Apple clients suddenly can't authenticate to EAP-MSCHAPV2

Alan DeKok aland at
Sun Sep 2 08:52:01 CEST 2012

Casartello, Thomas wrote:
> Having a bizarre problem that started due to someone in my department
> deleting the samba computer account for my freeradius machine. I
> recreated it and for a time everything went back to normal, but later
> that afternoon all of my apple clients can simply not connect to our
> 802.1x enabled wireless network.

  That's what backups are for.  Re-creating the account doesn't mean it
has the same configuration as before.

> We are using Cisco wireless
> controllers. Radiusd –X doesn’t seem to be giving me enough debug
> output. Is there any suggestion as to drill down further to see what is
> going on here. I am having no issues with my Windows 7 clients and
> Windows mobile devices. Simply not getting enough information.
> Everything has been working fine for months and I don’t understand why
> all of the sudden this is going on and why its only affecting Apple IOS
> devices and iMacs so far. Here’s an example output.  This simply loops
> over and over again:


> rad_recv: Access-Request packet from host port 32769,
> id=63, length=228
>         EAP-Message = 0x0207000c016f636c61726b65

  That's an EAP identity message, for user "oclarke".

> [eap] EAP Identity 
> [eap] processing type tls
> [tls] Initiate
> [tls] Start returned 1 
> ++[eap] returns handled

  That's all fine.

> Sending Access-Challenge of id 63 to port 32769
>         EAP-Message = 0x010800061920

  That's PEAP, and and empty PEAP packet, too.  That's wrong.

  Are you sure nothing else changed on the RADIUS server?

  Alan DeKok.

More information about the Freeradius-Users mailing list