  It should work.

> When looking at the logs I notice these things : 
> - it never gets to the inner-tunnel
> 
> - TTLS does not seem to finish.
> [ttls]     TLS_accept: unknown state
> [ttls]     TLS_accept: unknown state
> [ttls]     TLS_accept: unknown state
> [ttls]     TLS_accept: Need to read more data: unknown state
> [ttls]     TLS_accept: Need to read more data: unknown state
> 
> - I get a fatal error. (My only guess to this is that my switch could be stopping after a number of retries(cannot disable this), or my phones are broken.)
> 
> [ttls] <<< TLS 1.0 Alert [length 0002], fatal decrypt_error
> TLS Alert read:fatal:decrypt error
>    TLS_accept: failed in unknown state
> rlm_eap: SSL error error:1409441B:SSL routines:ssl3_read_bytes:tlsv1 alert decrypt error
> SSL: SSL_read failed inside of TLS (-1), TLS session fails.
> 
> Any hints for me ?? 

  Something is going wrong with TLS.  What is going wrong?  Upgrade to v3 to get better error messages. 

  Alan DeKok.




More information about the Freeradius-Users mailing list