Mac OS X EAP-TLS with wrong usename kills freeradius when check_cert_cn is set

Alan DeKok aland at deployingradius.com
Fri Jan 19 08:32:43 CET 2007


Miika Räisänen wrote:
>
> We are building freeradius server to authenticate WLAN users with
> EAP-TLS and EAP-PEAP. EAP-PEAP works great with all tested operating
> systems, but Mac OS X 802.1X client with EAP-TLS kills freeradius if
> check_cert_cn is set on and Mac OS X user sends user name which does not
> match with certificate's common name. Operating system version is 10.4.8
> and it runs on Macbook. 

  I've heard something similar before, and I haven't been able to figure
out why it happens.

> We have tested following freeradius server versions on following platforms
> Freeradius 1.1.1 / SUN Os 5.8
> Freeradius 1.1.3 (FC6's rpm) / FC6
> Freeradius 1.1.4 (build from source)/ FC6
> Freeradius snapshot 20070118 (build from source) / FC6
> Freeradius 1.1.4 (build from source) / CentOS 4.4

  That says it's common code, at least.

> Any ideas, fixes or workarounds?

  If you can get a core dump, that would help a lot.  See doc/bugs

  Or, if you can run the server under "valgrind" for testing, it should
print out what's going wrong.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list