Hi Pros, I'm facing with a strange issue with iPhones and Macs. We use Radius/WPA2 Enterprise Auth. for our SSID. If I connect the first time, the device get authenticated, but if I change the SSID and want connect back, it fails with wrong password. On the radius server (Win), the Eventlog says ok (see Attachement) and debug looks ok too.
2019-03-1814:41:35 16495.283 b0:19:c6:b5:57:58 <eh> send 1/4 msg of 4-Way Handshake
2019-03-18 14:41:35 16495.283 b0:19:c6:b5:57:58 <eh> send IEEE 802.1X ver=2 type=3 (EAPOL_KEY) data len=117 replay cnt 1
2019-03-18 14:41:35 16495.283 b0:19:c6:b5:57:58 <eh> IEEE 802.1X (EAPOL 121B) ==> b0:19:c6:b5:57:58 ws (0-10.0.0.14:5246) rId 0 wId 4 4a:5b:0e:39:31:3b
2019-03-18 14:41:35 16495.286 b0:19:c6:b5:57:58 <eh> IEEE 802.1X (EAPOL 121B) <== b0:19:c6:b5:57:58 ws (0-10.0.0.14:5246) rId 0 wId 4 4a:5b:0e:39:31:3b
2019-03-18 14:41:35 16495.286 b0:19:c6:b5:57:58 <eh> recv IEEE 802.1X ver=2 type=3 (EAPOL_KEY) data len=117
2019-03-18 14:41:35 16495.286 b0:19:c6:b5:57:58 <eh> recv EAPOL-Key 2/4 Pairwise replay cnt 1
2019-03-18 14:41:35 16495.286 b0:19:c6:b5:57:58 <eh> send 3/4 msg of 4-Way Handshake
2019-03-18 14:41:35 16495.286 b0:19:c6:b5:57:58 <eh> send IEEE 802.1X ver=2 type=3 (EAPOL_KEY) data len=151 replay cnt 2
2019-03-18 14:41:35 16495.286 b0:19:c6:b5:57:58 <eh> IEEE 802.1X (EAPOL 155B) ==> b0:19:c6:b5:57:58 ws (0-10.0.0.14:5246) rId 0 wId 4 4a:5b:0e:39:31:3b
2019-03-18 14:41:35 16495.289 b0:19:c6:b5:57:58 <eh> IEEE 802.1X (EAPOL 99B) <== b0:19:c6:b5:57:58 ws (0-10.0.0.14:5246) rId 0 wId 4 4a:5b:0e:39:31:3b
2019-03-18 14:41:35 16495.289 b0:19:c6:b5:57:58 <eh> recv IEEE 802.1X ver=2 type=3 (EAPOL_KEY) data len=95
2019-03-18 14:41:35 16495.289 b0:19:c6:b5:57:58 <eh> recv EAPOL-Key 4/4 Pairwise replay cnt 2
2019-03-18 14:41:35 62897.289 b0:19:c6:b5:57:58 <dc> STA chg b0:19:c6:b5:57:58 vap itoTest ws (0-10.0.0.14:5246) rId 0 wId 4 bssid 4a:5b:0e:39:31:3b AUTH
2019-03-18 14:41:35 62897.289 b0:19:c6:b5:57:58 <cc> STA chg b0:19:c6:b5:57:58 vap itoTest ws (0-10.0.0.14:5246) rId 0 wId 4 4a:5b:0e:39:31:3b sec WPA2 USERGROUP auth 1 ******
2019-03-18 14:41:35 62897.289 b0:19:c6:b5:57:58 <cc> STA_CFG_REQ(192) sta b0:19:c6:b5:57:58 add key (len=16) ==> ws (0-10.0.0.14:5246) rId 0 wId 4
2019-03-18 14:41:35 62897.292 b0:19:c6:b5:57:58 <cc> STA_CFG_RESP(192) b0:19:c6:b5:57:58 <== ws (0-10.0.0.14:5246) rc 0 (Success)
2019-03-18 14:41:35 16495.292 b0:19:c6:b5:57:58 <eh> ***pairwise key handshake completed*** (RSN)
2019-03-18 14:41:35 62897.298 b0:19:c6:b5:57:58 <dc> DHCP Request server 0.0.0.0 <== host iPhone mac b0:19:c6:b5:57:58 ip 10.10.22.5 xId 5eb541e8
2019-03-18 14:41:35 62897.298 b0:19:c6:b5:57:58 <dc> DHCP Ack server 10.10.22.1 ==> host mac b0:19:c6:b5:57:58 ip 1.2.3.5 mask 255.255.255.0 gw 1.2.3.1 xId 5eb541e8
Any thoughts? Thank you
________________________________________________________
--- NSE 4 ---
________________________________________________________
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Are your devices spoofing MAC addresses? That is a common feature now. Maybe it is using that as an identifier and the randomization causes it to be misidentified. Just a guess.
https://www.theregister.co.uk/2017/03/10/mac_address_randomization/
Are your devices spoofing MAC addresses? That is a common feature now. Maybe it is using that as an identifier and the randomization causes it to be misidentified. Just a guess.
https://www.theregister.co.uk/2017/03/10/mac_address_randomization/
Thank you for the hint. I'll go through this.
________________________________________________________
--- NSE 4 ---
________________________________________________________
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1679 | |
1085 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.