Mac OS X EAP-TLS with wrong usename kills freeradius when check_cert_cn is set
Miika Räisänen
mraisane at gmail.com
Thu Jan 18 21:03:54 CET 2007
Hi,
We are building freeradius server to authenticate WLAN users with
EAP-TLS and EAP-PEAP. EAP-PEAP works great with all tested operating
systems, but Mac OS X 802.1X client with EAP-TLS kills freeradius if
check_cert_cn is set on and Mac OS X user sends user name which does not
match with certificate's common name. Operating system version is 10.4.8
and it runs on Macbook. If Window XP user sets different outer identity
than cert's common name freeradius works ok (user gets rejected).
We have tested following freeradius server versions on following platforms
Freeradius 1.1.1 / SUN Os 5.8
Freeradius 1.1.3 (FC6's rpm) / FC6
Freeradius 1.1.4 (build from source)/ FC6
Freeradius snapshot 20070118 (build from source) / FC6
Freeradius 1.1.4 (build from source) / CentOS 4.4
FC and Centos are using distros default openssl libs etc.
Heres some log and debug from CentOS with freerad 1.1.4
http://cc.oulu.fi/~mraisane/tmp/radiusd.txt
Any ideas, fixes or workarounds?
More information about the Freeradius-Users
mailing list