[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
T46g & T48G RADIUS 802.1x and SHA256
Author Message
Bigmac Offline
Junior Member
**

Posts: 8
Joined: Mar 2016
Reputation: 0
Post: #11
RE: T46g & T48G RADIUS 802.1x and SHA256
Hi Karl,

Any news from R&D?
Unfortunately, the 802.1x authentication still does not work with the new version T48-35.81.0.20.

The RADIUS Server Log displays the following message:
####
Reason Code: 23
Reason: An error occurred while the Network Policy Server was using the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.
####

I believe the EAP-MSCHAP v2 does not work correctly on the T48.
As previously posted, the version T48-35.80.0.70 works with 802.1x.

The T46 has the same problem with the version T46-28.81.0.20.
The version T46-28.80.0.70 works very well.

The firmware T46-28.80.0.70 send the Authentication-Type 5 = EAP
The firmware T46-28.81.0.20 send the Authentication-Type 11 = Unknown

BR, Torsten
(This post was last modified: 12-01-2016 03:48 PM by Bigmac.)
12-01-2016 09:34 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
dgcorp Offline
Junior Member
**

Posts: 4
Joined: Aug 2015
Reputation: 0
Post: #12
RE: T46g & T48G RADIUS 802.1x and SHA256
- Can Yealink acknowledge that there is a problem with 802.1x PEAP-MSCHAPv2 on the more recent ROMs and is anything being done to fix this?


I just found this forum thread and wanted to say that I'm seeing the same problems as Bigmac.

We are preparing to enable 802.1x across our wired network.
Planned 802.1x Auth Method = PEAP/MSCHAPv2
Switches are HP / Aruba
RADIUS is Win2012R2 Network Policy Server
CA Root is Win2012R2 Certificate Services.
Root Cert is Base64 PEM encoded (file ends in .cer) using SHA1 (not SHA256 I don't think)

Yealink T46 with ROM: 28.80.0.136 (provisioned by our supplier Teliqo)


I spent yesterday unable to get my test T46G phone to connect but it was just failing repeatedly, no matter what I adjusted in the RADIUS settings.

RADIUS logs error:
"Terminate Cause: Unexpected error. Possible error in server or client configuration." (most unhelpful I know)

Windows Security Log EventID 6273:
Reason Code: 23
Reason: An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.

Windows System Log EventID 36887: (around the same time)
"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46."

-

I was starting to pull my hair out, until I thought to try an older ROM. Here are my results:
28.72.23.6 = PEAP works
28.80.0.95 = PEAP works
28.80.0.136 = does NOT work
28.81.0.25 = does NOT work

I saw a similar PCAP network trace as I think Bigmac posted, but I haven't analysed it in great detail.


Regards, Derek
-
02-13-2017 10:00 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Karl_Yealink Offline
Super Moderator
******

Posts: 673
Joined: Apr 2015
Reputation: 5
Post: #13
RE: T46g & T48G RADIUS 802.1x and SHA256
Please send the PCAP files to me for test.
04-05-2017 02:21 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Bryan Nelson Offline
Member
***

Posts: 71
Joined: Feb 2013
Reputation: 0
Post: #14
RE: T46g & T48G RADIUS 802.1x and SHA256
Hello all,

We were also having issues with 802.1x and newer firmware, and our issue was related to the Extended Key Usage extension on the certificate itself. If client authentication was an allowed purpose, the certificate is rejected by the phone with "certificate unknown" as the error.

Extended Key Usage
Allowed Purposes: Server Authentication
,Client Authentication

This may or may not be the problem you are running into, as we likely use a very different setup. If anyone has any questions, feel free to PM me.

Thanks to Karl for assisting in solving this problem for us!
(This post was last modified: 04-07-2017 09:59 PM by Bryan Nelson.)
04-07-2017 09:48 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
abeggled Offline
Junior Member
**

Posts: 6
Joined: Oct 2015
Reputation: 0
Post: #15
RE: T46g & T48G RADIUS 802.1x and SHA256
Hi
I ran also in the 802.1x PEAP-MSCHAP v2 problems. The only firmware that' works is 35.80.0.70 on T48G.
Is there any chance to get this corrected?
Nay news from R&D?
@Bigmac: How have you solved it?

Regards,
Daniel
04-26-2017 10:51 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Bigmac Offline
Junior Member
**

Posts: 8
Joined: Mar 2016
Reputation: 0
Post: #16
RE: T46g & T48G RADIUS 802.1x and SHA256
Hi Daniel,

today I received a new firmware from Karl to test.
After installing, the T48G must be started twice, then 802.1x worked fine.

Unfortunately, the device is now slower when I use the display buttons.

Regards,
Torsten
04-26-2017 11:16 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Bigmac Offline
Junior Member
**

Posts: 8
Joined: Mar 2016
Reputation: 0
Post: #17
RE: T46g & T48G RADIUS 802.1x and SHA256
Not Solved

The new firmware T48-35.81.0.90.rom & T46-28.81.0.90.rom
have the same Problem.

I got the Firmware T48-35.81.0.76.rom & T46-28.81.0.78.rom
from Yealink_Karl which has fix the problem and working fine.

Why is in the new firmware again the old bug?

BR,
Torsten
(This post was last modified: 05-16-2017 12:45 PM by Bigmac.)
05-16-2017 08:08 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
thecyborg Offline
Junior Member
**

Posts: 1
Joined: May 2017
Reputation: 0
Post: #18
RE: T46g & T48G RADIUS 802.1x and SHA256
(05-16-2017 08:08 AM)Bigmac Wrote:  Not Solved

The new firmware T48-35.81.0.90.rom & T46-28.81.0.90.rom
have the same Problem.

I got the Firmware T48-35.81.0.76.rom & T46-28.81.0.78.rom
from Yealink_Karl which has fix the problem and working fine.

Why is in the new firmware again the old bug?

BR,
Torsten
I have the same issue; 802.1x fails in T48-35.81.0.90.rom and succeeds in T48-35.80.0.70.rom. Can we expect a bugfix firmware anytime soon?
05-22-2017 01:45 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Pico Offline
Junior Member
**

Posts: 1
Joined: Jan 2017
Reputation: 0
Post: #19
RE: T46g & T48G RADIUS 802.1x and SHA256
We are also seeing the same behaviour on different handsets - the T23G does exactly the same on firmwares > xx.80.0.70.
06-07-2017 07:35 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
KMTire Offline
Junior Member
**

Posts: 3
Joined: Aug 2016
Reputation: 0
Post: #20
RE: T46g & T48G RADIUS 802.1x and SHA256
Has there been any resolve to this? We are having what appears to be the same issue (except with Yealink T27G phones). I have tried FW versions 69.81.0.110 and, I believe, 69.81.0.25. Both of these version result in a response of error 23 from the radius server. This exact same configuration works fine with T28P w/ FW 2.73.0.40. There are not very many FW's available for the T27G phone and I am guessing all of the releases from 69.81.x.x will have this problem.

Any updates with this is welcomed.

Thanks,
Joe
07-12-2017 05:58 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Best way to manage line keys on multiple T48G/S sani390 0 3,421 07-01-2021 02:06 PM
Last Post: sani390
  Change standard outgoing line on T46G oestersund 1 6,491 12-15-2018 09:58 PM
Last Post: support2
  Call Park Mode transfer on T48G jasonblewis 2 10,915 11-09-2017 01:26 AM
Last Post: Aishion_Yealink
  T48G not connecting to Skype Lisa H 0 4,518 10-16-2017 03:17 AM
Last Post: Lisa H
  can't setup openvpn with t48g zzz 8 24,097 07-18-2017 09:04 AM
Last Post: sj
  T46G: How to deactivate Live Dialpad totally? Werner1959 6 16,357 03-05-2017 08:21 PM
Last Post: Werner1959
  T48G - busy tone for a second incomming call Dirk 8 19,783 01-17-2017 05:36 PM
Last Post: complex1
  T46G with exp40 Paulo Batista 2 8,963 11-06-2016 01:57 AM
Last Post: CWR
  T46G eaches only incoming calls, no outgoing calls Ddorf 2 8,249 10-27-2016 12:46 AM
Last Post: anonymous1711612242218
  T46G Hostname not registering on DHCP fraukas 2 12,564 10-27-2016 12:34 AM
Last Post: anonymous1711612242218

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication