Seeking assistance with eap_peap error log

Alan DeKok aland at deployingradius.com
Fri Jan 31 00:45:42 UTC 2025 

On Jan 30, 2025, at 7:25 PM, Joseph Repuyan via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> We have a wireless setup where the SSID password is updated every day. FreeRADIUS is used for authentication and some automation behind to update the password and store them to an SQL database.
> Mobile phones can successfully authenticate using the password for the day, but laptops cannot. The client claims both mac and windows laptops cannot connect but I only have logs of the windows machine attempting to authenticate. Attached are the logs.

  Changing passwords every day doesn't really make sense.  The laptops will cache the password, and won't always give the user a pop-up when it changes.  Which means that the user can't change the password, because the laptop won't let the,

> Near the bottom of the logs, I found these errors.

  Or, try reading *all* of the logs.  There's a ton more information which you've "helpfully" deleted.

  This is documented in as many places as we can put it:  http://wiki.freeradius.org/list-help

> From the looks of it, the client itself is complaining about the TLS exchange, but I'm lost as to what to check next. I cannot replicate the issue with my windows laptop using the same FreeRADIUS server (but using different an access point).

  If you read all of the debug output, or post it here without deleted almost every bit of useful information, odds are that the answer is in those messages.

  The server produces huge amounts of logs for a reason.  Something in there is almost always useful.  If you ignore nearly all of the messages, it will be much more difficult to fix any problem.

  If you're worried about devices being stolen, just give each device a unique username and password.  Then if one gets stolen, you can just disable that account, and everything is fine.

  But... don't change password every day.  It's fake security.  It doesn't help.  it just causes problems.

  Nobody else changes PEAP passwords every day precisely because of the issues you're running into.

  Alan DeKok.

More information about the Freeradius-Users mailing list