Mac OSX + PEAP/MSCHAPv2 + Special characters in password (Olivier Beytrison)
Rui Ribeiro
ruyrybeyro at gmail.com
Wed May 14 18:05:21 CEST 2014
Yes, an workmate last year with OS/X 10.6 or 10.7, locale pt_PT, trying to
login using a ' char as part of the password.
Regards,
Rui Ribeiro
pt.linkedin.com/pub/rui-ribeiro/16/ab8/434/
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 14 May 2014 14:44:27 +0200
> From: Olivier Beytrison <olivier at heliosnet.org>
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Subject: Mac OSX + PEAP/MSCHAPv2 + Special characters in password
> Message-ID: <5373652B.80705 at heliosnet.org>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hello,
>
> One of our institution reported that some of their users, using Mac OSX,
> couldn't connect to eduroam. It appears that those users have special
> characters in their password (???? ect).
>
> I can log with such an account using Windows, iOS, Android or
> eapol_test, but with the default settings on Mac OSX (PEAP/MSCHAPv2) it
> fails : mschap : MS-CHAP2-Response is incorrect.
>
> The current workaround at the moment is to deploy a .mobileconfig
> profile to configure their 802.1x settings to use TTLS/PAP, which works
> correctly.
>
> We spent some time debugging this issue with Arran and think that's an
> implementation error by MacOSX regarding the encoding of the password
> used to generated the hash for MSCHAPv2. But so far I wasn't able to
> confirm it by looking at the Apple discussion forums.
>
> Has anyone of you also encountered this issue ?
>
> Regards,
> Olivier B.
> --
>
> Olivier Beytrison
> Network & Security Engineer, HES-SO Fribourg
> Mail: olivier at heliosnet.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140514/ded3761b/attachment.html>
More information about the Freeradius-Users
mailing list