eap_peap: ERROR: (TLS) Alert read:fatal:unknown CA

Alan DeKok aland at deployingradius.com
Fri Jan 5 17:30:45 UTC 2024

On Jan 5, 2024, at 11:25 AM, Dario Barbon <dbarbon at olicom.eu> wrote:
> I installed the CA certificate and collected the entire log file content:

  This page gives a good overview of what to look for: http://wiki.freeradius.org/radiusd-X

  Simply lookiing for the word "error" gives you this:

> (6) eap_peap: Serialising session 28598cb4ba77510a52abb1e63011f9c061077719c09a59908092e2ca6b9c1ffd, and storing in cache
> (6) eap_peap: ERROR: (TLS) Session serialisation failed, failed opening session file /var/log/freeradius/tlscache/28598cb4ba77510a52abb1e63011f9c061077719c09a59908092e2ca6b9c1ffd.asn1: Permission denied

  And looking for more "error" gives you this:

> (8) eap: Peer sent packet with method EAP Identity (1)
> (8) eap: ERROR: Tried to start unsupported EAP type MSCHAPv2 (26)
> (8) eap: Sending EAP Failure (code 4) ID 9 length 4

  You edited the mods-available/eap file, deleted the "mschapv2" configuration, and then tried to do EAP-MSCHAPv2.

  If you want to use EAP-MSCHAPv2, then enable the mschapv2 EAP configuration.

  And read the debug output.  Honestly.  99% of problems can be solved by just looking for "error" and going "whoops, that message is pretty clear".

  Alan DeKok.

More information about the Freeradius-Users mailing list