Hi There.
I am trying to get radiusdesk running for a cient of mine. I have completed the install and everything seems to be running fine however I am getting this error when users try to authenticate.
TLS Alert read:fatal:access denied
I have run a sudo /usr/local/sbin/radiusd -X
I am seeing the following
Sending Access-Reject of id 21 to <Accesspoint IP=""> port 46185
EAP-Message = 0x04070004
Message-Authenticator - 0x00000000000000000000000000000000
Reply-Message = "Most likely PEAP failure. run in debug"
Not really sure how to trouble shoot this.
All clients are windows workstations 7 and one is windows phone 8.
Can anyone tell me how to fix this?
Thanks for your time..
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I assume you use FreeRADIUS (RADIUSdesk) for WPA2 Enterprise authentication.
The message that you see is normal and should actually happen because the client does not trust the server's CA. The server comes with a self signed CA which you either have to import onto the clients, or replace the server certificates with ones which are signed by a CA which the clients trust.
This is a normal security measure that prevent man-in-the-middle attacks.
Kind regards
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi There.
I am trying to get radiusdesk running for a cient of mine. I have completed the install and everything seems to be running fine however I am getting this error when users try to authenticate.
TLS Alert read:fatal:access denied
I have run a sudo /usr/local/sbin/radiusd -X
I am seeing the following
Sending Access-Reject of id 21 to <Accesspoint IP=""> port 46185
EAP-Message = 0x04070004
Message-Authenticator - 0x00000000000000000000000000000000
Reply-Message = "Most likely PEAP failure. run in debug"
Not really sure how to trouble shoot this.
All clients are windows workstations 7 and one is windows phone 8.
Can anyone tell me how to fix this?
Thanks for your time..
Hi,
I assume you use FreeRADIUS (RADIUSdesk) for WPA2 Enterprise authentication.
The message that you see is normal and should actually happen because the client does not trust the server's CA. The server comes with a self signed CA which you either have to import onto the clients, or replace the server certificates with ones which are signed by a CA which the clients trust.
This is a normal security measure that prevent man-in-the-middle attacks.
Kind regards