Well, The problem we had was for TLS. Our PKI infrastructure had a hashed signature whit MD5. The hashing used should be at least SHA-1 for iOS 5 devices.
In Microsoft Windows, if you start certmgr.msc, and look at a Root CA certificate, in Details, you can find the hashing algorythm used for the signature. We had to change our infrastructure, so we took SHA-256. The only certificate that kept the MD5 hashing is our Root CA. It works fine, since then. But, as I wrote, it is for TLS authentication. Martin Bérubé Analyste Technique Architecture Et Sécurité Tél. : (450) 463-1890 poste 3362 Avant d'imprimer, pensez à l'environnement. > -----Message d'origine----- > De : jz.peng...@gmail.com [mailto:jz.peng...@gmail.com] De la part de James > Envoyé : 28 février 2012 12:56 > À : Martin Bérubé > Cc : radiator@open.com.au > Objet : Re: [RADIATOR] eap + apple products - failed auth > > Thanks for the response. > > I'm not sure how to determine that; can you give me a nudge in the right > direction? > > -james > > > On Tue, Feb 28, 2012 at 12:49, Martin Bérubé <mber...@jeancoutu.com> wrote: > > Hello James, > > > > Are you using MD5 hashing for the issuer certificate ? > > Apple dropped support for MD5 hashing for all certificates, except the CA > (root) ones, starting with iOS 5. > > > > > > Martin Bérubé > > Analyste Technique > > Architecture Et Sécurité > > Tél. : (450) 463-1890 poste 3362 > > Avant d'imprimer, pensez à l'environnement. > > > > > > > >> -----Message d'origine----- > >> De : radiator-boun...@open.com.au > >> [mailto:radiator-boun...@open.com.au] De la part de James Envoyé : 28 > >> février 2012 12:38 À : radiator@open.com.au Objet : [RADIATOR] eap + > >> apple products - failed auth > >> > >> All, > >> > >> I'm facing a pretty weird problem while trying to set up EAP > authentication. > >> Windows and Linux devices seem to work fine without issues -- the > >> clients are prompted to authenticate, accept the certificate, and > >> then they're successfully auth'ed and hop onto the wireless network. > >> > >> Apple products (OS X, iPad and iPod) seem to have a strange issue, > >> however: Radiator sends an Access-Accept, the client sees that > >> authentication was successful, but the client will disconnect and > >> then reconnect ensuing in an authentication loop. Logs on OS X > >> indicate that authentication *IS* successful, but the operating > >> system eventually reports a timeout in the 4-way handshake. > >> > >> Here's the Radiator configuration: > >> > >> -->8-- > >> > >> DefineFormattedGlobalVar ConfigDir /opt/radiator/config LogDir > >> /opt/radiator/logs DbDir /opt/radiator/db Trace 4 AuthPort 1645 > >> AcctPort 1646 PidFile %L/wireless.pid LogFile <Log FILE> > >> Identifier radiatorLog > >> Filename %L/%d.%v.%Y/wireless.log > >> Trace 4 > >> LogMicroseconds > >> </Log> > >> <Client DEFAULT> > >> Secret whatever > >> DupInterval 0 > >> </Client> > >> <SessionDatabase NULL> > >> Identifier Null > >> </SessionDatabase> > >> <AuthLog FILE> > >> Identifier authLogger > >> Filename %L/%d.%v.%Y/wireless.auth > >> LogSuccess 1 > >> LogFailure 1 > >> SuccessFormat %q %v %e %Y @ %s (child process %O) -> AUTHORIZED > >> %T request from %c (nas = %N) for user %U > >> FailureFormat %q %v %e %Y @ %s (child process %O) -> DENIED %T > >> request from %c (nas = %N) for user %U </AuthLog> include > >> %{GlobalVar:ConfigDir}/auth.wireless > >> <Handler TunnelledByPEAP=1> > >> AuthBy dm-wifi > >> AuthLog authLogger > >> Log radiatorLog > >> AcctLogFileName %L/%d.%v.%Y/wireless.log </Handler> <Handler> > >> AuthBy eap-outer > >> AuthLog authLogger > >> Log radiatorLog > >> AcctLogFileName %L/%d.%v.%Y/wireless.log </Handler> <AuthBy NTLM> > >> Identifier dm-wifi > >> NtlmAuthProg /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 > >> DefaultDomain DHE > >> EAPType MSCHAP-V2 > >> </AuthBy> > >> <AuthBy FILE> > >> Identifier eap-outer > >> Filename %D/users > >> EAPType MSCHAP-V2,PEAP,FAST,TLS,TTLS > >> EAPTLS_CAFile %{GlobalVar:ConfigDir}/certs/duke.ca.cert > >> EAPTLS_CertificateFile > >> %{GlobalVar:ConfigDir}/certs/wifi-radius1.cert > >> EAPTLS_CertificateType PEM > >> EAPTLS_PrivateKeyFile > >> %{GlobalVar:ConfigDir}/certs/wifi-radius1.key > >> EAPTLS_PrivateKeyPassword whatever > >> EAPTLS_MaxFragmentSize 1000 > >> AutoMPPEKeys > >> EAPTLS_PEAPVersion 1 > >> </AuthBy> > >> > >> --8<-- > >> > >> Tue Feb 28 12:27:59 2012 737876: DEBUG: Packet dump: > >> *** Received from 10.11.55.232 port 32768 .... > >> Code: Access-Request > >> Identifier: 145 > >> Authentic: ES<<16><147>F<136><228>l<229>#z<234><212><182><128> > >> Attributes: > >> User-Name = "testUser" > >> Calling-Station-Id = "b3-dd-ae-87-22-b3" > >> Called-Station-Id = "bb-3d-b3-ae-00-b0:test" > >> NAS-Port = 29 > >> cisco-avpair = "audit-session-id=0abff816000000f84f4d0bcd" > >> NAS-IP-Address = 10.11.55.232 > >> NAS-Identifier = "cisco-wism" > >> Airespace-WLAN-Id = 7 > >> Service-Type = Framed-User > >> Framed-MTU = 1300 > >> NAS-Port-Type = Wireless-IEEE-802-11 > >> Tunnel-Type = 0:VLAN > >> Tunnel-Medium-Type = 0:802 > >> Tunnel-Private-Group-ID = 924 > >> EAP-Message = <2><9><0>+<25><1><23><3><1><0> > >> |<195><27><180>;<16>F<128>"K<158><253>3<141><243>+<216><11><159><183> > >> |<22 > >> |7><2>6rs<166>f<144><141><244><3><150> > >> Message-Authenticator = > >> <196><237><143><215><203><146>/v<170><219><21><233><214><29>"<193> > >> > >> Tue Feb 28 12:27:59 2012 738099: DEBUG: Handling request with Handler > >> '', Identifier '' > >> Tue Feb 28 12:27:59 2012 738216: DEBUG: Handling request with Handler > >> '', Identifier '' > >> Tue Feb 28 12:27:59 2012 738406: DEBUG: Handling with > >> Radius::AuthFILE: eap-outer > >> Tue Feb 28 12:27:59 2012 738611: DEBUG: Handling with EAP: code 2, 9, > >> 43, 25 Tue Feb 28 12:27:59 2012 738738: DEBUG: Response type 25 Tue > >> Feb 28 12:27:59 > >> 2012 739078: DEBUG: EAP PEAP inner authentication request for > >> anonymous Tue Feb 28 12:27:59 2012 739300: DEBUG: PEAP Tunnelled request > Packet dump: > >> Code: Access-Request > >> Identifier: UNDEF > >> Authentic: <199><244><220><211><14><18>.<159><18>B}<30><209><202>kr > >> Attributes: > >> EAP-Message = <2><0><0><10><1>testUser > >> Message-Authenticator = > >> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > >> NAS-IP-Address = 10.11.55.232 > >> NAS-Identifier = "cisco-wism" > >> NAS-Port = 29 > >> Calling-Station-Id = "b3-dd-ae-87-22-b3" > >> User-Name = "anonymous" > >> > >> Tue Feb 28 12:27:59 2012 739446: DEBUG: Handling request with Handler > >> 'TunnelledByPEAP=1', Identifier '' > >> Tue Feb 28 12:27:59 2012 739556: DEBUG: Handling request with Handler > >> 'TunnelledByPEAP=1', Identifier '' > >> Tue Feb 28 12:27:59 2012 739737: DEBUG: Handling with > >> Radius::AuthNTLM: dm- wifi Tue Feb 28 12:27:59 2012 739910: DEBUG: > >> Handling with EAP: code 2, 0, 10, 1 Tue Feb 28 12:27:59 2012 740035: > >> DEBUG: Response type 1 Tue Feb 28 > >> 12:27:59 2012 740206: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge > >> Tue Feb > >> 28 12:27:59 2012 740326: DEBUG: AuthBy NTLM result: CHALLENGE, EAP > >> MSCHAP-V2 Challenge Tue Feb 28 12:27:59 2012 740434: DEBUG: AuthBy NTLM > result: > >> CHALLENGE, EAP MSCHAP-V2 Challenge Tue Feb 28 12:27:59 2012 740560: > DEBUG: > >> Access challenged for > >> anonymous: EAP MSCHAP-V2 Challenge > >> Tue Feb 28 12:27:59 2012 740680: DEBUG: Access challenged for > >> anonymous: EAP MSCHAP-V2 Challenge > >> Tue Feb 28 12:27:59 2012 740931: DEBUG: Returned PEAP tunnelled packet > dump: > >> Code: Access-Challenge > >> Identifier: UNDEF > >> Authentic: <199><244><220><211><14><18>.<159><18>B}<30><209><202>kr > >> Attributes: > >> EAP-Message = > >> <1><1><0>*<26><1><1><0>%<16><214><185><12><255>~v<196><242>]<176>QX<1 > >> 62><12> > >> <128>ywifi-radius-temp > >> Message-Authenticator = > >> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > >> > >> Tue Feb 28 12:27:59 2012 741140: DEBUG: EAP result: 3, EAP PEAP inner > >> authentication redispatched to a Handler Tue Feb 28 12:27:59 2012 741267: > >> DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP inner authentication > >> redispatched to a Handler Tue Feb 28 12:27:59 2012 741377: DEBUG: > >> AuthBy FILE result: CHALLENGE, EAP PEAP inner authentication > >> redispatched to a Handler Tue Feb 28 12:27:59 2012 741504: DEBUG: > >> Access challenged for > >> testUser: EAP PEAP inner authentication redispatched to a Handler Tue > >> Feb 28 > >> 12:27:59 2012 741619: DEBUG: Access challenged for > >> testUser: EAP PEAP inner authentication redispatched to a Handler Tue > >> Feb 28 > >> 12:27:59 2012 741984: DEBUG: Packet dump: > >> *** Sending to 10.11.55.232 port 32768 .... > >> Code: Access-Challenge > >> Identifier: 145 > >> Authentic: +r<221>"<169>)<140><154>0<188><185><183><167><220>[<23> > >> Attributes: > >> EAP-Message = > >> <1><10><0>K<25><1><23><3><1><0>@5<212>O<151>\,I<180><210>>7<185>|<18> > >> <188>[< > >> 218>Y<148><144><231><173>w<180><138><218>c<225><160>=C]n<233><13><196 > >> 218>>"o<242 > >> ><11><165><198><18>&<215>]<242>M<151><159><145><140>'6D<163>a<177><18 > >> >3>W<170 > >> >)<129>T > >> Message-Authenticator = > >> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > >> > >> Tue Feb 28 12:27:59 2012 746317: DEBUG: Packet dump: > >> *** Received from 10.11.55.232 port 32768 .... > >> Code: Access-Request > >> Identifier: 146 > >> Authentic: > >> <28>2<198><208><212>(<13><254><13><162><148><227><134><229><246><201> > >> Attributes: > >> User-Name = "testUser" > >> Calling-Station-Id = "b3-dd-ae-87-22-b3" > >> Called-Station-Id = "bb-3d-b3-ae-00-b0:test" > >> NAS-Port = 29 > >> cisco-avpair = "audit-session-id=0abff816000000f84f4d0bcd" > >> NAS-IP-Address = 10.11.55.232 > >> NAS-Identifier = "cisco-wism" > >> Airespace-WLAN-Id = 7 > >> Service-Type = Framed-User > >> Framed-MTU = 1300 > >> NAS-Port-Type = Wireless-IEEE-802-11 > >> Tunnel-Type = 0:VLAN > >> Tunnel-Medium-Type = 0:802 > >> Tunnel-Private-Group-ID = 924 > >> EAP-Message = > >> <2><10><0>k<25><1><23><3><1><0>`<229><182>~U<231>LL<224><11><25><145> > >> <2>v<14 > >> 0>y?y4<170><224>Q<24>8<169><158>f<184>&<165><166><147>%<253><143>/<22 > >> 0>4>D<160 > >> ><202><131> > >> <229><203>4<237><2><145>Z@<129><137>$<200><229><218><181><10><235><21 > >> 0><161> > >> <133>H!<28>F<205>?<173>:[<184>`<210>)<19><184><21><<187>A4<139><169>t > >> <237>5< > >> 7><f<189>QY<195><209>D<141> > >> Message-Authenticator = > >> <30><<150><197>JcR<14><223>lY<161><24>w/<250> > >> > >> Tue Feb 28 12:27:59 2012 746562: DEBUG: Handling request with Handler > >> '', Identifier '' > >> Tue Feb 28 12:27:59 2012 746682: DEBUG: Handling request with Handler > >> '', Identifier '' > >> Tue Feb 28 12:27:59 2012 746872: DEBUG: Handling with > >> Radius::AuthFILE: eap-outer > >> Tue Feb 28 12:27:59 2012 747078: DEBUG: Handling with EAP: code 2, > >> 10, 107, > >> 25 Tue Feb 28 12:27:59 2012 747210: DEBUG: Response type 25 Tue Feb > >> 28 > >> 12:27:59 2012 747489: DEBUG: EAP PEAP inner authentication request > >> for anonymous Tue Feb 28 12:27:59 2012 747762: DEBUG: PEAP Tunnelled > >> request Packet dump: > >> Code: Access-Request > >> Identifier: UNDEF > >> Authentic: <30>7<160><153><167><133>'<151>KG<136><213>u<30><242><3> > >> Attributes: > >> EAP-Message = > >> <2><1><0>@<26><2><1><0>;1<190>b<188><197>3Q<236><201><196><174><137>l > >> <16><22 > >> 3><224>h<0><0><0><0><0><0><0><0><232><133><210><161>Jr[<249><233><7>< > >> 3>227>7<1 > >> 32><241>x<145>HE<217>=vu<21><233><0>testUser > >> Message-Authenticator = > >> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > >> NAS-IP-Address = 10.11.55.232 > >> NAS-Identifier = "cisco-wism" > >> NAS-Port = 29 > >> Calling-Station-Id = "b3-dd-ae-87-22-b3" > >> User-Name = "anonymous" > >> > >> Tue Feb 28 12:27:59 2012 747906: DEBUG: Handling request with Handler > >> 'TunnelledByPEAP=1', Identifier '' > >> Tue Feb 28 12:27:59 2012 748018: DEBUG: Handling request with Handler > >> 'TunnelledByPEAP=1', Identifier '' > >> Tue Feb 28 12:27:59 2012 748192: DEBUG: Handling with > >> Radius::AuthNTLM: dm- wifi Tue Feb 28 12:27:59 2012 748362: DEBUG: > >> Handling with EAP: code 2, 1, 64, 26 Tue Feb 28 12:27:59 2012 748490: > >> DEBUG: Response type 26 Tue Feb 28 > >> 12:27:59 2012 748661: DEBUG: Radius::AuthNTLM looks for match with > >> testUser [anonymous] Tue Feb 28 12:27:59 2012 748801: DEBUG: > Radius::AuthNTLM ACCEPT: > >> : > >> testUser [anonymous] > >> Tue Feb 28 12:27:59 2012 749086: DEBUG: Passing attribute > >> Request-User-Session-Key: Yes > >> Tue Feb 28 12:27:59 2012 749251: DEBUG: Passing attribute > >> Request-LanMan-Session-Key: Yes > >> Tue Feb 28 12:27:59 2012 749395: DEBUG: Passing attribute > >> LANMAN-Challenge: some-challenge > >> Tue Feb 28 12:27:59 2012 749542: DEBUG: Passing attribute NT-Response: > >> some-response > >> Tue Feb 28 12:27:59 2012 749687: DEBUG: Passing attribute NT-Domain:: > >> some-domain > >> Tue Feb 28 12:27:59 2012 749832: DEBUG: Passing attribute Username:: > >> some-username > >> Tue Feb 28 12:27:59 2012 754539: DEBUG: Received attribute: > Authenticated: > >> Yes Tue Feb 28 12:27:59 2012 754685: DEBUG: Received attribute: > >> User-Session-Key: session-key > >> Tue Feb 28 12:27:59 2012 754809: DEBUG: Received attribute: . > >> Tue Feb 28 12:27:59 2012 755114: DEBUG: EAP result: 3, EAP MSCHAP V2 > >> Challenge: Success > >> Tue Feb 28 12:27:59 2012 755241: DEBUG: AuthBy NTLM result: > >> CHALLENGE, EAP MSCHAP V2 Challenge: Success Tue Feb 28 12:27:59 2012 > >> 755351: DEBUG: AuthBy NTLM result: CHALLENGE, EAP MSCHAP V2 > >> Challenge: Success Tue Feb 28 12:27:59 > >> 2012 755478: DEBUG: Access challenged for > >> anonymous: EAP MSCHAP V2 Challenge: Success Tue Feb 28 12:27:59 2012 > 755588: > >> DEBUG: Access challenged for > >> anonymous: EAP MSCHAP V2 Challenge: Success Tue Feb 28 12:27:59 2012 > 755815: > >> DEBUG: Returned PEAP tunnelled packet dump: > >> Code: Access-Challenge > >> Identifier: UNDEF > >> Authentic: <30>7<160><153><167><133>'<151>KG<136><213>u<30><242><3> > >> Attributes: > >> EAP-Message = > >> <1><2><0>=<26><3><1><0>8S=537886D34156194318425B12CE9ED8969124063C > >> M=success > >> Message-Authenticator = > >> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > >> > >> Tue Feb 28 12:27:59 2012 756011: DEBUG: EAP result: 3, EAP PEAP inner > >> authentication redispatched to a Handler Tue Feb 28 12:27:59 2012 756137: > >> DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP inner authentication > >> redispatched to a Handler Tue Feb 28 12:27:59 2012 756247: DEBUG: > >> AuthBy FILE result: CHALLENGE, EAP PEAP inner authentication > >> redispatched to a Handler Tue Feb 28 12:27:59 2012 756374: DEBUG: > >> Access challenged for > >> testUser: EAP PEAP inner authentication redispatched to a Handler Tue > >> Feb 28 > >> 12:27:59 2012 756485: DEBUG: Access challenged for > >> testUser: EAP PEAP inner authentication redispatched to a Handler Tue > >> Feb 28 > >> 12:27:59 2012 756882: DEBUG: Packet dump: > >> *** Sending to 10.11.55.232 port 32768 .... > >> Code: Access-Challenge > >> Identifier: 146 > >> Authentic: .<152>4<150><245><134>JV<14><147><241><182><18>}$<26> > >> Attributes: > >> EAP-Message = > >> <1><11><0>k<25><1><23><3><1><0>`<215>8]<183>m<197>N<250>kl<10><179>y> > >> <178><1 > >> 37><183>v<233><<255>{<177>r<207><186><1><9>*<142><207>Rl<31><173><25> > >> 37><237>%* > >> <151><219>ts<16>H<218><169><10><252>eY<245>+<245><213><157>b<202><207 > >> ><147>< > >> 237><156>i<15><253><175><204><16><167><239>e<198><175><228>X<175><180 > >> 237>><150>< > >> 184>s<179>4<146>&w<20><203><175><16><155>*<162><133><224><129>- > >> Message-Authenticator = > >> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > >> > >> Tue Feb 28 12:27:59 2012 760841: DEBUG: Packet dump: > >> *** Received from 10.11.55.232 port 32768 .... > >> Code: Access-Request > >> Identifier: 147 > >> Authentic: > >> <219><222>T<233><179><159><5>S<22><172><227><160><206>l<162>G > >> Attributes: > >> User-Name = "testUser" > >> Calling-Station-Id = "b3-dd-ae-87-22-b3" > >> Called-Station-Id = "bb-3d-b3-ae-00-b0:test" > >> NAS-Port = 29 > >> cisco-avpair = "audit-session-id=0abff816000000f84f4d0bcd" > >> NAS-IP-Address = 10.11.55.232 > >> NAS-Identifier = "cisco-wism" > >> Airespace-WLAN-Id = 7 > >> Service-Type = Framed-User > >> Framed-MTU = 1300 > >> NAS-Port-Type = Wireless-IEEE-802-11 > >> Tunnel-Type = 0:VLAN > >> Tunnel-Medium-Type = 0:802 > >> Tunnel-Private-Group-ID = 924 > >> EAP-Message = <2><11><0>+<25><1><23><3><1><0> > >> <12><177><248><244><30><235>n_<205><245>@/<3><224>$Ov$<237><138>+R<24 > >> 5><167> > >> >/<27><134><201>v1<128> > >> Message-Authenticator = > >> <249>=<217><165><5><31>|<7><149>]<201><180><209><187><234><175> > >> > >> Tue Feb 28 12:27:59 2012 761081: DEBUG: Handling request with Handler > >> '', Identifier '' > >> Tue Feb 28 12:27:59 2012 761204: DEBUG: Handling request with Handler > >> '', Identifier '' > >> Tue Feb 28 12:27:59 2012 761434: DEBUG: Handling with > >> Radius::AuthFILE: eap-outer > >> Tue Feb 28 12:27:59 2012 761631: DEBUG: Handling with EAP: code 2, > >> 11, 43, > >> 25 Tue Feb 28 12:27:59 2012 761761: DEBUG: Response type 25 Tue Feb > >> 28 > >> 12:27:59 2012 762048: DEBUG: EAP PEAP inner authentication request > >> for anonymous Tue Feb 28 12:27:59 2012 762274: DEBUG: PEAP Tunnelled > >> request Packet dump: > >> Code: Access-Request > >> Identifier: UNDEF > >> Authentic: > >> <162><242><137><247><165><197>\<<169><158>L<188>5<1>f<246> > >> Attributes: > >> EAP-Message = <2><2><0><6><26><3> > >> Message-Authenticator = > >> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > >> NAS-IP-Address = 10.11.55.232 > >> NAS-Identifier = "cisco-wism" > >> NAS-Port = 29 > >> Calling-Station-Id = "b3-dd-ae-87-22-b3" > >> User-Name = "anonymous" > >> > >> Tue Feb 28 12:27:59 2012 762416: DEBUG: Handling request with Handler > >> 'TunnelledByPEAP=1', Identifier '' > >> Tue Feb 28 12:27:59 2012 762614: DEBUG: Handling request with Handler > >> 'TunnelledByPEAP=1', Identifier '' > >> Tue Feb 28 12:27:59 2012 762809: DEBUG: Handling with > >> Radius::AuthNTLM: dm- wifi Tue Feb 28 12:27:59 2012 762984: DEBUG: > >> Handling with EAP: code 2, 2, 6, 26 Tue Feb 28 12:27:59 2012 763143: > >> DEBUG: Response type 26 Tue Feb 28 > >> 12:27:59 2012 763319: DEBUG: EAP result: 0, Tue Feb 28 12:27:59 2012 > 763440: > >> DEBUG: AuthBy NTLM result: ACCEPT, Tue Feb 28 12:27:59 2012 763548: > DEBUG: > >> AuthBy NTLM result: ACCEPT, Tue Feb 28 12:27:59 2012 763677: DEBUG: > >> Access accepted for anonymous Tue Feb 28 12:27:59 2012 763788: DEBUG: > >> Access accepted for anonymous Tue Feb 28 12:27:59 2012 764183: DEBUG: > >> Returned PEAP tunnelled packet dump: > >> Code: Access-Accept > >> Identifier: UNDEF > >> Authentic: > >> <162><242><137><247><165><197>\<<169><158>L<188>5<1>f<246> > >> Attributes: > >> EAP-Message = <3><2><0><4> > >> Message-Authenticator = > >> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > >> > >> Tue Feb 28 12:27:59 2012 764406: DEBUG: EAP result: 3, EAP PEAP inner > >> authentication redispatched to a Handler Tue Feb 28 12:27:59 2012 764535: > >> DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP inner authentication > >> redispatched to a Handler Tue Feb 28 12:27:59 2012 764659: DEBUG: > >> AuthBy FILE result: CHALLENGE, EAP PEAP inner authentication > >> redispatched to a Handler Tue Feb 28 12:27:59 2012 764791: DEBUG: > >> Access challenged for > >> testUser: EAP PEAP inner authentication redispatched to a Handler Tue > >> Feb 28 > >> 12:27:59 2012 764905: DEBUG: Access challenged for > >> testUser: EAP PEAP inner authentication redispatched to a Handler Tue > >> Feb 28 > >> 12:27:59 2012 765255: DEBUG: Packet dump: > >> *** Sending to 10.11.55.232 port 32768 .... > >> Code: Access-Challenge > >> Identifier: 147 > >> Authentic: > >> <241>:\<176><204><154>`O<196><183><201><153><173><8><247><136> > >> Attributes: > >> EAP-Message = <1><12><0>+<25><1><23><3><1><0> > >> @l<31><147>[<223><1>`<236><233>~<226><189><208><215>@X<248>a<210><160 > >> ><213>- > >> <8>].s<148><226><245><217><26> > >> Message-Authenticator = > >> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > >> > >> Tue Feb 28 12:27:59 2012 769812: DEBUG: Packet dump: > >> *** Received from 10.11.55.232 port 32768 .... > >> Code: Access-Request > >> Identifier: 148 > >> Authentic: <191><247><200>F<176>Q<229>!<235>P<254>g<187><229><228>t > >> Attributes: > >> User-Name = "testUser" > >> Calling-Station-Id = "b3-dd-ae-87-22-b3" > >> Called-Station-Id = "bb-3d-b3-ae-00-b0:test" > >> NAS-Port = 29 > >> cisco-avpair = "audit-session-id=0abff816000000f84f4d0bcd" > >> NAS-IP-Address = 10.11.55.232 > >> NAS-Identifier = "cisco-wism" > >> Airespace-WLAN-Id = 7 > >> Service-Type = Framed-User > >> Framed-MTU = 1300 > >> NAS-Port-Type = Wireless-IEEE-802-11 > >> Tunnel-Type = 0:VLAN > >> Tunnel-Medium-Type = 0:802 > >> Tunnel-Private-Group-ID = 924 > >> EAP-Message = <2><12><0>+<25><1><23><3><1><0> > >> c<231><169>g(<173><133><225><149>{<193><185><201><139>2<160><20><169> > >> I<253>< > >> 145><173>)<226>B<22><29>G<222>`6<183> > >> Message-Authenticator = > >> (<217><144>3I<171><10><194><28><15><8><18><242><139><198>W > >> > >> Tue Feb 28 12:27:59 2012 770148: DEBUG: Handling request with Handler > >> '', Identifier '' > >> Tue Feb 28 12:27:59 2012 770331: DEBUG: Handling request with Handler > >> '', Identifier '' > >> Tue Feb 28 12:27:59 2012 770707: DEBUG: Handling with > >> Radius::AuthFILE: eap-outer > >> Tue Feb 28 12:27:59 2012 770989: DEBUG: Handling with EAP: code 2, > >> 12, 43, > >> 25 Tue Feb 28 12:27:59 2012 771224: DEBUG: Response type 25 Tue Feb > >> 28 > >> 12:27:59 2012 771782: DEBUG: EAP result: 0, Tue Feb 28 12:27:59 2012 > 771975: > >> DEBUG: AuthBy FILE result: ACCEPT, Tue Feb 28 12:27:59 2012 772145: > DEBUG: > >> AuthBy FILE result: ACCEPT, Tue Feb 28 12:27:59 2012 772338: DEBUG: > >> Access accepted for testUser Tue Feb 28 12:27:59 2012 772508: DEBUG: > >> Access accepted for testUser Tue Feb 28 12:27:59 2012 773368: DEBUG: > Packet dump: > >> *** Sending to 10.11.55.232 port 32768 .... > >> Code: Access-Accept > >> Identifier: 148 > >> Authentic: C<196><31><206><169>bF<220>j<237>K<1><183>+c<4> > >> Attributes: > >> EAP-Message = <3><12><0><4> > >> Message-Authenticator = > >> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > >> MS-MPPE-Send-Key = > >> <131>9<217>1<158><174><131>q><23>)<182><132>*<175><161>><26>I<187><14 > >> 3>t<217 > >> ><26><245><14>;<167>%;W<200> > >> MS-MPPE-Recv-Key = > >> <193>$B<0>sn"<10><190>_U<221>1<173>#<153><7><198>+5<188>}<200>F<251>| > >> ^<230>< > >> 218>G)<175> > >> > >> -->8-- > >> > >> Thoughts on what may be happening? I can't seem to find anything on > >> the web about this, but I'm also hard-pressed to believe we're the > >> only folks that have run into this. The client simply refuses to > >> connect. It's worth noting that OS X indicates the client is > >> "connected" with a self-assigned 169.x.x.x IP address, but the logs > >> really indicate that en1 (the wireless interface) continues to go up/down > and re-attempt authentication. > >> > >> Any help would be greatly appreciated. > >> > >> -james > >> _______________________________________________ > >> radiator mailing list > >> radiator@open.com.au > >> http://www.open.com.au/mailman/listinfo/radiator > > AVERTISSEMENT CONCERNANT LA CONFIDENTIALITE > > > > Ce message, incluant ses pieces jointes, est strictement reserve a > > l'usage de l'individu ou de l'entite a qui il est adresse et contient > > de l'information privilegiee et confidentielle. La dissemination, > > distribution ou copie de cette communication est strictement prohibee. Si > vous n'etes pas le destinataire projete veuillez retourner immediatement un > courrier electronique a l'expediteur et effacez toutes les copies. > > > > > > CONFIDENTIALITY WARNING > > > > This message, including its attachments, is strictly intended for the > > use of the individual or the entity to which it is addressed and > > contains privileged and confidential information. Disclosure, > > distribution or copy of this communication is strictly prohibited. If you > are not the intended recipient please notify us immediately by returning the > e-mail to the originator and deleting all copies. > > _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator