OS X Mavericks not connecting to Debian FreeRADIUS

Edward Ulrich email at edwardulrich.com
Mon Aug 10 14:57:07 CEST 2015


Hello,

I'm trying to configure a FreeRADIUS server (Version 2.1.12) on computer 
running Debian Linux (Raspbain), and I'm trying to connect to it with a 
Mac laptop running OS X Mavericks (10.9).  I'm using the EAP-TLS 
Wireless WPA2-Enterprise SSL certificate method, but the Mac refuses to 
connect to the server, usually saying "Invalid password."   The server 
seems to be functioning properly, when I run the "freeradius  -X" 
command I get the "Ready to process requests" message and the error log 
does not log anything when I try to connect.

I'm relatively sure that the certificates have been created and 
installed properly into the server and Mac OS X keychain, I'm allowed to 
select the client certificate from a pull-down menu when I try to 
configure the networking in the OS X Networking preferences, but the 
computer doesn't actually end up connecting to the network.  I have 
created the certificates on the Linux side using ssl commands.

Question #1:  Do I need an entry in the FreeRADIUS config files for each 
individual client computer I'm trying to connect to, such as in the 
"users" file or "acct_users" file?  What would I put into those files if 
I needed to put something?   Instructions that I have seen suggest that 
I don't need to specify such information as long as the certificates 
have been created and implemented properly.  I did get a prompt for the 
certificate password when I put the certificate into the OS X keychain 
and I did enter that properly.  Also I was sure to name the "common 
name" of the certificate something unique and relevant.

Question #2:  In the EAP-TLS section of the "eap.conf" config file there 
is the "private_key_password" variable, and some instructions have told 
me just to comment that out.. I have also tried to use certificate 
passwords and also challenge passwords that were specified for the 
certificates, but I still get the same "Invalid Password" message on the 
OS X client no matter what I try to do with that.  What is the best 
setting I should use for that?

Question: #3:  Elsewhere I have seen instructions for using XML 
configuration profiles for setting up the networking on Mac computers, 
but I would rather not deal with that right now and instead I would like 
to just create and install the certificates manually to get the most 
basic setup running.. Presumably it is not mandatory to use that XML 
method with Mavericks for the certificates although please correct me if 
I am wrong.

I can provide whatever information is necessary, such as log files or 
the SSL commands I have used to create the certificates, ect..  Thank 
you for your help!



More information about the Freeradius-Users mailing list