TLS communication, EAP does not work
aland at deployingradius.com
Thu Jul 13 16:23:09 CEST 2017
On Jul 13, 2017, at 9:46 AM, Luciano Fernandes da Rocha <luciano.rocha at rnp.br> wrote:
> Briefly, our scenario has 3 servers with FreeRadius 3.0.14. 2 institutions (ufjfteste.br and rnpteste.br) and 1 FLR (.br). On the institution level we run RadSec (embedded TCP/TLS in FreeRadius3) to communicate with our FLR, a radsecproxy. So, using this TLS communication, EAP does not work, but turning off it and doing the communication between all servers using only UDP (disabling RadSec at institutions and radsecproxy at FLR), all EAP methods works.
Please be clearer about "it doesn't work". What happens? What does the debug say?
> To confirm it, if we turn on the TLS communication, we could only authenticate using 'radtest' (as we know, a simple authentication without EAP).
> We suspect that EAP messages are lost during the exchanging when TLS communication are enable.
The server doesn't lose EAP messages.
> Do you have any ideia about it to help us?
Read the debug output. Or, post it to the list. Nothing else will help.
if it's too large to send on the list (~500K), send it to me off-list. Preferably gzip'd.
Set up a proxy which uses RadSec to talk to a home server. Set up the home server with test certs and a test user. Use wpa_supplicant to send packets to the proxy.
Then send ALL the debug output over.
More information about the Freeradius-Users