[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: Authentication issues
From: Alan DeKok <aland () deployingradius ! com>
Date: 2022-05-31 13:57:52
Message-ID: CF9EA711-2AF1-4796-954C-2714FD036399 () deployingradius ! com
[Download RAW message or body]
On May 31, 2022, at 9:49 AM, David le Roux <david.leroux@miller.co.uk> wrote:
> I've got two different authentication issues. The server is meant to service both \
> mac-based authentication (using authorized_macs file) and eap-tls using \
> certificates. This is for a production environment where I have done my best to \
> mimic our old setup which is working but on EOL software.
> In the logs I get "invalid user" for the mac-based auth and "eap_tls: ERROR: TLS \
> alert werite:fatal:internal error.
I don't see the TLS error in the logs. What I do see is that FreeRADIUS sends an \
Access-Challenge, the client doesn't respond.
This is almost always because of certificate issues. The client doesn't know / \
trust the certificates presented by FreeRADIUS.
The "invalid user" message is correct. The MAC address in the User-Name isn't \
found in the "authorized_macs" list. Note that it does it's lookup by exact string \
match. So check that the MAC address is listed, and has exactly the same format.
That's why it prints everything in debug mode... so you can check the printed MAC \
against what's in the file, and verify for yourself that it should / should not work.
> FreeRADIUS Version 3.0.21
I'd upgrade to 3.2.0. it has many fixes and enhancements.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic