Freeradius PEAP/MSCHAPv2 against Apple OpenDirectory

Alan DeKok aland at
Sat Feb 13 08:21:18 CET 2010

Moe D. wrote:
> I got a machine up and running Freeradius 2.1.0 with SSL support to
> secure a Wireless LAN. In our school’s network we (have to) use an Apple
> Mac OS X 10.4 Server with Samba as the PDC. Samba stores the user
> information using the OpenDirectory on the same server – using the NTLM
> password hashes… so far, there should be no problem for Freeradius using
> LDAP to connect to the OD an retrieve the NTLM hash to authenticate the
> wireless clients.

  Use the "mschap" module.  Apple has contributed code to make
FreeRADIUS work with Open Directory.

  Edit the "mschap" configuration, and add:

	use_open_directory = yes

  That's it.

  You may need to use a more recent version of FreeRADIUS.  I suggest 2.1.8.

  Alan DeKok.

More information about the Freeradius-Users mailing list