OS X Mavericks not connecting to Debian FreeRADIUS

Alan DeKok aland at deployingradius.com
Tue Aug 11 09:41:28 CEST 2015 

On Aug 10, 2015, at 9:57 PM, Edward Ulrich <email at edwardulrich.com> wrote:
> Question #1.  As for the RADIUS requests not getting to the server, I have a question about the value of "ipaddr" in the "clients.conf" file.  All of the instructions that I have seen have been unclear about what this value this should be set to specifically..

  I don't see how the instructions are unclear.  The IP address is the address of the RADIUS client.  i.e. the Access Point, etc.

>  Should it be the IP address of the computer hosting the Radius server (192.168.1.113), or the IP address of the router (192.168.1.1), or some other value?  I have tried all values and still get the same error message.  Note that I have not yet set the ip address of the server computer to be static in the "/etc/network/interfaces" file.

  You will need a static IP for the RADIUS server.

> Question 1a:  What is the best value to use for the "ipaddr" variable in "clients.conf"?  Such as the ip address of the server computer, ect..

  The client.  The file is called "clients.conf" for a reason.  It defines clients.  It doesn't define servers.

> Question 1b:  What is the best value to use for the "Radius Auth Server Address" setting in the router (using DD-WRT)?  Presumably it is the same value as 1a?

  No.  It is the address of the server.  I have no idea how this can be confusing.

> Question 1c:  How important is setting the IP address of the server computer to be static while testing even though I am sure that the IP address of the server computer is currently 192.168.1.113 for the time being?

  It is important to have a static IP.

> Question 1d:  What is the best source of information about this issue if the answer is complex?

  The answer is simple.  The meaning of the fields are clearly defined in the configuration files.

> Question #2. Version 2.1.12 of FreeRADIUS is the one that was installed when I entered the "apt-get update" and "apt-get install freeradius" commands.  What would be the biggest benefits of upgrading to a newer version?  Presumably I would need to reconfigure from scratch if I upgraded, am I correct?  I have a feeling my problems are elsewhere for the time being if the user client computer is not connecting to the server though.

  I would suggest getting the basics right first, before trying something complicated.

> Question #3.  When you say "Users cannot manually configure their 802.1x settings" on Mac computers starting with OS X Lion, do you mean that it is mandatory to configure Mavericks using the XML method?  

  I have no idea what that means.  Which "You" are you referring to?  Where did you get this information from?

> Question #4.  As for the certificates, they are being created using the "sha1" method like you suggested (typed like that rather than "sha-1" if that makes any difference.)  The "default_bits" are set to 2048.   Following is the command I used to create the DH file: "openssl  dhparam  -check  -text  -5  1024 -out  dh".  I have seen some instructions that say to trim sections out of the certificates using a text editor before using them with a Mac, would it be helpful to do that at all?

  You should create certificates using the instructions and tools in raddb/certs/.  That is set up to be simple and painless.

  Alan DeKok.

More information about the Freeradius-Users mailing list