Re: Mac PEAP authentication with FreeRADIUS Pre2.0

Yes, it looks like your Mac may not like the MSCHAPv2 response for some reason. On your Mac (as root), create the directory /var/log/ eapolclient, then retry your authentication. The EAP client is OS X should write out debugging information for the EAP session into that directory and should give you a better idea of why its halting. 

--Mike

On Feb 1, 2007, at 3:21 PM, King, Michael wrote:


-----Original Message-----

When I try a Mac (PowerMac 10.4.8, but have tried also on 10.3.x), it
seems to not work. The Mac throws an error "802.1x Authentication has 
failed."


After more testing, and staring at the debug's, it seems this is where
the break-down is, the MAC isn't answering the tunneled-Access
Challenge.  Least, this is what I'm thinking. (This is a different
debug)

modcall:  entering group authenticate for request 23
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/mschapv2
  rlm_eap: processing type mschapv2
  Processing the authenticate section of radiusd.conf
modcall:  entering group MS-CHAP for request 23
  rlm_mschap: No Cleartext-Password configured.  Cannot create
LM-Password.
  rlm_mschap: No Cleartext-Password configured.  Cannot create
NT-Password.
  rlm_mschap: Told to do MS-CHAPv2 for mking with NT-Password
radius_xlat: Running registered xlat function of module mschap for
string 'User-Name'
radius_xlat:  '--username=mking'
radius_xlat: Running registered xlat function of module mschap for
string 'Challenge'
 mschap2: 94
radius_xlat:  '--challenge=4ebfbb2c2373c4c9'
radius_xlat: Running registered xlat function of module mschap for
string 'NT-Response'
radius_xlat:
'--nt-response=a53b88d2b14aead7f697498aa066c2d02e79c3d0a6e84427'
Exec-Program output: NT_KEY: 1BA2159EDC0597637BA8848B83AA9B2B
Exec-Program-Wait: plaintext: NT_KEY: 1BA2159EDC0597637BA8848B83AA9B2B
Exec-Program: returned: 0
rlm_mschap: adding MS-CHAPv2 MPPE keys
  modcall[authenticate]: module "mschap" returns ok for request 23
modcall: group MS-CHAP returns ok for request 23
MSCHAP Success
  modcall[authenticate]: module "eap" returns handled for request 23
modcall: group authenticate returns handled for request 23
  PEAP: Got tunneled reply RADIUS code 11
        MS-CHAP2-Success =
0x0d533d65333662373338316262383939643261306661336565356463333831303631 61 
6663303239326336
        EAP-Message =
0x010e00331a030d002e533d6533366237333831626238393964326130666133656535 64 
63333831303631616663303239326336
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xfd5c09024628badca09e5ae9eec682e7
  PEAP: Processing from tunneled session code 0x81c1788 11
        MS-CHAP2-Success =
0x0d533d65333662373338316262383939643261306661336565356463333831303631 61 
6663303239326336
        EAP-Message =
0x010e00331a030d002e533d6533366237333831626238393964326130666133656535 64 
63333831303631616663303239326336
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xfd5c09024628badca09e5ae9eec682e7
  PEAP: Got tunneled Access-Challenge
  modcall[authenticate]: module "eap" returns handled for request 23
modcall: group authenticate returns handled for request 23
Sending Access-Challenge of id 4 to 10.0.1.22 port 32769
        EAP-Message =
0x010e005b1900170301005075b366b0bc3665ce9cc4c3bb5d4907020fce14dcf06c5f fb cdc725c126803bd0de38918995021346758fc00ed823cc7b13be5d69ed780a80ac04bf cb 
9cb85dee2ab382e8b88b3a7b7cdccfc227583867
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xf3f735fa7f444b2ef47757092fcbef29
Finished request 23
Going to the next request
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 16 ID 253 with timestamp 45c257be
Cleaning up request 20 ID 1 with timestamp 45c257be
Cleaning up request 22 ID 3 with timestamp 45c257be

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.