Public beta 3: no more eduroam [FIXED IN PB4]

Discussion in 'OS X Yosemite (10.10)' started by zequav, Sep 16, 2014.

  1. zequav, Sep 16, 2014
    Last edited: Oct 2, 2014

    zequav macrumors newbie

    Jul 25, 2014
    I can't connect to my university wifi (eduroam) anymore. I get a message "The identity of the authentication server could not be established. Contact your network administrator to verify your configuration settings". I reinstalled the profile provided by my university containing the certificate and the wifi settings, to no avail.

    Does anyone has this problem? It worked fine with PB2. dmesg doesn't show anything (don't know if it should, I come from the linux world. Is there any place with a more exhaustive log?).
  2. melman101 macrumors 68030

    Sep 3, 2009
    Just a quick google search, and I discovered this.

    Maybe you can re-try to set it up and fix your issue?
  3. zequav thread starter macrumors newbie

    Jul 25, 2014
    I tried manually (as described in that link) and using the profile provided by my university (a .mobileconfig file).

    Seems like a certificate problem, although the CA certificate IS installed. IDK, it worked in the previous two betas.

    If someone manages to connect to eduroam in any university, please let me know.
  4. XoFu macrumors regular


    Apr 8, 2013
    same here

    I have the same issue, on the transition from PB2 to PB3 lost eduroam stability, wi-fi connection goes down every 15-20 minutes which made my workday a nightmare. I did not try to play around with the profiles but I will do tomorrow. I had a similar problem when I installed Mavericks and apparently it has to do with the local (Univ) certificates DHCP definitions.
    Luckily I can connect through an ethernet cable to get something done today. Tomorrow I'll try to figure out if re-installing the config has a magical effect...

    Good luck
  5. zequav thread starter macrumors newbie

    Jul 25, 2014
    More info in the syslog:

    Sep 16 18:30:36 mbpro.local eapolclient[443]: [eapttls_plugin.c:969] eapttls_verify_server(): server certificate not trusted status 6 0
    Sep 16 18:30:36 mbpro.local eapolclient[443]: en0 EAP-TTLS: authentication failed with status 6

    The certificate included in the 802.1X profile worked fine in PB1 and PB2 :confused:
  6. bkribbs macrumors 65816

    Jan 15, 2012
    I'm on PB 3 and eduroam seems to work ok for me at least in terms of connecting. It may disconnect though every so often, I haven't tried.
  7. zequav, Sep 17, 2014
    Last edited: Sep 17, 2014

    zequav thread starter macrumors newbie

    Jul 25, 2014
    Weird. I tried enabling eapolclient logging but there is nothing new there:

    Sep 17 10:36:12.291065 mbpro.local eapolclient[691]: EAP Request: EAP type 21
    Sep 17 10:36:12.418990 mbpro.local eapolclient[691]: [eapttls_plugin.c:969] eapttls_verify_server(): server certificate not trusted status 6 0
    Sep 17 10:36:12.419114 mbpro.local eapolclient[691]: Transmit Packet Size 21
    	Ether packet: dest 6c:f3:7f:44:94:81 source 60:3:8:a5:11:f2 type 0x888e
    	EAPOL: proto version 0x1 type EAP Packet (0) length 17
    	EAP-TTLS Response: Identifier 7 Length 17 Flags 0x80 [ length=7 ] Data Length 7
    	0000  15 03 01 00 02 01 00                              .......         
    Sep 17 10:36:12.419293 mbpro.local eapolclient[691]: en0 EAP-TTLS: authentication failed with status 6
    Sep 17 10:36:12.419388 mbpro.local eapolclient[691]: set_msk 0
    I have enabled "always trust" for all the certificates in the keychain :confused:

    So I tried using an open wifi my university has in case eduroam doesn't work. This is one of those wifi networks that take you to a secure login web page. But, a new problem: safari cannot establish an https connection to the login page, with this error in the system log:

    Sep 17 10:42:35 mbpro.local UserEventAgent[16]: CFNetwork SSLHandshake failed (-9820)
    Sep 17 10:42:35 mbpro.local UserEventAgent[16]: Captive: [async_http_read_stream:387] kCFStreamEventErrorOccurred NSOSStatusErrorDomain/-9820: The operation couldn’t be completed. (OSStatus error -9820.)
    9820 is, according to this:

    errSSLPeerBadRecordMac –9820 A record with a bad message authentication code (MAC) was encountered.


    So, there is no way to connect to my university wifi. F uck. Is there any way to return to PB2? Or will I have to downgrade to mavericks? :(

    (edit) NVM, I installed chrome and I can now access the https login page of my university without any problem. Still no eduroam (and I don't like open wifis; I'll have to make sure I only use https sites), but at least I don't have to use my phone in tethering mode :rolleyes:

    This PB3 is waaaay too paranoid. I hope the PB4 comes soon.
  8. tywebb13 macrumors 68020

    Apr 21, 2012
    Only if you backed up your PB1 or PB2 full downloads or do what I do for clean installs - make a bootable usb. And for updated systems do time machine backups so you can restore to any older system at will.

    If you just got PB1 and just updated to PB2 and then PB3 without any backups, you won't be able to go back to PB2.

    This is one significant difference between the public beta program and the developer program.

    When you joined the public beta program for yosemite, you get 1 code - and that's it. The same code is being used for all the full installers. You don't get any new codes for each one. But in the developer program however, you get a different code for each full installer.

    So what that means for the purchases tab in the mac app store is that a public beta tester can only download the latest full installer, not older ones, i.e., in this case only be able to get PB3.

    But a developer who has redeemed codes for each full installer (DP1, DP5, DP7) can download any of them at any time (while they are still available) and apply any required updates and effectively be able to install any version DP1-DP8 at will and at any time.
  9. zequav thread starter macrumors newbie

    Jul 25, 2014
    Thanks, didn't know that.

    Anyway, with chrome at least I can authenticate in my campus' public wifi, so I'll do that until PB4 comes (or until someone finds a fix/workaraound for the certificate-untrustiness of PB3).
  10. zequav thread starter macrumors newbie

    Jul 25, 2014
    Fixed itself in PB4 :D. I have frequent disconnections, but at least it DOES connect. So it *was* a bug with PB3.
  11. Lexis, Oct 3, 2014
    Last edited: Oct 4, 2014

    Lexis macrumors newbie

    Apr 28, 2011
    I'm running the Developer Preview GM Candidate, but I can't connect to my university's Eduroam. I thought the GM Candidate was the same as the public beta?

    I probably can't make it two weeks without WiFi here at uni... Should I dowgrade to Mavericks or another DP or is there a way around this? I tried re-entering Eduroam as a network, but that didn't solve the issue.

    Edit: See two posts below for latest update.
  12. grahamperrin macrumors 601


    Jun 8, 2007
    Whenever the builds differ – as they do at this time – we can not assume that they are the same.
  13. Lexis macrumors newbie

    Apr 28, 2011
    Okay so sorry but somehow something went wrong with my tokens and download and I wasn't on the GM candidate but on DP8 (which was similar to PB3).

    I've installed the GM candidate and I can test if Eduroam works on monday.
  14. Lexis macrumors newbie

    Apr 28, 2011
    Okay, it works! I did experience a lot of disconnecting though, so we'll see how that goes...
  15. LordDeath macrumors member

    Feb 28, 2013
    I still had this bug with the first GM candidate but today with the second GM candidate I don't see it anymore. Eduroam is as stable as before with 10.9. :)

Share This Page