Freeradius PEAP/MSCHAPv2 against Apple OpenDirectory
Alan DeKok
aland at deployingradius.com
Sat Feb 13 08:21:18 CET 2010
Moe D. wrote:
> I got a machine up and running Freeradius 2.1.0 with SSL support to
> secure a Wireless LAN. In our school’s network we (have to) use an Apple
> Mac OS X 10.4 Server with Samba as the PDC. Samba stores the user
> information using the OpenDirectory on the same server – using the NTLM
> password hashes… so far, there should be no problem for Freeradius using
> LDAP to connect to the OD an retrieve the NTLM hash to authenticate the
> wireless clients.
Use the "mschap" module. Apple has contributed code to make
FreeRADIUS work with Open Directory.
Edit the "mschap" configuration, and add:
use_open_directory = yes
That's it.
You may need to use a more recent version of FreeRADIUS. I suggest 2.1.8.
Alan DeKok.
More information about the Freeradius-Users
mailing list