More freeradius fun - some clients not connecting
aland at deployingradius.com
Tue May 21 17:18:48 CEST 2019
On May 21, 2019, at 9:24 AM, Chris Bradley <bradleyc at bcsc.k12.in.us> wrote:
> Some (not all - some work and some don't) of our re-imaged computers won't connect to our certificate based 802.1x networks. On the server, I'm seeing this error as I'm tailing the freeradius log:
> Tue May 21 09:07:50 2019 : ERROR: (185581) eap_tls: ERROR: SSL says error 20 : unable to get local issuer certificate
> Tue May 21 09:07:50 2019 : ERROR: (185581) eap_tls: ERROR: TLS Alert write:fatal:unknown CA
The client is unable to get the local issuer certificate, and is sending an error saying it doesn't know the CA that the server is presenting.
> Tue May 21 09:07:50 2019 : Error: tls: TLS_accept: Error in SSLv3 read client certificate B
That error comes from OpenSSL, and has a pretty darned opaque meaning.
> The two clients are identical machines, the wireless networks and the certificates are installed the same exact way.
Something is different between them. Typically it's because the CA cert isn't installed on the machine which is complaining.
More information about the Freeradius-Users