OpenDirectory on Mac OS X 10.6 authenticating Cisco ASA

mail at wetzelandson.com mail at wetzelandson.com
Tue Jan 12 22:14:49 CET 2010


Alan,
Thank you for taking the time to read my post.  I'm sorry if I have
possibly misplaced terms here.

In looking at the Apple 10.5.4 clients.conf file which was edited to
include the following lines duplicated from earlier sample lines in the
file, my term choices from the lines relevant here are :

client 192.168.*.* {
       secret          =
       shortname       =
}

The setup I described works when the value of "secret" is placed into the
"Server Secret Key" field on the ASA and the value of "shortname" is
placed into the "Common Password" field on the ASA at the matching client
address.  For the purpose of making sure I am speaking correctly, I just
manually reset everything.  It is set as I have listed it here.

The point I want to make is that I have this working in 10.5.4, radtest,
the ASA built in test and actual VPN connections all work.  I cannot get
either of the tests or the actual VPN connections to work with the exact
settings duplicated on a 10.6 test server.

Is there something further I can give to you that would help you
understand what is happening or what I am looking to do?  The issue
appears to be the selection of Auth-Type = opendirectory does not seem to
work in 10.6.

Thanks again - Erich


> Hi,
>
>> On the ASA
>> Go to the AAA settings. As appropriate, set up an authentication server
>> using radius, at your RADIUS server IP using the shared key as expected
>> and the shortname from the RADIUS setup as the common key in the ASA.
>
> whoah. the shared secret used in client.conf is the common key.
>
> alan
>
>


Wetzel and Son
www.wetzelandson.com
Philadelphia, Rockledge, Willow Grove
215-659-0911




More information about the Freeradius-Users mailing list