EAP-FAST is failing on FreeRadius3

Alan DeKok aland at deployingradius.com
Fri Dec 8 13:21:31 CET 2017

On Dec 8, 2017, at 5:54 AM, Smita Selot <SSelot at ixiacom.com> wrote:
> I am running FreeRadius3.0.15 on ubuntu16.04 and testing EAP-FAST right now. I made these modifications:
> - uncommented section “fast” in mods-available/eap file:
> - cipher_list = “ALL:!EXPORT:!eNULL:!SSLv2”
> - disable_tlsv1_2 = yes
> Is there something else that I need to configure?
> The wireshark captures show “Ignored Unknown Record” error at the time of TLS Accept. FreeRadius debugs also show some error in TLS Accept.

  The error is:

eap_fast: EAP-FAST TLV 9 is longer than room remaining in the packet (18 > 14).

> What am I missing?

  Use an EAP client that implements EAP correctly.

  Also try the v3.0.x branch from github.  We've put some more debug / fixes into EAP-FAST.

  Alan DeKok.

More information about the Freeradius-Users mailing list