WPA EAP-PEAP and OS X client problem

Fri, 11 Mar 2005 15:26:32 -0800

I have set up FreeRADIUS with PEAP. I tried logging in with a Mac OS X client however it keeps telling me

eapolclient[4468]: eapmschapv2_success_request: invalid server auth response

What is confusing is that rlm_eap_peap returns SUCCESS.

modcall: group authenticate returns ok for request 15
PEAP: Got tunneled reply RADIUS code 2
EAP-Message = 0x03070004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "testuser"
PEAP: Processing from tunneled session code 0x8114900 2
EAP-Message = 0x03070004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "testuser"
PEAP: Tunneled authentication was successful.
rlm_eap_peap: SUCCESS
modcall[authenticate]: module "eap" returns handled for request 15
modcall: group authenticate returns handled for request 15
Sending Access-Challenge of id 0 to 192.168.1.56:2051
EAP-Message = 0x0108002a1900170301001f626d085b50da9850c44b9b8394e4a675f1e1d57a9522d14a19191cd2dec1a3
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x88988c2d95089a7dda42900570faeef3
Finished request 15

My configuration is as follows

       eap {
               default_eap_type = peap
               timer_expire     = 60
               ignore_unknown_eap_types = no
               cisco_accounting_username_bug = no
               md5 {
               }
               gtc {
                       auth_type = PAP
               }
               tls {
                       private_key_password =
                       private_key_file = /etc/freeradius/cert.pem
                       certificate_file = /etc/freeradius/cert.pem
                       CA_file = /etc/ldap/ca.crt
                       dh_file = ${raddbdir}/certs/dh
                       random_file = /dev/urandom
               }
               ttls {
                       default_eap_type = md5
                       copy_request_to_tunnel = no
                       use_tunneled_reply = no
               }
                peap {
                       default_eap_type = mschapv2
               }
               mschapv2 {
               }
       }

Any clues ?

Vladimir

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to