Miika Räisänen wrote:
We are building freeradius server to authenticate WLAN users with EAP-TLS and EAP-PEAP. EAP-PEAP works great with all tested operating systems, but Mac OS X 802.1X client with EAP-TLS kills freeradius if check_cert_cn is set on and Mac OS X user sends user name which does not match with certificate's common name. Operating system version is 10.4.8 and it runs on Macbook.
I've heard something similar before, and I haven't been able to figure out why it happens.
We have tested following freeradius server versions on following platforms Freeradius 1.1.1 / SUN Os 5.8 Freeradius 1.1.3 (FC6's rpm) / FC6 Freeradius 1.1.4 (build from source)/ FC6 Freeradius snapshot 20070118 (build from source) / FC6 Freeradius 1.1.4 (build from source) / CentOS 4.4
That says it's common code, at least.
Any ideas, fixes or workarounds?
If you can get a core dump, that would help a lot. See doc/bugs Or, if you can run the server under "valgrind" for testing, it should print out what's going wrong. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog