We at UC Hastings are using PEAP-MSChapv2 as our EAP type. I noticed that by default the Mac client will setup an 802.1x profile for our wireless network with PEAP, EAP-TLS, and TTLS. With this setup the Mac client would authenticate every time but only get an IP address half the time. By un-selecting EAP-TLS and TTLS and only having PEAP selected in the 802.1x profile has fixed this problem.
-----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Ben Thompson Sent: Friday, January 23, 2009 1:42 AM To: [email protected] Subject: Re: [WIRELESS-LAN] Macintosh- Ongoing Connectivity Issues Hi We have a mixed network with a mixture of Cisco fat AP's and Aruba thin AP's and we have found that some Apple Macs are having problems connecting to the Aruba setup. It seems that the authentication periodically fails and I see error messages like these from RADIUS :- Auth fail logs from FreeRADIUS :- Thu Jan 22 16:59:44 2009 : Error: TLS Alert write:fatal:bad record mac Thu Jan 22 16:59:44 2009 : Error: rlm_eap: SSL error error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac Thu Jan 22 16:59:44 2009 : Error: SSL: SSL_read failed in a system call (-1), TLS session fails. Auth fail reason from IAS :- Reason-Code = 260 Reason = The message or signature supplied for verification has been altered Has anyone else seen anything similar to this? Thanks -- Ben Thompson ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
