...@lists.freeradius.org]
Im Auftrag von PENZ Robert
Gesendet: Dienstag, 11. Dezember 2012 16:30
An: FreeRadius users mailing list
Betreff: AW: AW: AW: EAP-TLS Failed in handler question
Hi!
Phil, Really BIG THANKS for your help! I'll talk to Extreme Networks.
Robert
-
List info/subs
Hi!
Phil, Really BIG THANKS for your help! I'll talk to Extreme Networks.
Robert
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 10/12/12 20:00, PENZ Robert wrote:
@PhilMayers: Did you get the Mail with the full logfile? do you need more?
Ok, your NAS is buggy I'm afraid. In some small percentage of cases, it
is not handling the wrapping of EAP id values from 255 to 0.
The following sequence of (redacted) packets s
On 12/10/2012 08:00 PM, PENZ Robert wrote:
@PhilMayers: Did you get the Mail with the full logfile? do you need more?
I did, but honestly I prioritise personal "help" emails lower than ones
to the list, sorry.
I'll see if I have time to look today.
-
List info/subscribe/unsubscribe? See http
05, 2012 8:32 AM
To: FreeRadius users mailing list
Subject: AW: AW: AW: EAP-TLS Failed in handler question
> > There is no other packet between this two and only 5 seconds, server has
> > not been restarted.
> Weird.
> But we need the *full* debug please!
some special option or
> > There is no other packet between this two and only 5 seconds, server has
> > not been restarted.
> Weird.
> But we need the *full* debug please!
some special option or the full log file? The second I send you in a private
mail.
Robert
-
List info/subscribe/unsubscribe? See http://www.freera
On 12/04/2012 03:59 PM, PENZ Robert wrote:
There is no other packet between this two and only 5 seconds, server has
not been restarted.
Weird.
But we need the *full* debug please!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.freeradius.org
[mailto:freeradius-users-bounces+robert.penz=tirol.gv...@lists.freeradius.org]
Im Auftrag von PENZ Robert
Gesendet: Dienstag, 27. November 2012 17:38
An: FreeRadius users mailing list
Betreff: AW: AW: EAP-TLS Failed in handler question
> > With first packet I meant first packet the ra
> > With first packet I meant first packet the radius server saw in some time
> > ... the switch forces a reauthentification every 2h
> A re-auth is a fresh EAP session. So even on a re-auth, the first packet
> would not have a "State" attribute, absent software bugs.
ok
> >> It *could* be that
On 21/11/12 12:00, PENZ Robert wrote:
With first packet I meant first packet the radius server saw in some time ...
the switch forces a reauthentification every 2h
A re-auth is a fresh EAP session. So even on a re-auth, the first packet
would not have a "State" attribute, absent software bug
Hi!
first thx for your response.
> My first question is, how can I decode a EAP-Message from the debug
> Wireshark, or read the EAP RFC and decode it manually (see below)
ok, I'll believe i got lucky and got a tcpdump trace on a client yesterday ...
need to check it and if it is the same proble
On 11/19/2012 08:23 AM, PENZ Robert wrote:
My first question is, how can I decode a EAP-Message from the debug
Wireshark, or read the EAP RFC and decode it manually (see below)
log to check if the request is itself ok. Here is first packet from
No, this is *not* the first packet, because i
Hi!
I've 802.1x (EAP-TLS) on a wired network activated, and it works 99% of the
time ... just some authentications fail, but some minutes later the same client
authenticates without a problem. As it happens only once every few days and
always with a new client I cannot put a sniffer between the
Hi Nelson/Alan:
the problem seems to be the issue with freeRADIUS not
able to authenticate certificate chains of length
greater than 2.
In Nelson's case the cert chain is CA->RA->user-cert
so Nelson will have to apply the patch 112 in
bugs.freeradius.org and refer to my email on using
freeradius w
Nelson Murilo <[EMAIL PROTECTED]> wrote:
> rlm_eap_tls: <<< TLS 10 Alert [ length 0002], fata unknown_ca
The user certificate isn't signed by a CA known to the server.
> My certificate chain have: CA->RA->user_certificate, so
...
> (I thinking I don't need use RA certificate)
The debug log
Hi,
I try use eap_tls with freeradius, wpa_supplicant and legitime
certificates (not CA.pl samples and whatever passwords).
My certificate chain have: CA->RA->user_certificate, so
Of corse, I have private key (and password ) only for user_certificate
In my eap config file have:
CA_file = CA.pe
16 matches
Mail list logo
