On 16/01/2020 20.23, Markus Moeller wrote:
How can I interpret the response EAP-Message =
<2><17><0><17><13><128><0><0><0><7><21><3><1><0><2><1><0> ? I think
<2> means it is a Request and <13> means EAP TLS,
That's correct.
Start with EAP RFC: https://tools.ietf.org/html/rfc3748#section-4.1
<2><17><0><17><13> is the fixed EAP header:
2: response from client
17: identifier
0 17: Two octet length: 17 octets
13: is type - EAP TLS
Then continue with EAP-TLS RFC
https://tools.ietf.org/html/rfc5216#section-3.2
<128><0><0><0><7>
128: Flags: length included
0 0 0 7: TLS message length
Then comes TLS data, for example from Wikipedia:
https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_record
<21><3><1><0><2><1><0>
21: tells it's an alert
3 1: is TLS version (1.0) see above on the page
0 2: is length, it's fixed for an alert
1: Level: Warning
0: Description: Close notify
In other words, the client responded with TLS alert "Warning/Close
notify". Possible reason is that it does not trust Radiator's
certificate. This may be caused by untrusted CA or other reasons. It
also depends on the client. As you can see from the page or TLS RFCs,
there are a number of specific Descriptions the client could use but now
it's quite terse.
Another likely option is that the authentication has failed earlier and
what you see is the final handshake acknowledging the failure. Does the
log show anything more detailed before the final
Access-Request/Access-Reject.
Thanks,
Heikki
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator
