PEAP Airport/Wifi setting missing: MSCHAPv2 ?

Question

PEAP Airport/Wifi setting missing: MSCHAPv2 ?

To connect to my company's network, I need to set the PEAP configuration to MSCHAPv2 according to my ICT department. I can only set this for TTLS, not PEAP. If I just try and connect without it, the ICT department gets the error "unknown EAP protocol". Changing to TTLS or any other protocol doesn't get me to the point where I get a connection to their server.

It used to work on the same computer when I had Tiger 10.4.11, but I can no longer see what my settings there used to be.

Anyone has a clue how to set PEAP to MSCHAPv2 under Snow Leopard 10.6.2, or what else might be wrong?

MacBook Pro/iPod/iPhone 3Gs, Mac OS X (10.6.2), some information

Posted on Feb 24, 2010 10:04 AM

Reply

Answer 1

Feb 24, 2010 11:15 AM in response to Adriaan Renting

I have tried the suggestions in this thread, but they do not work:
http://discussions.apple.com/thread.jspa?threadID=2188567

I also want to add, that I can now no longer configure any authentication protocol. If I select one and push the Configure button, I get a "Ping" error sound but nothing happens.

Message was edited by: Adriaan Renting

Reply

Answer 2

Feb 24, 2010 1:11 PM in response to Adriaan Renting

I've been browsing and it seems a lot of people have similar problems.
It seems that both 10.5.8 and Snow Leopard are affected. On Leopard reverting to the 10.5.7 version of AirPort seems to solve it.

http://infinitesteps.blogspot.com/2009/09/os-x-bug-problems-connecting-to-wpa.ht ml
http://forums.cnet.com/5208-6126_102-0.html?threadID=359340

It seems that for PEAP the MSCHAPv2 should not be user configurable, but autodetected?

Maybe my problem lies elsewhere? Still many people with similar problems, especially on the same network (Eduroam see www.eduroam.nl)
http://discussions.apple.com/thread.jspa?threadID=2268316
http://gathering.tweakers.net/forum/list_messages/1381373
http://www.sussex.ac.uk/its/helpdesk/faq.php?faqid=1633
http://discussions.info.apple.com/thread.jspa?messageID=10889076

This post seems to suggest that the issue is in combination with MS RADIUS Server on Windows Server 2003:
http://araihan.wordpress.com/2009/08/17/microsoft-radius-server-ias-apple-imacma cbook-pro-osx-10-5-and-xp-pro-step-by-step/

They say that the connection script in MS RADIUS server is broken in combination with 10.5.8 and 10.6.x, see last post in that thread:

Raihan Says:

February 12, 2010 at 9:25 AM

Unfortunately Mac OSX 10.5.8 or Snow Leopard does not work with Microsoft GPO, >User Profile and MS AD log on script. So it will not syncronise with GPO.

Anyone has a clue?

Reply

Answer 3

Feb 24, 2010 1:15 PM in response to Adriaan Renting

I am no longer at the location of the Eduroam network. At home and at my own company the WiFi works without a hitch.

I have fond this information:
http://hansduedal.blogspot.com/2009/09/eduroam-cbs-mac-os-x-106-guide.html

It seems that before 10.5.8 you would be prompted to accept a security certificate, but now you have to install it manually. That seems to describe my problem well, I will try it and report back on this issue.

Reply

Answer 4

Mar 10, 2010 1:51 AM in response to Adriaan Renting

I have still been unable to resolve this issue.

MSCHAPv2 works over PEAP on our local company network. It's when using 802.1x authentication to forward the credentials from another site to our my own company that things fail. I've now also tried it at a different university, using WPA2 instead of 802.1x WEP, but still no luck.

I've tried adding the certificate that I get when connecting locally at my company, but it's not helping.

I'm at a total loss, my iPhone works fine, and colleagues with OSX 10.4, Windows XP or Ubuntu can connect without a problem. It's really Snow Leopard that seems to be messed up.

Reply

Answer 5

Mar 30, 2010 7:00 PM in response to Adriaan Renting

I still have this problem. I tried everything I could find also filling certificates for the radius server and such. No luck.

Eduroam is broken on Snow Leopard. It works on my iPhone, OSX 10.4, Windows XP, Vista and Ubuntu.

The problem seems to be in combination with a radius server that uses PEAP-MSCHAPv2. Eduroam accounts that use TTLS-MSCHAPv2 work fine.

Reply

Answer 6

May 30, 2010 3:04 PM in response to Adriaan Renting

Same problem here at the school where I teach.
Macs running Snow Leopard 10.5.8 or Snow Leopard 10.6.1 or higher cannot log in over the Radius server using a certificate.
I've been looking for a solution for 8 months now.
Have you found a solution yet?

Reply

Answer 7

Simkins

Level 1

0 points

Jun 3, 2010 5:41 AM in response to Fredericus

In Workgroup Manager - change the 'Administrator capabilities' to 'limited' in the user privileges. It can be left empty, but this change gets the auth working for some reason. It didnt work for users without admin capabilities.

Also make sure you are using Login Window on your 802.1X profile - leave the username/password blank (it will then use whatever the user enters at logon)

Reply

Answer 8

Jun 10, 2010 3:00 PM in response to Simkins

Unfortunately, the server is not a Mac OSX Server with Workgroup Manager. As far as I know it seems to be to be windows 2003 or so. Also, I'm not the system administrator. Worse, the system admin does not know anything about MacOSX since he is MS certified only. We tried to figure it out for hours.
In this school environment, there are about 250 wireless windows XP clients. Some teachers have Macs running Snow Leopard. These Macs do not authenticate to the WPA2 Enterprise wireless network over 802.1x using PEAP. An authentication certificate from the server is installed. Also I tried user, login window and system profiles as described in http://support.apple.com/kb/HT3326? but nothing worked.
AllI get is: after choosing the SSID and supplying username and password, an error message appears ( type -1) and the computer gets a self-assigned IP adress.

I really do not wish to downgrade to Leopard pre-10.5.8 or even Tiger!

Reply