Problem with EAP PEAP Authentication on freeradius 3.22
Alan DeKok
aland at deployingradius.com
Thu Apr 23 22:53:43 CEST 2020
On Apr 23, 2020, at 4:04 PM, Gleb Lisikh <in4bit.general at gmail.com> wrote:
>
> For the end system OS, I have no idea... Meraki web-based dashboard has a built-in test tool to validate RADIUS configuration. This is what I used to check my setup so far, and haven't tried any "real" client
Ah.... then it's rather more difficult to fix.
> Is there any way to see from the RADIUS server side what client is doing/sending wrong/incorrectly?
That error message from OpenSSL is all we have/
> Meraki does have a set of instructions on how to configure freeRADIUS to work with Meraki EAP-TLS authentication, but those seem to be dated as I could not even find ./etc/freeradius/eap.conf file that they suggest to edit.
> https://documentation.meraki.com/MR/Encryption_and_Authentication/Freeradius%3A_Configure_freeradius_to_work_with_EAP-TLS_authentication
> Perhaps you can help me to translate those instructions into 3.022 version terms and files to edit?
Well... no. I don't rewrite documentation for vendors.
We have documentation on how to configure EAP-TLS. See mods-available/eap. It's relatively straightforward.
> And lastly, is there anything that had to be done in principle to enable EAP-TLS on the server irrespective of the client behaviour?
If the error is in OpenSSL, then you have to figure out *what* to configure.
The server works by default. There is no magical setting which turns off a *broken* configuration and enables a *working* one.
Alan DeKok.
More information about the Freeradius-Users
mailing list