[RADIATOR] tlsv1 errors

Alex Sharaz A.Sharaz at hull.ac.uk
Mon Jul 9 10:10:32 CDT 2012


Hi,
I'me seeing loads of

Wed Apr 18 02:13:42 2012: ERR: EAP PEAP TLS read failed:  1116: 1 - error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access denied

Wed Apr 18 02:15:15 2012: ERR: EAP PEAP TLS read failed:  1116: 1 - error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access denied

Wed Apr 18 02:16:48 2012: ERR: EAP PEAP TLS read failed:  1116: 1 - error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access denied

Wed Apr 18 02:18:21 2012: ERR: EAP PEAP TLS read failed:  1116: 1 - error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access denied

errors on all of my Radiator V4.9 ( and 1 4.10) fully patched servers running on Windows 2008R2 servers configured to authenticate agains our AD system using
AuthBy LSA

looking in my eaplog file I can see

Jul  9, 2012 15:51 :  clientip=150.237.85.206 nasIP=150.237.253.140 nasPort=30 user=ADIR\adsmt3 result=OK
Jul  9, 2012 15:51 :  clientip= nasIP=150.237.251.30 nasPort=3 user=anonymous result=OK
Jul  9, 2012 15:51 : EAP PEAP TLS read failed clientip=150.237.85.206 nasIP=150.237.251.83 nasPort=39 user=ADIR\408859 result=FAIL
Jul  9, 2012 15:51 :  clientip=150.237.85.206 nasIP=150.237.251.30 nasPort=3 user=ADIR\381760 result=OK
Jul  9, 2012 15:52 :  clientip= nasIP=150.237.251.81 nasPort=8 user=anonymous result=OK
Jul  9, 2012 15:52 :  clientip=150.237.85.206 nasIP=150.237.251.81 nasPort=8 user=ADIR\433918 result=OK
Jul  9, 2012 15:52 : EAP PEAP TLS read failed clientip=150.237.85.206 nasIP=150.237.251.83 nasPort=21 user=ADIR\430746 result=FAIL
Jul  9, 2012 15:52 :  clientip= nasIP=150.237.175.164 nasPort=11 user=anonymous result=OK


So I've got one batch of people authenticating just fine and another lot that keep failing. As I run a load balanced service with multiple back end Radiator AD servers, shutting down one that seems to be seeing lots of problems just moves the auth failures over to another Radiator server.

I'm currently trying to figure out whether all the failures are associated with one of our University built images  but would really appreciate any hints as to what "tlsv1 alert access denied" actually means

Rgds
Alex

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20120709/4c3d076d/attachment.html 
-------------- next part --------------
**************************************************
To view the terms under which this email is 
distributed, please go to 
http://www2.hull.ac.uk/legal/disclaimer.aspx
**************************************************


More information about the radiator mailing list