[RADIATOR] SSL Error in PEAP conversation
Johnson, Neil M
neil-johnson at uiowa.edu
Mon Sep 24 09:22:58 CDT 2012
Yup, it appears to be an interaction between the client and our wireless
infrastructure.
If the user connects to a different vendor's of AP. It seems to work fine.
-Neil
--
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
Mobile: 319 540-2081
E-Mail: neil-johnson at uiowa.edu
On 9/21/12 10:32 AM, "Johnson, Neil M" <neil-johnson at uiowa.edu> wrote:
>Heikki,
>
>It's looking more and more like a client issue. We gave the user a
>different Wireless NIC and they have had no issues.
>
>We are trying to determine if it's a client and wireless vendor issue or
>just the client.
>
>Thanks for your assistance.
>
>-Neil
>
>--
>Neil Johnson
>Network Engineer
>The University of Iowa
>Phone: 319 384-0938
>Fax: 319 335-2951
>Mobile: 319 540-2081
>E-Mail: neil-johnson at uiowa.edu
>
>
>
>
>
>
>On 9/18/12 4:13 PM, "Johnson, Neil M" <neil-johnson at uiowa.edu> wrote:
>
>>
>>Heikki,
>>
>>It's my understanding that he is running the stock windows supplicant. I
>>will check.
>>
>>The customer in question can connect most of the time, it's just that
>>every few hours he gets asked to re-enter his credentials, which
>>coincides
>>with the TLS error messages.
>>
>>
>>Thanks.
>>-Neil
>>
>>--
>>Neil Johnson
>>Network Engineer
>>The University of Iowa
>>Phone: 319 384-0938
>>Fax: 319 335-2951
>>Mobile: 319 540-2081
>>E-Mail: neil-johnson at uiowa.edu
>>
>>
>>
>>
>>
>>
>>On 9/18/12 1:47 PM, "Heikki Vatiainen" <hvn at open.com.au> wrote:
>>
>>>On 09/17/2012 11:31 PM, Johnson, Neil M wrote:
>>>
>>>> Two more packet captures ....
>>>
>>>Thanks for the captures and Radiator log snippets. I noticed the Windows
>>>7 client advertises its support for elliptic curve cryptography cipher
>>>suites
>>>http://tools.ietf.org/html/rfc4492
>>>
>>>Is the PEAP client software user has the one that comes with Windows or
>>>maybe something else? The Windows 7 default client should work well with
>>>Radiator so I thought is this possibly some other client.
>>>
>>>The TLS negotiation continues in some of the pcaps with Radiator picking
>>>up TLS_RSA_WITH_AES_128_CBC_SHA and I see nothing peculiar there. It's
>>>hard to say why some tries end up with alerts.
>>>
>>>Thanks,
>>>Heikki
>>>
>>>--
>>>Heikki Vatiainen <hvn at open.com.au>
>>>
>>>Radiator: the most portable, flexible and configurable RADIUS server
>>>anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>>>Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>>>TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>>>DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
>>>NetWare etc.
>>
>>_______________________________________________
>>radiator mailing list
>>radiator at open.com.au
>>http://www.open.com.au/mailman/listinfo/radiator
>
More information about the radiator
mailing list