How to investigate failed Android authentication (EAP-TLS) on WiFi reconnection
dbarbon at olicom.eu
Fri Nov 11 08:06:53 UTC 2022
Thanks Alan & Jorge for yours suggestions.
Upgrade is not a simple task because the server that runs Freeradius is
also an application server that runs other services. So I'll plan to
setup a new VM that will run only Freeradius ...
Il 10/11/2022 19:51, Jorge Pereira ha scritto:
> Upgrade your software as Alan said. Other than that, we strongly recommend to use official packages available in https://packages.networkradius.com/ <https://packages.networkradius.com/>
>> On 10 Nov 2022, at 12:54, Alan DeKok <aland at deployingradius.com> wrote:
>> On Nov 10, 2022, at 3:46 PM, Dario Barbon <dbarbon at olicom.eu> wrote:
>>> Hello, I've a Linux Ubuntu 18.04
>>> server with Freeradius 3.0.16
>> Definitely upgrade. There are many fixes, and many better error messages in newer versions.
>> There are also many changes to supported OpenSSL ciphers. Which means that newer devices are more likely to have problems with a nearly 7 year-old server.
>>> on x86_64 virtual machine.
>>> Freeradius is used only to provide Android devices authentication (EAP-TLS); the authentication works.
>>> The WiFi network was installed by my client: it is a geographical distributed WiFi with a controller and 10 access points.
>>> Sometimes, when one smartphone moves out of WiFi network area and then come back, the connection to WiFi fails. I can reconnect only after a WiFi off / on from Android network settings.
>>> I want to investigate this behaviour; I've found these recurring errors inside last month log files:
>>> ERROR: rlm_eap (EAP): No EAP session matching state 0x3d4e1475385119b8
>> Some kind of network problem.
>>> ERROR: TLS Alert write:fatal:protocol version
>>> ERROR: TLS Alert read : fatal:unknown CA
>>> ERROR: (658258) eap_tls: ERROR: TLS Alert read : fatal : internal error
>>> ERROR: (644636) eap_tls: ERROR: TLS Alert read : fatal:bad certificate
>> TLS negotiation issues.
>>> ERROR: (639156) eap: ERROR: rlm_eap (EAP): Aborting! More than 50 roundtrips made in session with state 0xfd858905cfb18490
>> A broken device.
>>> ERROR: (367333) eap_tls: ERROR: TLS Alert write:fatal:protocol version
>> TLS negotiation issues.
>>> Could you please suggest a debug checklist / debug process to help me understand why this behaviour happen?
>> Upgrade. Then debug.
>> There is zero reason to debug issues with 7 year-old software. The issues have been found and fixed years ago.
>> Alan DeKok.
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> Jorge Pereira
> jpereira at networkradius.com
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Via Europa, 100 25062 CONCESIO (BS)
Tel.+39(0)30-2180500 - Fax. +39(0)30-2180687 - Mobile +39 334 6864136
Web: www.olicom.eu | www.tagwork.it
Mail: dbarbon at olicom.eu | Skype: dario_olicom
More information about the Freeradius-Users