Problem with EAP PEAP Authentication on freeradius 3.22
Alan DeKok
aland at deployingradius.com
Thu Apr 23 15:48:19 CEST 2020
On Apr 22, 2020, at 11:27 PM, Gleb Lisikh <in4bit.general at gmail.com> wrote:
>
> Hello world!
>
> Trying to enable EPA2 Enterprise authentication for a Cisco Meraki AP.
What end-user system are you using? Windows? Linux?
The AP just copies EAP packets between the end-user system and the RADIUS server. The AP doesn't have anything to do with the EAP methods.
> tls: TLS_accept: Error in SSLv2/v3 read client hello A
> (2) eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read): error:140760FC:SSL
> routines:SSL23_GET_CLIENT_HELLO:unknown protocol
This is a magically unhelpful error from OpenSSL. There are many reason why it could happen. All of these reasons are related to TLS negotiation and/or certificate issues.
> Any idea where I may need to start troubleshooting? I haven't touched
> Authentication at all from its original. Authorization is done through
> python3 and seems to be working just fine.
> By the way, exactly the same error occurs on a different freeradius server
> running 3.021
Then the issue is the end-user system.
You can't debug an end-user system by looking at the RADIUS server. It's looking in entirely the wrong place. The RADIUS server is just telling you what the error is. The RADIUS server isn't *creating* the error.
Alan DeKok.
More information about the Freeradius-Users
mailing list