eap_peap: ERROR: (TLS) Alert read:fatal:unknown CA
Alan DeKok
aland at deployingradius.com
Fri Jan 5 17:30:45 UTC 2024
On Jan 5, 2024, at 11:25 AM, Dario Barbon <dbarbon at olicom.eu> wrote:
> I installed the CA certificate and collected the entire log file content:
This page gives a good overview of what to look for: http://wiki.freeradius.org/radiusd-X
Simply lookiing for the word "error" gives you this:
> (6) eap_peap: Serialising session 28598cb4ba77510a52abb1e63011f9c061077719c09a59908092e2ca6b9c1ffd, and storing in cache
> (6) eap_peap: ERROR: (TLS) Session serialisation failed, failed opening session file /var/log/freeradius/tlscache/28598cb4ba77510a52abb1e63011f9c061077719c09a59908092e2ca6b9c1ffd.asn1: Permission denied
And looking for more "error" gives you this:
> (8) eap: Peer sent packet with method EAP Identity (1)
> (8) eap: ERROR: Tried to start unsupported EAP type MSCHAPv2 (26)
> (8) eap: Sending EAP Failure (code 4) ID 9 length 4
You edited the mods-available/eap file, deleted the "mschapv2" configuration, and then tried to do EAP-MSCHAPv2.
If you want to use EAP-MSCHAPv2, then enable the mschapv2 EAP configuration.
And read the debug output. Honestly. 99% of problems can be solved by just looking for "error" and going "whoops, that message is pretty clear".
Alan DeKok.
More information about the Freeradius-Users
mailing list