Yes, it looks like your Mac may not like the MSCHAPv2 response for some reason. On your Mac (as root), create the directory /var/log/ eapolclient, then retry your authentication. The EAP client is OS X should write out debugging information for the EAP session into that directory and should give you a better idea of why its halting.
--Mike On Feb 1, 2007, at 3:21 PM, King, Michael wrote: >> -----Original Message----- >> >> When I try a Mac (PowerMac 10.4.8, but have tried also on 10.3.x), it >> seems to not work. The Mac throws an error "802.1x Authentication >> has >> failed." > > After more testing, and staring at the debug's, it seems this is where > the break-down is, the MAC isn't answering the tunneled-Access > Challenge. Least, this is what I'm thinking. (This is a different > debug) > > modcall: entering group authenticate for request 23 > rlm_eap: Request found, released from the list > rlm_eap: EAP/mschapv2 > rlm_eap: processing type mschapv2 > Processing the authenticate section of radiusd.conf > modcall: entering group MS-CHAP for request 23 > rlm_mschap: No Cleartext-Password configured. Cannot create > LM-Password. > rlm_mschap: No Cleartext-Password configured. Cannot create > NT-Password. > rlm_mschap: Told to do MS-CHAPv2 for mking with NT-Password > radius_xlat: Running registered xlat function of module mschap for > string 'User-Name' > radius_xlat: '--username=mking' > radius_xlat: Running registered xlat function of module mschap for > string 'Challenge' > mschap2: 94 > radius_xlat: '--challenge=4ebfbb2c2373c4c9' > radius_xlat: Running registered xlat function of module mschap for > string 'NT-Response' > radius_xlat: > '--nt-response=a53b88d2b14aead7f697498aa066c2d02e79c3d0a6e84427' > Exec-Program output: NT_KEY: 1BA2159EDC0597637BA8848B83AA9B2B > Exec-Program-Wait: plaintext: NT_KEY: 1BA2159EDC0597637BA8848B83AA9B2B > Exec-Program: returned: 0 > rlm_mschap: adding MS-CHAPv2 MPPE keys > modcall[authenticate]: module "mschap" returns ok for request 23 > modcall: group MS-CHAP returns ok for request 23 > MSCHAP Success > modcall[authenticate]: module "eap" returns handled for request 23 > modcall: group authenticate returns handled for request 23 > PEAP: Got tunneled reply RADIUS code 11 > MS-CHAP2-Success = > 0x0d533d65333662373338316262383939643261306661336565356463333831303631 > 61 > 6663303239326336 > EAP-Message = > 0x010e00331a030d002e533d6533366237333831626238393964326130666133656535 > 64 > 63333831303631616663303239326336 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0xfd5c09024628badca09e5ae9eec682e7 > PEAP: Processing from tunneled session code 0x81c1788 11 > MS-CHAP2-Success = > 0x0d533d65333662373338316262383939643261306661336565356463333831303631 > 61 > 6663303239326336 > EAP-Message = > 0x010e00331a030d002e533d6533366237333831626238393964326130666133656535 > 64 > 63333831303631616663303239326336 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0xfd5c09024628badca09e5ae9eec682e7 > PEAP: Got tunneled Access-Challenge > modcall[authenticate]: module "eap" returns handled for request 23 > modcall: group authenticate returns handled for request 23 > Sending Access-Challenge of id 4 to 10.0.1.22 port 32769 > EAP-Message = > 0x010e005b1900170301005075b366b0bc3665ce9cc4c3bb5d4907020fce14dcf06c5f > fb > cdc725c126803bd0de38918995021346758fc00ed823cc7b13be5d69ed780a80ac04bf > cb > 9cb85dee2ab382e8b88b3a7b7cdccfc227583867 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0xf3f735fa7f444b2ef47757092fcbef29 > Finished request 23 > Going to the next request > Waking up in 5 seconds... > --- Walking the entire request list --- > Cleaning up request 16 ID 253 with timestamp 45c257be > Cleaning up request 20 ID 1 with timestamp 45c257be > Cleaning up request 22 ID 3 with timestamp 45c257be > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ > users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html