Apple clients suddenly can't authenticate to EAP-MSCHAPV2
Alan DeKok
aland at deployingradius.com
Sun Sep 2 08:52:01 CEST 2012
Casartello, Thomas wrote:
> Having a bizarre problem that started due to someone in my department
> deleting the samba computer account for my freeradius machine. I
> recreated it and for a time everything went back to normal, but later
> that afternoon all of my apple clients can simply not connect to our
> 802.1x enabled wireless network.
That's what backups are for. Re-creating the account doesn't mean it
has the same configuration as before.
> We are using Cisco wireless
> controllers. Radiusd –X doesn’t seem to be giving me enough debug
> output. Is there any suggestion as to drill down further to see what is
> going on here. I am having no issues with my Windows 7 clients and
> Windows mobile devices. Simply not getting enough information.
> Everything has been working fine for months and I don’t understand why
> all of the sudden this is going on and why its only affecting Apple IOS
> devices and iMacs so far. Here’s an example output. This simply loops
> over and over again:
Well..
> rad_recv: Access-Request packet from host 172.20.9.253 port 32769,
> id=63, length=228
...
> EAP-Message = 0x0207000c016f636c61726b65
That's an EAP identity message, for user "oclarke".
> [eap] EAP Identity
> [eap] processing type tls
> [tls] Initiate
> [tls] Start returned 1
> ++[eap] returns handled
That's all fine.
> Sending Access-Challenge of id 63 to 172.20.9.253 port 32769
>
> EAP-Message = 0x010800061920
That's PEAP, and and empty PEAP packet, too. That's wrong.
Are you sure nothing else changed on the RADIUS server?
Alan DeKok.
More information about the Freeradius-Users
mailing list