odd messages in radius.log
Matt H
meh1963 at gmail.com
Tue Jul 25 18:54:13 UTC 2023
Hello -
I'm seeing an odd message in /var/log/radius/radius.log - freeradius 3.0.20
Fri Jul 21 11:07:24 2023 : ERROR: (106416) eap_peap: ERROR: TLS Alert
read:fatal:unknown CA
I would expect that EAP would be failing; it's not, apparently, as users
are able to connect and auth (WPA2-Enterprise).
I've checked our certs (radius.companyname.crt, pem, etc) and they're up to
date.
When I run openssl x509 -noout -text -in <file>, everything looks good
except that the first cert in the chain has FALSE rather than TRUE for
this setting:
X509v3 Basic Constraints: critical
CA:FALSE
Not sure whether or not this is a red herring. Either way, it hasn't
changed since the first of June (with no new certs and no other changes )
and the error didn't start showing up in radius.log about the first of
July.
I haven't provided a full radiusd -X output bc it's a production machine,
but can do if necessary.
thanks/mh
--
Death before dishonour,
Nothing before coffee
More information about the Freeradius-Users
mailing list