Problem with EAP PEAP Authentication on freeradius 3.22
Gleb Lisikh
in4bit.general at gmail.com
Thu Apr 23 05:27:22 CEST 2020
Hello world!
Trying to enable EPA2 Enterprise authentication for a Cisco Meraki AP.
EAP Authenticaton section fails with the following:
=====================================
(2) eap: Peer sent EAP Response (code 2) ID 2 length 161
(2) eap: Continuing tunnel setup
(2) [eap] = ok
(2) } # authorize = ok
(2) Found Auth-Type = eap
(2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(2) authenticate {
(2) eap: Expiring EAP session with state 0x1da40b4e1ca6122b
(2) eap: Finished EAP session with state 0x1da40b4e1ca6122b
(2) eap: Previous EAP request found for state 0x1da40b4e1ca6122b, released
from the list
(2) eap: Peer sent packet with method EAP PEAP (25)
(2) eap: Calling submodule eap_peap to process data
(2) eap_peap: Continuing EAP-TLS
(2) eap_peap: [eaptls verify] = ok
(2) eap_peap: Done initial handshake
(2) eap_peap: (other): before/accept initialization
(2) eap_peap: TLS_accept: before/accept initialization
tls: TLS_accept: Error in SSLv2/v3 read client hello A
(2) eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read): error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol
(2) eap_peap: ERROR: System call (I/O) error (-1)
(2) eap_peap: ERROR: TLS receive handshake failed during operation
(2) eap_peap: ERROR: [eaptls process] = fail
(2) eap: ERROR: Failed continuing EAP PEAP (25) session. EAP sub-module
failed
(2) eap: Sending EAP Failure (code 4) ID 2 length 4
(2) eap: Failed in EAP select
(2) [eap] = invalid
(2) } # authenticate = invalid
(2) Failed to authenticate the user
=====================================
Any idea where I may need to start troubleshooting? I haven't touched
Authentication at all from its original. Authorization is done through
python3 and seems to be working just fine.
By the way, exactly the same error occurs on a different freeradius server
running 3.021
Thank you!
Gleb
More information about the Freeradius-Users
mailing list