eapol_test
Alan DeKok
aland at deployingradius.com
Mon Feb 24 21:38:25 UTC 2025
On Feb 24, 2025, at 1:36 PM, BuzzSaw Code <buzzsaw.code at gmail.com> wrote:
> And the answer yet again is FIPS.
The gift that keeps on giving...
> - I spun up a new RHEL8 image from the RedHat AMI in AWS
> - Installed the FreeRADIUS 3.2.7 RPMs and the distro version of the
> wpa_supplicant
> - Tested, worked as expected with the default configuration
> - Run /bin/fips-mode-setup --enable and reboot when ready
> - Test again, I get the "invalid Message-Authenticator" nonsense when
> testing with the exact same configuration.
>
> Again, I think the problem is in wpa_authenticator/eapol_test since
> I've got EAP-TLS working with FIPs mode and RHEL8 elsewhere, but
> thought I'd reply as informational to the list.
Yes. wpa_supplicant and hostap don't disable FIPS mode when RADIUS is used. I'll see what I can do.
Alan DeKok.
More information about the Freeradius-Users
mailing list