TLS errors and clients sometimes rejected
Alan DeKok
aland at deployingradius.com
Wed Sep 18 12:09:57 UTC 2024
On Sep 18, 2024, at 8:02 AM, Rodrigo Abrantes Antunes <rodrigoantunes at pelotas.ifsul.edu.br> wrote:
> What can explain that sometimes the same clients get accepted? I have sent the accept log in the other email.
You'd have to look at the logs on the user device to see what it's doing and why.
> I kick the user from the wireless controller and it get accepted, but after some time it get rejected but soon it get accepted again, it seems to be random (see below).
>
> Could be that the client or the server is doing some kind of failover? Trying one version, if it dont work try another? If yes, is this configurable?
The systems should negotiate properly.
If FreeRADIUS works properly for every other device, and only one device (or a small number of them) misbehaves, then the issue is the device.
I've tried to explain as clearly as I can what your options are here. It's not productive to keep trying to figure out "but WHY"?
Device vendors do all kinds of stupid things. They usually fix the issues over time. If you have devices which are 5-6 years old and use old TLS protocols... upgrade. Don't waste your time trying to figure it out. That effort has already been done, and all of the fixes are in the software on the updated devices.
This isn't a FreeRADIUS problem. No amount of poking FreeRADIUS will fix bugs in 5 year-old devices. I can't answer your question, other than with vague generalities "old devices do that".
If you truly want to understand, you need to get into those old devices, and debug them. That isn't a FreeRADIUS issue. And no other action will have you truly understand what those devices are doing, and why.
If you're not going to do that, then drop the topic. You've been told the only answer which is available. Asking the same question over and over won't get you a different answer.
Alan DeKok.
More information about the Freeradius-Users
mailing list