[RADIATOR] SSL Error in PEAP conversation

Johnson, Neil M neil-johnson at uiowa.edu
Mon Sep 17 12:02:18 CDT 2012


Here is a couple of more log excerpts.


-- 
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
Mobile: 319 540-2081
E-Mail: neil-johnson at uiowa.edu






On 9/17/12 11:13 AM, "Johnson, Neil M" <neil-johnson at uiowa.edu> wrote:

>Here's another trace excerpt... (Attached).
>
>
>-- 
>Neil Johnson
>Network Engineer
>The University of Iowa
>Phone: 319 384-0938
>Fax: 319 335-2951
>Mobile: 319 540-2081
>E-Mail: neil-johnson at uiowa.edu
>
>
>
>
>
>
>On 9/17/12 11:01 AM, "Johnson, Neil M" <neil-johnson at uiowa.edu> wrote:
>
>>Attached is an extract from the RADIUS log, where the user failed SSL
>>authentication...
>>
>>We are running 4.9 with patches...
>>
>>
>>-- 
>>Neil Johnson
>>Network Engineer
>>The University of Iowa
>>Phone: 319 384-0938
>>Fax: 319 335-2951
>>Mobile: 319 540-2081
>>E-Mail: neil-johnson at uiowa.edu
>>
>>
>>
>>
>>
>>
>>On 9/14/12 3:42 PM, "Heikki Vatiainen" <hvn at open.com.au> wrote:
>>
>>>On 09/14/2012 07:16 PM, Johnson, Neil M wrote:
>>>
>>>> I have a wireless user who a few times a day gets asked to re-enter
>>>>his
>>>> credentials on his windows 7 system.  After he re-enters his
>>>>credentials
>>>> he reconnects fine.  I look in the RADIUS logs and see:
>>>> 
>>>> Mon Sep 10 17:06:58 2012 757006: ERR: EAP PEAP TLS Handshake
>>>> unsuccessful:  4076: 1 - error:14094417:SSL
>>>> routines:SSL3_READ_BYTES:sslv3 alert illegal parameter
>>>> 
>>>> I don't have any more verbose logging at this time (The user is out of
>>>> the office this week), but I was wondering if anyone else had seen
>>>>this
>>>> error message before.
>>>
>>>I have seen that just a couple of times but certainly not very often.
>>>Trace 4 log would be useful to see what happens during the TLS tunnel
>>>setup.
>>>
>>>There's one PEAP related fix in 4.10 patches. What you see may be
>>>related to PEAP fast reconnect aka session resumption. The patch fixes
>>>problems with windows clients.
>>>
>>>The problem does not cause the error you are seeing so it may be related
>>>to some other client. However, if you can apply the patch, it might be
>>>worth trying.
>>>
>>>Thanks,
>>>Heikki
>>>
>>>-- 
>>>Heikki Vatiainen <hvn at open.com.au>
>>>
>>>Radiator: the most portable, flexible and configurable RADIUS server
>>>anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>>>Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>>>TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>>>DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
>>>NetWare etc.
>>>_______________________________________________
>>>radiator mailing list
>>>radiator at open.com.au
>>>http://www.open.com.au/mailman/listinfo/radiator
>>
>

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: rex_failed_SSL_try_3.txt
Url: http://www.open.com.au/pipermail/radiator/attachments/20120917/74dead4f/attachment-0002.txt 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: rex_failed_SSL_try_4.txt
Url: http://www.open.com.au/pipermail/radiator/attachments/20120917/74dead4f/attachment-0003.txt 


More information about the radiator mailing list