How to investigate failed Android authentication (EAP-TLS) on WiFi reconnection

Dario Barbon dbarbon at olicom.eu
Fri Nov 11 08:06:53 UTC 2022 

Thanks Alan & Jorge for yours suggestions.
Upgrade is not a simple task because the server that runs Freeradius is 
also an application server that runs other services. So I'll plan to 
setup a new VM that will run only Freeradius ...

Dario

Il 10/11/2022 19:51, Jorge Pereira ha scritto:
> Upgrade your software as Alan said. Other than that, we strongly recommend to use official packages available in https://packages.networkradius.com/ <https://packages.networkradius.com/>
>
>
>> On 10 Nov 2022, at 12:54, Alan DeKok <aland at deployingradius.com> wrote:
>>
>> On Nov 10, 2022, at 3:46 PM, Dario Barbon <dbarbon at olicom.eu> wrote:
>>> Hello, I've a Linux Ubuntu 18.04
>>   ???
>>
>>   Upgrade.
>>
>>> server with Freeradius 3.0.16
>>   Definitely upgrade.  There are many fixes, and many better error messages in newer versions.
>>
>>   There are also many changes to supported OpenSSL ciphers.  Which means that newer devices are more likely to have problems with a nearly 7 year-old server.
>>
>>> on x86_64 virtual machine.
>>>
>>> Freeradius is used only to provide Android devices authentication (EAP-TLS); the authentication works.
>>> The WiFi network was installed by my client: it is a geographical distributed WiFi with a controller and 10 access points.
>>> Sometimes, when one smartphone moves out of WiFi network area and then come back, the connection to WiFi fails. I can reconnect only after a WiFi off / on from Android network settings.
>>>
>>> I want to investigate this behaviour; I've found these recurring errors inside last month log files:
>>>
>>> ERROR: rlm_eap (EAP): No EAP session matching state 0x3d4e1475385119b8
>> Some kind of network problem.
>>
>>> ERROR: TLS Alert write:fatal:protocol version
>>>
>>> ERROR: TLS Alert read : fatal:unknown CA
>>>
>>> ERROR: (658258) eap_tls: ERROR: TLS Alert read : fatal : internal error
>>>
>>> ERROR: (644636) eap_tls: ERROR: TLS Alert read : fatal:bad certificate
>>   TLS negotiation issues.
>>
>>> ERROR: (639156) eap: ERROR: rlm_eap (EAP): Aborting! More than 50 roundtrips made in session with state 0xfd858905cfb18490
>>   A broken device.
>>
>>> ERROR: (367333) eap_tls: ERROR: TLS Alert write:fatal:protocol version
>>   TLS negotiation issues.
>>
>>> Could you please suggest a debug checklist / debug process to help me understand why this behaviour happen?
>>   Upgrade.  Then debug.
>>
>>   There is zero reason to debug issues with 7 year-old software.  The issues have been found and fixed years ago.
>>
>>   Alan DeKok.
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> Jorge Pereira
> jpereira at networkradius.com
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- 

Olicom Srl
Via Europa, 100 25062 CONCESIO (BS)
Tel.+39(0)30-2180500 - Fax. +39(0)30-2180687 - Mobile +39 334 6864136
Web: www.olicom.eu | www.tagwork.it
Mail: dbarbon at olicom.eu | Skype: dario_olicom

More information about the Freeradius-Users mailing list