Hi, I'll give 2.0-pre1 a try, to see if it works. I will revert to 1.1.6 if needed.
> The supplicant is tunnelling additional data inside of EAP-TLS. > FreeRADIUS doesn't support thatSupplicant - do you mean Mikrotik AP or wpa_supplicant on the client? I'm not sure what exactly Mikrotik does with EAP-TLS (and there are several options - EAP-TLS or passthrough, and verify cert. x don't verify cert x no certificate) - I thought the AP doesn't care about certificates, only forwards it to the RADIUS service (I already set this up once on a different AP and it had no such options)
Thanks Jan Alan Dekok wrote:
Jan Schermer / ET NETERA wrote:I'm setting up a Mikrotik wireless AP with a freeradius server behind it and EAP-TLS, client connects "fine" (those errors are meaningless, right? can I get rid of them?):Upgrade to 1.1.6.but after a while, the connection is renegotiated (maybe because of weak signal), but then it starts failing:...Tue May 29 12:02:44 2007 : Error: rlm_eap_tls: The EAP-TLS packet will contain more data than we can process.The supplicant is tunnelling additional data inside of EAP-TLS. FreeRADIUS doesn't support that. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
begin:vcard fn:Jan Schermer / ET NETERA n:Schermer;Jan org:Et netera a.s.;Deployment and Operations adr:;;Milady Horakove 108;Praha 6;;16000;Czech Republic email;internet:[EMAIL PROTECTED] title:Linux Administrator tel;work:+420 233326810 tel;cell:+420 608022225 x-mozilla-html:FALSE url:http://www.etnetera.cz version:2.1 end:vcard
smime.p7s
Description: S/MIME Cryptographic Signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
