Bug 2014525
| Summary: | Freeradius EAP-TTLS-MSCHAPv2 doesn't work | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Filip Dvorak <fdvorak> | ||||
| Component: | freeradius | Assignee: | Antonio Torres <antorres> | ||||
| Status: | CLOSED UPSTREAM | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | rawhide | CC: | alexander.m.scheel, antorres, lemenkov, nikolai.kondrashov | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2022-01-12 13:31:23 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1978216 | ||||||
| Attachments: |
|
||||||
The future upstream release 3.0.26 contains fixes related to OpenSSL3 support that fix this issue. Closing this BZ as the fixes will get into Rawhide when 3.0.26 releases. |
Created attachment 1833438 [details] EAPOL conf file + output from test Description of problem: eapol test fails with EAP-TTLS-MSCHAPv2 authentication mechanisms in Fedora. Version-Release number of selected component (if applicable): freeradius-3.0.25-1.fc36.x86_64 openssl-3.0.0-1.fc36.x86_64 wpa_supplicant-2.9-16.fc36.x86_64 How reproducible: Steps to Reproduce: 1. install freeradius, wpa_supplicant 2. generate certificates via bootrap script, add user into /etc/raddb/user 3. run radiusd 4. run eapol test /usr/sbin/eapol_test -c EAP-TTLS_MSCHAPV2.conf -s testing123 Actual results: ... RADIUS packet matching with station decapsulated EAP packet (code=4 id=238 len=4) from RADIUS server: EAP Failure EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: Status notification: completion (param=failure) EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE EAPOL: EAP key not available EAPOL: EAP Session-Id not available WPA: Clear old PMK and PTK EAP: deinitialize previously used EAP method (21, TTLS) at EAP deinit ENGINE: engine deinit MPPE keys OK: 0 mismatch: 1 FAILURE Expected results: eapol test should pass for EAP-TTLS-MSCHAPv2 mechanism Additional info: