Hi,I'm setting up a Mikrotik wireless AP with a freeradius server behind it and EAP-TLS, client connects "fine" (those errors are meaningless, right? can I get rid of them?):
Tue May 29 11:47:56 2007 : Error: TLS_accept:error in SSLv3 read client certificate A Tue May 29 11:47:56 2007 : Error: rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) Tue May 29 11:47:59 2007 : Error: rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) Tue May 29 11:48:00 2007 : Auth: Login OK: [Jan Schermer/<no User-Password attribute>] (from client internal-rec port 0)
but after a while, the connection is renegotiated (maybe because of weak signal), but then it starts failing:
Tue May 29 12:01:12 2007 : Error: TLS_accept:error in SSLv3 read client certificate A Tue May 29 12:01:12 2007 : Error: rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) Tue May 29 12:01:16 2007 : Error: rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) Tue May 29 12:01:16 2007 : Auth: Login OK: [Jan Schermer/<no User-Password attribute>] (from client internal-rec port 0) Tue May 29 12:01:41 2007 : Error: TLS_accept:error in SSLv3 read client certificate A Tue May 29 12:01:41 2007 : Error: rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) Tue May 29 12:02:42 2007 : Error: TLS_accept:error in SSLv3 read client certificate A Tue May 29 12:02:42 2007 : Error: rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) Tue May 29 12:02:44 2007 : Error: rlm_eap_tls: The EAP-TLS packet will contain more data than we can process. Tue May 29 12:02:44 2007 : Auth: Login incorrect: [Jan Schermer/<no User-Password attribute>] (from client internal-rec port 0) Tue May 29 12:02:53 2007 : Error: TLS_accept:error in SSLv3 read client certificate A Tue May 29 12:02:53 2007 : Error: rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) Tue May 29 12:02:55 2007 : Error: rlm_eap_tls: The EAP-TLS packet will contain more data than we can process. Tue May 29 12:02:55 2007 : Auth: Login incorrect: [Jan Schermer/<no User-Password attribute>] (from client internal-rec port 0) Tue May 29 12:03:08 2007 : Error: TLS_accept:error in SSLv3 read client certificate A Tue May 29 12:03:08 2007 : Error: rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) Tue May 29 12:03:09 2007 : Error: rlm_eap_tls: The EAP-TLS packet will contain more data than we can process. Tue May 29 12:03:09 2007 : Auth: Login incorrect: [Jan Schermer/<no User-Password attribute>] (from client internal-rec port 0)
What might be the cause of this? I suspect that Mikrotik corrupts the packets somehow...
I'm using freeradius 1.1.3-3 (debian etch version with EAP-TLS enabled) Thanks -- Jan Schermer Linux Administrator ET NETERA | smart e-business solutions [EMAIL PROTECTED] +420 608022225 ~ [ www.ahold.cz | www.annonce.cz | www.datart.cz ] [ www.knizniweb.cz | www.siemens.cz | www.cz.o2.com ] Created by ET NETERA | Powered by jNetPublish
begin:vcard fn:Jan Schermer / ET NETERA n:Schermer;Jan org:Et netera a.s.;Deployment and Operations adr:;;Milady Horakove 108;Praha 6;;16000;Czech Republic email;internet:[EMAIL PROTECTED] title:Linux Administrator tel;work:+420 233326810 tel;cell:+420 608022225 x-mozilla-html:FALSE url:http://www.etnetera.cz version:2.1 end:vcard
smime.p7s
Description: S/MIME Cryptographic Signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html