Authentication with rlm_python module failes for iphone, works for android, windows, linux
Alan DeKok
alan.dekok at inkbridge.io
Sun Jan 11 18:48:32 UTC 2026
On Jan 11, 2026, at 6:29 AM, The2nd <the2nd at otpme.org> wrote:
> i hope this is the right list for this question.
It's the only list for FreeRADIUS. :)
> I've written a python module to be used with freeradius
Why? The server can do just about anything. My suspicion is that you could just use the REST module to poke a back-end REST API, and the rest of it could be done in unlang. But OK....
> and it works for wlan authentication (mschapv2) with windows, linux and android devices. But it fails with iphone/ios. With iOS is see the request in my python module and it authenticates against my server successfully but the iPhone always tells me "Unable to join the network <ssid>".
Does iOS work when you *don't* use your module? i.e. when you put a clear-text password into the configuration, and let FreeRADIUS do everything?
> As it works with linux, windows and android i think its not completely wrong.
There's likely some odd corner case you're missing, or the iOS device isn't configured correctly.
Debug it with the normal FreeRADIUS configuration. That way you can narrow down where the problem is.
> ...
> (9) Sent Access-Challenge Id 213 from 10.219.195.1:1812 to 10.219.195.225:38276 length 140
> (9) EAP-Message = 0x012c0052190017030300472209ea55626d5ff1c5bfe6da41424c37ee71bb77118b8f1f51e7bdb050466709030848e8afe46e99cd47ef4337957aa870e14a5a42c006d97a017640d76c88fd54daf3585dae47
> (9) Message-Authenticator = 0x00000000000000000000000000000000
> (9) State = 0xac2b487aa50751714e974a6b4baa7cab
> (9) Finished request
> Waking up in 4.0 seconds.
The iOS device doesn't like the response, and therefore stops talking to FreeRADIUS.
To see exactly what it doesn't like, look at the debug logs on the device. And yes, generally there are no debug logs on the device. The vendors seem to hate their customers, and provide no way to debug anything.
Alan DeKok.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20260111/73b1c5de/attachment.sig>
More information about the Freeradius-Users
mailing list