Mac OS X EAP-TLS with wrong usename kills freeradius when check_cert_cn is set
Alan DeKok
aland at deployingradius.com
Fri Jan 19 08:32:43 CET 2007
Miika Räisänen wrote:
>
> We are building freeradius server to authenticate WLAN users with
> EAP-TLS and EAP-PEAP. EAP-PEAP works great with all tested operating
> systems, but Mac OS X 802.1X client with EAP-TLS kills freeradius if
> check_cert_cn is set on and Mac OS X user sends user name which does not
> match with certificate's common name. Operating system version is 10.4.8
> and it runs on Macbook.
I've heard something similar before, and I haven't been able to figure
out why it happens.
> We have tested following freeradius server versions on following platforms
> Freeradius 1.1.1 / SUN Os 5.8
> Freeradius 1.1.3 (FC6's rpm) / FC6
> Freeradius 1.1.4 (build from source)/ FC6
> Freeradius snapshot 20070118 (build from source) / FC6
> Freeradius 1.1.4 (build from source) / CentOS 4.4
That says it's common code, at least.
> Any ideas, fixes or workarounds?
If you can get a core dump, that would help a lot. See doc/bugs
Or, if you can run the server under "valgrind" for testing, it should
print out what's going wrong.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list