[RADIATOR] SSL Error in PEAP conversation

Johnson, Neil M neil-johnson at uiowa.edu
Mon Sep 17 11:13:11 CDT 2012


Here's another trace excerpt... (Attached).


-- 
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
Mobile: 319 540-2081
E-Mail: neil-johnson at uiowa.edu






On 9/17/12 11:01 AM, "Johnson, Neil M" <neil-johnson at uiowa.edu> wrote:

>Attached is an extract from the RADIUS log, where the user failed SSL
>authentication...
>
>We are running 4.9 with patches...
>
>
>-- 
>Neil Johnson
>Network Engineer
>The University of Iowa
>Phone: 319 384-0938
>Fax: 319 335-2951
>Mobile: 319 540-2081
>E-Mail: neil-johnson at uiowa.edu
>
>
>
>
>
>
>On 9/14/12 3:42 PM, "Heikki Vatiainen" <hvn at open.com.au> wrote:
>
>>On 09/14/2012 07:16 PM, Johnson, Neil M wrote:
>>
>>> I have a wireless user who a few times a day gets asked to re-enter his
>>> credentials on his windows 7 system.  After he re-enters his
>>>credentials
>>> he reconnects fine.  I look in the RADIUS logs and see:
>>> 
>>> Mon Sep 10 17:06:58 2012 757006: ERR: EAP PEAP TLS Handshake
>>> unsuccessful:  4076: 1 - error:14094417:SSL
>>> routines:SSL3_READ_BYTES:sslv3 alert illegal parameter
>>> 
>>> I don't have any more verbose logging at this time (The user is out of
>>> the office this week), but I was wondering if anyone else had seen this
>>> error message before.
>>
>>I have seen that just a couple of times but certainly not very often.
>>Trace 4 log would be useful to see what happens during the TLS tunnel
>>setup.
>>
>>There's one PEAP related fix in 4.10 patches. What you see may be
>>related to PEAP fast reconnect aka session resumption. The patch fixes
>>problems with windows clients.
>>
>>The problem does not cause the error you are seeing so it may be related
>>to some other client. However, if you can apply the patch, it might be
>>worth trying.
>>
>>Thanks,
>>Heikki
>>
>>-- 
>>Heikki Vatiainen <hvn at open.com.au>
>>
>>Radiator: the most portable, flexible and configurable RADIUS server
>>anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>>Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>>TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>>DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
>>NetWare etc.
>>_______________________________________________
>>radiator mailing list
>>radiator at open.com.au
>>http://www.open.com.au/mailman/listinfo/radiator
>

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: rex_failed_SSL_try_2.txt
Url: http://www.open.com.au/pipermail/radiator/attachments/20120917/387e6630/attachment-0001.txt 


More information about the radiator mailing list