Hello,
I already posted in the german part of this forum (https://forum.opnsense.org/index.php?topic=31124.0).
Since my update to 22.7.8, which included an update of freeradius to version 3.2.1 I'm facing problems with my wifi-clients.
They simply won't connect anymore, the radius-log is showing the error, that you can see below.
I tried reinstalling the freeradius-package, deleting the raddb-folder etc. None of which has worked so far.
Auth: (25) Login incorrect (eap: Failed continuing EAP TLS (13) session. EAP sub-module failed): [USERNAME/<via Auth-Type = eap>] (from client ACCESSPOINT port 0 cli XX-XX-XX-XX-XX-XX)
Auth: (25) Login incorrect: [USERNAME/<via Auth-Type = Reject>] (from client ACCESSPOINT port 0 cli XX-XX-XX-XX-XX-XX via TLS tunnel)
I found a very unsatisfying solution: The config-parameter "Check TLS Common-Name" was suddenly causing these problems.
If I uncheck this box everything works just fine.
But: Now everyone with a valid certificate could log in as any other user...
Is this a bug?
Cause it worked just fine before the update and of course the common-names and usernames are identical.
Can you try to revert:
https://forum.opnsense.org/index.php?topic=31124.msg150219#msg150219
Hi mimugmail,
thanks for your help, reverting helped indeed!
opnsense-revert -r 22.7.3 freeradius3
But this is obviously a software bug?
Quote from: senser8912 on November 25, 2022, 09:37:27 AM
Hi mimugmail,
thanks for your help, reverting helped indeed!
opnsense-revert -r 22.7.3 freeradius3
But this is obviously a software bug?
A bug of FreeRadius where OPN is not responsible of.
Can you also revert to 22.7.7 and check again?