Ok I may have spoken too soon. I just found this online: "Apparently starting with iOS 9.1, if the RADIUS cert does not contain the "Key Encipherment" flag, iOS will reject authentication with: Oct 1 11:27:29.752545 TiPadAir2 eapolclient[455]: [eaptls_plugin.c:292] eaptls_verify_server(): server certificate not trusted status 1001 -9807" I'm guessing this is probably what I need to do to get this to work. Anyone know what this "Key Encipherment" flag is, and how to include it in the Radius cert? On Wed, Jun 22, 2016 at 10:12 AM, Michael Martinez <mwtzzz@gmail.com> wrote:
On Sat, Jun 18, 2016 at 4:50 PM, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
/usr/local/freeradius/sbin/radiusd -v
Is more accurate than using ldd. It calls a version function in OpenSSL to get the version, it doesn't use compile time macros.
Awesome, thanks.
FYI, we were able to crack open the iPad logs, and found the following interesting entries:
Jun 21 14:15:03 iPad eapolclient[178] <Error>: SecTrustEvaluate [leaf AnchorTrusted] Jun 21 14:15:03 iPad eapolclient[178] <Notice>: [eaptls_plugin.c:291] eaptls_verify_server(): server certificate not trusted status 1001 9807 Jun 21 14:15:03 iPad kernel[0] <Notice>: 000220.437816 wlan0.N[82] AppleBCMWLANCore::setCIPHER_KEY(): [eapolclient]: type = CIPHER_MSK, index = 0, flags = 0x0, key length = 0, key rsc length = 0 Jun 21 14:15:03 iPad eapolclient[178] <Notice>: en0 EAPTLS: authentication failed with status 1001
So, it appears we need to set the iPad to trust my self-signed server certificate, and then it should work.
-- --- Michael Martinez http://www.michael--martinez.com