Main Nav

Not quite sure what to make of this yet. If anyone is running an 802.1x secure wireless network, can you search your wireless management systems for wireless clients called either of these:

 

com.apple.kerberos.kdc

com.apple.systemdefault

 

 

we have a handful of these that are authenticating as valid user names in our Cisco wireless/ACS environment. We only auth against AD, and we typically see a mix of “real” usernames in log that will somehow correlate to these, but at the same time it’s weird that these funky names are showing as valid usernames both in the WLAN system and in ACS.

 

Web searching shows that these are some kerfuffle to do with obsolete keychain certs in the Apple OS.

 

Wild and weird- anyone been here before?

 

-Lee Badman

 

 

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

We’ve had 30 clients since late November which have used an outer ID of com.apple.systemdefault at one point or another.  It seems in all cases to have been an isolated instance, and none of them successfully authenticated during that session.  All but one of those MACs has been on the network successfully using a different outer ID since that failed attempt.

 

In the last two days I have found one occurrence of "com.apple.systemdefault"

 

We run both Meru and Cisco going through Freeradius.

 

It was coming from a Cisco controller and was a Stop accounting record.  I was unable to find a corresponding Start record yet.

 

We have not noticed this before, but may have happened.

 

---

Walter Reynolds

Principal Systems Security Development Engineer

ITS Communications Systems and Data Centers

University of Michigan

(734) 615-9438

 

Message from jhealy@logn.net

Message from dannyeaton@rice.edu

Here at Rice, we’ve got over 7,000 wireless users a day (All Cisco LWAPP’s); and as of right now, only 1 entry for “com.apple.” as a Client User Name.  It’s on our Visitor (no auth) network. 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield

 

We’ve had 30 clients since late November which have used an outer ID of com.apple.systemdefault at one point or another.  It seems in all cases to have been an isolated instance, and none of them successfully authenticated during that session.  All but one of those MACs has been on the network successfully using a different outer ID since that failed attempt.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman

 

Not quite sure what to make of this yet. If anyone is running an 802.1x secure wireless network, can you search your wireless management systems for wireless clients called either of these:

 

com.apple.kerberos.kdc

com.apple.systemdefault

 

 

we have a handful of these that are authenticating as valid user names in our Cisco wireless/ACS environment. We only auth against AD, and we typically see a mix of “real” usernames in log that will somehow correlate to these, but at the same time it’s weird that these funky names are showing as valid usernames both in the WLAN system and in ACS.

 

Web searching shows that these are some kerfuffle to do with obsolete keychain certs in the Apple OS.

 

Wild and weird- anyone been here before?

 

-Lee Badman

 

 

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Message from bosborne@liberty.edu

When using PEAP, you should use the inner Id, not the outer ID. It is the inner ID that authenticates. The Outer ID is generally used for proxy decisions, but otherwise may be set to anything.

 

(Caution: possible typos ahead!)

 

My FreeRADIUS book suggests comparing the inner & outer IDs. If they are different, copy the inner ID to the outer ID.

 

In sites-enabled/inner-tunnel file, at the top of the post-auth section

if (outer.request:User-Name != “%{request:User-Name}” {

        update-reply {

                 User-Name := “%{request:User-Name}”

        }

}

 

Edit eap.conf and change to use_tunneled_reply = yes

 

Restart FreeRADIUS

 

 

 

Bruce Osborne

Network Engineer

IT Network Services

 

(434) 592-4229

 

LIBERTY UNIVERSITY

40 Years of Training Champions for Christ: 1971-2011

 

Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.