Mac osx authentication problems

[Alan DeKok]

On Jan 12, 2022, at 11:41 AM, Jure Simšič via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> we are implementing two wifi SSIDs with two different radius authentications - first is our internal net with local freeradius 3.0 and NTLM and this works without a problem. The other is eduroam with external radius and while testing we found out that Mac OsX users can't connect to it. They get a u/p and the cert popup but after that it seems to just hang and eventually timeout. I've contacted the external radius guys and they said they are still on freeradius 2.1. Could this be the cause of the problems?

  Probably not.

  If the Mac systems get a certificate popup, then they aren't configured to accept the cert / CA presented by the other server.  The solution is to configure the Mac systems to know about those certs.

> I know the general rule is to upgrade to 3 but as said it's not our radius. If someone had similar experience or knows it's a version issue I will have better arguments to convince them to upgrade (I hope).

  They should upgrade, for a bunch of reasons.  v2 is no longer supported.  v3 has a lot better TLS debugging output, among many other changes.

  Alan DeKok.