Freeradius PEAP/MSCHAPv2 against Apple OpenDirectory

Moritz Dereschkewitz moenster at
Sat Feb 13 08:44:23 CET 2010

Am 13.02.2010 08:21, schrieb Alan DeKok:
> Moe D. wrote:
>> I got a machine up and running Freeradius 2.1.0 with SSL support to
>> secure a Wireless LAN. In our school’s network we (have to) use an Apple
>> Mac OS X 10.4 Server with Samba as the PDC. Samba stores the user
>> information using the OpenDirectory on the same server – using the NTLM
>> password hashes… so far, there should be no problem for Freeradius using
>> LDAP to connect to the OD an retrieve the NTLM hash to authenticate the
>> wireless clients.
>    Use the "mschap" module.  Apple has contributed code to make
> FreeRADIUS work with Open Directory.
>    Edit the "mschap" configuration, and add:
> 	use_open_directory = yes
>    That's it.
>    You may need to use a more recent version of FreeRADIUS.  I suggest 2.1.8.
>    Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
Wow, that sounds great. I haven't read about the use_open_directory 
option yet. Do I have to configure the mschap-module to connect to the 
OD, since Freeradius is not running on the Apple server? E.g. specify 
the server adress? Or does it find the server automatically?

Thanks four your help so far, Alan!


More information about the Freeradius-Users mailing list