802.11 Client Device Interoperability

Reply
Occasional Contributor I

No PEAP with New Macs?

Has anyone run into a problem with the new unibody macs and PEAP? We have several hundred new freshman on campus with these machines and they are unable to connect to our PEAP network. Observations:

1) It only affects the new unibody macbooks. All others work as expected.
2) PCs and other devices (such as iphones) work fine.
3) The symptom exists across our Aruba and Cisco wireless networks (!)
4) The mac reports that it is connected but sits with a 169.254 address.
5) We've observed this with 10.5.7 and 10.5.8. Most are at 10.5.8.

After working on this for a while, I stumbled across the following technique that worked fairly reliably to get the machine online:

1) Reboot (can't hurt, right?)
2) Try to connect to the PEAP network. Let it fail with the 169.254.
3) Connect to our guest network and obtain an ip address. (works fine)
4) Connect to the PEAP network. The machine will now connect properly.

Thoughts?
Contributor I

try this

When you have one of these devices, it is going to validate against the MAC mobileme sharing certificate.
Although it says connected when these devices don't have an IP, I do not believe they actually authenticated at all. Thus why they have the 169 address. I believe when you use captive portal, the mobileme cert is used to cash the keychain, and then when you go over to the PEAP ssid, it is now using that cert. I could be wrong here, but I think that was a problem with my macbook pro from a year ago.
Check your auth messages on the controller, or IAS (which ever you are using)and validate the station did send credentials.

I believe there have been recent updates that dealt with bluetooth and WiFi connections.
Occasional Contributor I

Solved!

All,

We have identified the issue and have a workaround.

The problem seems to be caused by the corruption of the profiles as they are stored on disk. On the affected macs, look in Network Prefs -> Airport -> Advanced -> 802.1x > Your Profile. If the "Wireless Network" pull-down is blank, you're affected. We've found that if you delete the profile under 802.1x,
delete the profile under Airport, delete the files as specified in the following URL:

http://airheads.arubanetworks.com/vBulletin/showthread.php?t=1064

... and then reboot, you can then re-create the profile and connect properly. If you then go back into the 802.1x profile and touch ANYTHING, the bug will reappear.

We've been able to get all of our previously affected machines online using this technique.
Occasional Contributor I

ClearWifiConfigs tool

Here's the tool that we've been using to delete the user's wireless preferences on Macintosh OSX machines. You'll be prompted for the local user's password. After the tool exits, reboot the workstation.

Good luck!
Guru Elite

On every logout

Layer2,

Is there a tool that will do this for every logout or login for multi-user machines?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Found an easier solution

Just create a new "location". I tested this on a couple of macs that were having the same issue and it works great.
Contributor I

Re: No PEAP with New Macs?

In working with my CIO's new MAC Airbook....he had problems with PEAP authentication as well. A few days of working on the issue, I found out if you delete the 802.1x profile from the "system setting" and configure the same profile under the "user setting", that this eliminated the issue and provided problem free authentication. These settings are found under the keychain utility. He was trying to use a user specific profile under the system profile which seemed to be the faux pas.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: