Authentication issues
Alan DeKok
aland at deployingradius.com
Tue May 31 13:57:52 UTC 2022
On May 31, 2022, at 9:49 AM, David le Roux <david.leroux at miller.co.uk> wrote:
> I've got two different authentication issues. The server is meant to service both mac-based authentication (using authorized_macs file) and eap-tls using certificates. This is for a production environment where I have done my best to mimic our old setup which is working but on EOL software.
>
> In the logs I get "invalid user" for the mac-based auth and "eap_tls: ERROR: TLS alert werite:fatal:internal error.
I don't see the TLS error in the logs. What I do see is that FreeRADIUS sends an Access-Challenge, the client doesn't respond.
This is almost always because of certificate issues. The client doesn't know / trust the certificates presented by FreeRADIUS.
The "invalid user" message is correct. The MAC address in the User-Name isn't found in the "authorized_macs" list. Note that it does it's lookup by exact string match. So check that the MAC address is listed, and has exactly the same format.
That's why it prints everything in debug mode... so you can check the printed MAC against what's in the file, and verify for yourself that it should / should not work.
> FreeRADIUS Version 3.0.21
I'd upgrade to 3.2.0. it has many fixes and enhancements.
Alan DeKok.
More information about the Freeradius-Users
mailing list