eap_peap: ERROR: (TLS) Alert read:fatal:unknown CA
Alan DeKok
aland at deployingradius.com
Fri Jan 5 21:14:54 UTC 2024
On Jan 5, 2024, at 1:11 PM, Dario Barbon <dbarbon at olicom.eu> wrote:
> Hi Alan, I enabled mschapv2 section inside eap file and it works... thanks again for your support.
That's good.
> Regarding the source of my problems, I confirm you that Android 11 devices continue to "lost" the installed client certificate: this time I collected the logs as you suggested after the device lost the certificate.
> ...
> (0) Found Auth-Type = eap
> (0) # Executing group from file /etc/freeradius/sites-enabled/tlcamb-tag
> (0) authenticate {
> (0) eap: Peer sent packet with method EAP Identity (1)
> (0) eap: Calling submodule eap_tls to process data
> (0) eap_tls: (TLS) Initiating new session
> (0) eap_tls: (TLS) Setting verify mode to require certificate from client
FreeRADIUS is doing EAP-TLS, and asking for a client cert.
> ...
> (1) EAP-Message = 0x020200060300
> (1)...
> (1) eap: Peer sent EAP Response (code 2) ID 2 length 6
> (1) eap: Ignoring NAK with request for unknown EAP type
The client sent "No, I'm not doing EAP-TLS, and I have no other options".
Yeah, the client is broken. There is nothing you can do to FreeRADIUS to fix it.
I'd suggest filing a bug report with Google.
Alan DeKok.
More information about the Freeradius-Users
mailing list