On 6 Mar 2011, at 13:03, Phil Mayers wrote: > On 03/05/2011 04:46 PM, Guy wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> Hi, >> >> I'm setting up Freeradius2 (FreeRADIUS Version 2.1.7) for WPA >> Enterprise 2, and I have it basically working. my iPhone/iPad are >> able to authenticate and connect via the base station. However my >> Mac (OSX 10.6 Snow leopard) Laptops are having issues. >> >> I do not want to push out Client certificates to the laptops. I also >> do not want people to have to perform any customisations on the >> clients. >> >> When the laptop attempts to join the network I get a nice login >> window, with username/password. This is fine. However without >> playing with the network settings (802.1x settings). I'm not able to >> join the network because I do not have a client Cert: > > EAP-TLS *requires* a client cert. If you want to use EAP-TLS, you will have > to do something on the clients. > > If you want to use PEAP or something, there are two things to consider - the > default eap type in eap.conf: > > eap { > default_eap_type = peap > ... > } > > ...and the default EAP type on MacOS. > > PEAP & TTLS require the "tls" EAP type to be configured I think; I'm not sure > you can disable EAP-TLS, as this will break PEAP & TTLS. The best you can do > is change the default types. > > If changing it on the server doesn't accomplish it, then I think you're going > to have to do some config on the clients. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Yup that was it... I changed "default_eap_type=md5" to "default_eap_type=ttls" and now the Macs are able to authenticate without Certs or any configuration on their side!! Cheers, --Guy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html