Heikki, Thanks for the links. I did come across that in my Googling. My certificate reports:
X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication It doesn't mention the OID specifically just the text as given. The cert is from RapidSSL as an aside. Other clients treat this differently as well. An android device will successfully auth according to the debug logs but never connects to the AP as it seems to timeout. And a Mac OSX device just authenticates successfully over and over and over again, per the debug logs, without connecting. Its really bothersome that all the devices aren't behaving the same way, since I have the feeling if I can find a way to fix it for one the others will continue to fail. Given that, I'm at a loss on how to continue to debug this issue. Do you have any other suggestions or can I provide any more logs? Alan, To make sure I'm on the same page with you, I'm guessing by "supplicant" you mean the wireless client (in this case a Windows 7 laptop)? There's no configuration that pops up immediately on that one. I tell it to connect to the network and it pops up a username / password dialog no other options to set. I'm under the impression that no certs need to be installed on clients for this to function correctly, is that the case? Thanks, Jeff Smith Network Engineer Neonova Network Services (919) 460-3330 d...@neonova.net On Wed, Feb 19, 2014 at 3:32 PM, Heikki Vatiainen <h...@open.com.au> wrote: On 02/19/2014 10:08 PM, Jeffrey Smith wrote: > Wed Feb 19 10:59:58 2014: ERR: EAP PEAP TLS read failed: 13601: 1 - > error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access denied Here's one more possibility from the list archives: http://www.open.com.au/pipermail/radiator/2004-August/009982.html I agree with Alan that the AP client probably does not care but the other client does. In addition to what has already been suggested, I'd check the Radiator certificate to see the Extended Key Usage (EKU) is there. http://support.microsoft.com/kb/814394 Thanks, Heikki -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
_______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator