Apple clients suddenly can't authenticate to EAP-MSCHAPV2

Casartello, Thomas tomc at
Sun Sep 2 03:33:51 CEST 2012

Having a bizarre problem that started due to someone in my department deleting the samba computer account for my freeradius machine. I recreated it and for a time everything went back to normal, but later that afternoon all of my apple clients can simply not connect to our 802.1x enabled wireless network. We are using Cisco wireless controllers. Radiusd -X doesn't seem to be giving me enough debug output. Is there any suggestion as to drill down further to see what is going on here. I am having no issues with my Windows 7 clients and Windows mobile devices. Simply not getting enough information. Everything has been working fine for months and I don't understand why all of the sudden this is going on and why its only affecting Apple IOS devices and iMacs so far. Here's an example output.  This simply loops over and over again:

rad_recv: Access-Request packet from host port 32769, id=63, length=228
        User-Name = "oclarke"
        Calling-Station-Id = "10-40-f3-27-b9-83"
        Called-Station-Id = "00-1f-c9-ff-8a-d0:s-wsc"
       NAS-Port = 29
        Cisco-AVPair = "audit-session-id=ac1409fd000000085042b3cc"
        NAS-IP-Address =
        NAS-Identifier = "diller-wism-b"
        Airespace-Wlan-Id = 4
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "891"
        EAP-Message = 0x0207000c016f636c61726b65
        Message-Authenticator = 0x6015385c05fd07141cd27b2bd7d4452a
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[IPASS] No '/' in User-Name = "oclarke", looking up realm NULL
[IPASS] No such realm "NULL"
++[IPASS] returns noop
[suffix] No '@' in User-Name = "oclarke", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[ntdomain] No '\' in User-Name = "oclarke", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 7 length 12
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 216
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 63 to port 32769
        EAP-Message = 0x010800061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x0ca5d3010cadca632a899d669d6fd38b
Finished request 218.
Going to the next request

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list