<div dir="ltr"><div>Yes, an workmate last year with OS/X 10.6 or 10.7, locale pt_PT, trying to login using a ' char as part of the password.</div><div><br></div><div>Regards,</div><div>Rui Ribeiro</div><div><a href="http://pt.linkedin.com/pub/rui-ribeiro/16/ab8/434/">pt.linkedin.com/pub/rui-ribeiro/16/ab8/434/</a><br>
</div><div><br></div><br><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Wed, 14 May 2014 14:44:27 +0200<br>
From: Olivier Beytrison <<a href="mailto:olivier@heliosnet.org" target="_blank">olivier@heliosnet.org</a>><br>
To: FreeRadius users mailing list<br>
<<a href="mailto:freeradius-users@lists.freeradius.org" target="_blank">freeradius-users@lists.freeradius.org</a>><br>
Subject: Mac OSX + PEAP/MSCHAPv2 + Special characters in password<br>
Message-ID: <<a href="mailto:5373652B.80705@heliosnet.org" target="_blank">5373652B.80705@heliosnet.org</a>><br>
Content-Type: text/plain; charset=ISO-8859-1<br>
<br>
Hello,<br>
<br>
One of our institution reported that some of their users, using Mac OSX,<br>
couldn't connect to eduroam. It appears that those users have special<br>
characters in their password (???? ect).<br>
<br>
I can log with such an account using Windows, iOS, Android or<br>
eapol_test, but with the default settings on Mac OSX (PEAP/MSCHAPv2) it<br>
fails : mschap : MS-CHAP2-Response is incorrect.<br>
<br>
The current workaround at the moment is to deploy a .mobileconfig<br>
profile to configure their 802.1x settings to use TTLS/PAP, which works<br>
correctly.<br>
<br>
We spent some time debugging this issue with Arran and think that's an<br>
implementation error by MacOSX regarding the encoding of the password<br>
used to generated the hash for MSCHAPv2. But so far I wasn't able to<br>
confirm it by looking at the Apple discussion forums.<br>
<br>
Has anyone of you also encountered this issue ?<br>
<br>
Regards,<br>
Olivier B.<br>
--<br>
<br>
Olivier Beytrison<br>
Network & Security Engineer, HES-SO Fribourg<br>
Mail: <a href="mailto:olivier@heliosnet.org" target="_blank">olivier@heliosnet.org</a><br>
<br></blockquote></div></div></div>