iPad PEAP MSCHAPv2
Óscar Remírez de Ganuza Satrústegui
oscarrdg at unav.es
Fri Nov 20 08:41:00 CET 2015
Good morning,
Yes: new server (RHEL 5.4 -> CentOS 7.1) + new version of openssl (OpenSSL
0.9.8e-fips -> OpenSSL 1.0.1e-fips)
I will have a look to your suggestions:
- examining and comparing the access accept packets
- disabling tlsv1_2
Thank you so much for your help, Alan and Arran!
Regards,
*Oscar Remírez de Ganuza Satrústegui*
IT Services
Universidad de Navarra
Tel. +34 948425600 x803130
http://www.unav.edu/web/it/
On Thu, Nov 19, 2015 at 9:21 PM, <A.L.M.Buxey at lboro.ac.uk> wrote:
> Hi,
>
> > As I told on a previous email, we are migrating previous radius (2.1.9)
> > authentication to a new instance of freeradius (3.0.10).
>
> new server? new version of openssl on the new server?
>
> if the access accept packet is the same as that from 2.1.9 then the issue
> is somewhere else. I'd examine that last access accept packet.
>
>
> but my first instinct is that this is a MPPE key issue - access accept okay
> but the IOS device not likeing the derived keys - validate this by
> putting
>
> disable_tlsv1_2 = yes
>
> into the tls {} section of your eap module
>
>
> i think this issue is fixed in 3.0.x HEAD (?)
>
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list