Mac OSX + PEAP/MSCHAPv2 + Special characters in password
olivier at heliosnet.org
Wed May 14 14:44:27 CEST 2014
One of our institution reported that some of their users, using Mac OSX,
couldn't connect to eduroam. It appears that those users have special
characters in their password (éà§£ ect).
I can log with such an account using Windows, iOS, Android or
eapol_test, but with the default settings on Mac OSX (PEAP/MSCHAPv2) it
fails : mschap : MS-CHAP2-Response is incorrect.
The current workaround at the moment is to deploy a .mobileconfig
profile to configure their 802.1x settings to use TTLS/PAP, which works
We spent some time debugging this issue with Arran and think that's an
implementation error by MacOSX regarding the encoding of the password
used to generated the hash for MSCHAPv2. But so far I wasn't able to
confirm it by looking at the Apple discussion forums.
Has anyone of you also encountered this issue ?
Network & Security Engineer, HES-SO Fribourg
Mail: olivier at heliosnet.org
More information about the Freeradius-Users