Alan DeKok <aland <at> ox.org> writes: > I would suggest going through the debug logs for the two different > servers, and comparing the packets in detail. Find out what the > differences are, and why. That will tell you what's going on.
the problems start with the following difference: from glibc-2.2 radius: rlm_eap_tls: Length Included eaptls_verify returned 11 TLS_accept: SSLv3 read client key exchange A TLS_accept: SSLv3 read finished A TLS_accept: SSLv3 write change cipher spec A TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully from glibc-2.3 radius: rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully > Are you *sure* that the only differences in the two installations is > glibc? Maybe there's incompatible OpenSSL versions? The captured packets are completely different, the glibc-2.2 capture contains a NAS identifier, NAS Port, Framed MTU, NAS Port Type in the Access Request but the glibc-2.3 capture seems to lack this information. While the request came from the same accesspoint! (with an other radius server configured) Does this ring a bell? Thanks so far, greetings Dick - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html