Problem resolved....My network admin made a change to an outbound access list blocking the radius server from communicating with these controllers. He just undid it and it's working now...........
-----Original Message----- From: freeradius-users-bounces+tomc=westfield.ma....@lists.freeradius.org [mailto:freeradius-users-bounces+tomc=westfield.ma....@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Sunday, September 02, 2012 2:52 AM To: FreeRadius users mailing list Subject: Re: Apple clients suddenly can't authenticate to EAP-MSCHAPV2 Casartello, Thomas wrote: > Having a bizarre problem that started due to someone in my department > deleting the samba computer account for my freeradius machine. I > recreated it and for a time everything went back to normal, but later > that afternoon all of my apple clients can simply not connect to our > 802.1x enabled wireless network. That's what backups are for. Re-creating the account doesn't mean it has the same configuration as before. > We are using Cisco wireless > controllers. Radiusd –X doesn’t seem to be giving me enough debug > output. Is there any suggestion as to drill down further to see what > is going on here. I am having no issues with my Windows 7 clients and > Windows mobile devices. Simply not getting enough information. > Everything has been working fine for months and I don’t understand why > all of the sudden this is going on and why its only affecting Apple > IOS devices and iMacs so far. Here’s an example output. This simply > loops over and over again: Well.. > rad_recv: Access-Request packet from host 172.20.9.253 port 32769, > id=63, length=228 ... > EAP-Message = 0x0207000c016f636c61726b65 That's an EAP identity message, for user "oclarke". > [eap] EAP Identity > [eap] processing type tls > [tls] Initiate > [tls] Start returned 1 > ++[eap] returns handled That's all fine. > Sending Access-Challenge of id 63 to 172.20.9.253 port 32769 > > EAP-Message = 0x010800061920 That's PEAP, and and empty PEAP packet, too. That's wrong. Are you sure nothing else changed on the RADIUS server? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html