We at UC Hastings are using PEAP-MSChapv2 as our EAP type.
I noticed that by default the Mac client will setup an 802.1x profile
for our wireless network with PEAP, EAP-TLS, and TTLS.
With this setup the Mac client would authenticate every time but only
get an IP address half the time. By un-selecting EAP-TLS and TTLS and
only having PEAP selected in the 802.1x profile has fixed this problem. 

 

-----Original Message-----
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[email protected]] On Behalf Of Ben Thompson
Sent: Friday, January 23, 2009 1:42 AM
To: [email protected]
Subject: Re: [WIRELESS-LAN] Macintosh- Ongoing Connectivity Issues

Hi

We have a mixed network with a mixture of Cisco fat AP's and Aruba
thin AP's and we have found that some Apple Macs are having problems
connecting to the Aruba setup. It seems that the authentication
periodically fails and I see error messages like these from RADIUS :-

Auth fail logs from FreeRADIUS :-

Thu Jan 22 16:59:44 2009 : Error: TLS Alert write:fatal:bad record mac 
Thu Jan 22 16:59:44 2009 : Error: rlm_eap: SSL error error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac
Thu Jan 22 16:59:44 2009 : Error: SSL: SSL_read failed in a system call
(-1), TLS session fails.


Auth fail reason from IAS :-

Reason-Code = 260
Reason = The message or signature supplied for verification has been
altered 


Has anyone else seen anything similar to this?

Thanks

-- 

Ben Thompson

**********
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Reply via email to