[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Authentication issues
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2022-05-31 13:57:52
Message-ID: CF9EA711-2AF1-4796-954C-2714FD036399 () deployingradius ! com
[Download RAW message or body]

On May 31, 2022, at 9:49 AM, David le Roux <david.leroux@miller.co.uk> wrote:
> I've got two different authentication issues. The server is meant to service both \
> mac-based authentication (using authorized_macs file) and eap-tls using \
> certificates. This is for a production environment where I have done my best to \
> mimic our old setup which is working but on EOL software. 
> In the logs I get "invalid user" for the mac-based auth and "eap_tls: ERROR: TLS \
> alert werite:fatal:internal error.

  I don't see the TLS error in the logs.  What I do see is that FreeRADIUS sends an \
Access-Challenge, the client doesn't respond.

  This is almost always because of certificate issues.  The client doesn't know / \
trust the certificates presented by FreeRADIUS.

  The "invalid user" message is correct.  The MAC address in the User-Name isn't \
found in the "authorized_macs" list.  Note that it does it's lookup by exact string \
match.  So check that the MAC address is listed, and has exactly the same format.

  That's why it prints everything in debug mode... so you can check the printed MAC \
against what's in the file, and verify for yourself that it should / should not work.

> FreeRADIUS Version 3.0.21

  I'd upgrade to 3.2.0.  it has many fixes and enhancements.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]