How to investigate failed Android authentication (EAP-TLS) on WiFi reconnection

Dario Barbon dbarbon at
Thu Nov 10 15:46:56 UTC 2022

Hello, I've a Linux Ubuntu 18.04 server with Freeradius 3.0.16 on x86_64 
virtual machine.

Freeradius is used only to provide Android devices authentication 
(EAP-TLS); the authentication works.
The WiFi network was installed by my client: it is a geographical 
distributed WiFi with a controller and 10 access points.
Sometimes, when one smartphone moves out of WiFi network area and then 
come back, the connection to WiFi fails. I can reconnect only after a 
WiFi off / on from Android network settings.

I want to investigate this behaviour; I've found these recurring errors 
inside last month log files:

ERROR: rlm_eap (EAP): No EAP session matching state 0x3d4e1475385119b8

ERROR: TLS Alert write:fatal:protocol version

ERROR: TLS Alert read : fatal:unknown CA

ERROR: (658258) eap_tls: ERROR: TLS Alert read : fatal : internal error

ERROR: (644636) eap_tls: ERROR: TLS Alert read : fatal:bad certificate

ERROR: (639156) eap: ERROR: rlm_eap (EAP): Aborting! More than 50 
roundtrips made in session with state 0xfd858905cfb18490

ERROR: (367333) eap_tls: ERROR: TLS Alert write:fatal:protocol version

Could you please suggest a debug checklist / debug process to help me 
understand why this behaviour happen?


Dario Barbon

More information about the Freeradius-Users mailing list