of Mac and Men

ac221 A.Cudbard-Bell at sussex.ac.uk
Tue Apr 7 00:23:01 CEST 2009 

Hi,

> 
> oh, how I wish Lenny were a code name for MacOSX rather than Debian...
> anyway,

Linophile 

> or lovely friend Lenny or having a few issues compared to his friend
> George.
> Lenny wants to have the lovely Wifi...but cant. You see, Lenny has
'issues'
> and some of these issues wont be apparent until too late.

He wants to stroke it and pet it, but it doesn't want to be stroked or
petted and accuses him of passive snooping and replay attacks.

> 
> anyway, a few choice quotes from some google searches and I am none the
> wiser.
> I know this
> 
> Mac OSX seems to have some issues with Cisco Wireless kit in the LWAPP
> mode.

Mac OSX has issues with wireless in general. I found an interesting issue
the other day.

If you connect to a wireless access point, and then have a 3rd party
(KisMac) repeatedly send dissociate frames to clients connected on that
access point, after a while the Mac will stop re-connecting... to anything.

Wireshark running on the Mac shows the AP sending EAPOL-Identity Requests
and shows the Mac sending EAPOL-Identity responses, but if you actually
sniff the traffic passively, the Mac never sends anything! The wireless
adapter is obviously still working as it can start authentication and
associate, but once it gets that far, nothing !

To cure the Mac of it's ails it's a simple 'Turn Off', 'Turn On' of the
wireless adapter, but still a very annoying problem.

> Mac OSX seems to have some driver issues....especially since the same
kit
> (Macbook Pro) running Vista has no wireless problems. hmm.
> 
> however, a rather interesting log file from the RADIATOR release:
> 
> "Improved compatibility with some EAP-TTLS clients that previously would
> have
> required EAPTTLS_NoAckRequired. Reported by Ian Forster."
> 
> coupled with 
> 
> #This is added for Apple Macintosh Airport Extreme adapters
> EAPTTLS_NoAckRequired
> 
> suggests that something more is afoot.
> 
> so...how is MacOSX with you guys out there with FreeRADIUS? This 'issue
> with airport
> extreme' - is the code in FreeRADIUS also supporting of these ACK
issues?
> 
> the posse is closing these guys down. its only a matter of time.

Let's not put Lenny out of his misery just yet. I've never had problems
with EAP-TTLS on Macs, I've actually started recommending people use it, as
it appears to be slightly more efficient than PEAPv0 (based purely on the
number of rounds it takes to complete), and far better documented.

Could you elaborate on what issues you're seeing? -X perhaps ? Or maybe a
little PCAP..

Arran

More information about the Freeradius-Users mailing list