OS X Mavericks not connecting to Debian FreeRADIUS

Edward Ulrich email at edwardulrich.com
Mon Aug 10 21:57:08 CEST 2015 

Following is an additional post for the thread I started this morning, 
thank you..

Thank you for you help with my previous post.  I have some additional 
questions also:

Question #1.  As for the RADIUS requests not getting to the server, I 
have a question about the value of "ipaddr" in the "clients.conf" file.  
All of the instructions that I have seen have been unclear about what 
this value this should be set to specifically..  Should it be the IP 
address of the computer hosting the Radius server (192.168.1.113), or 
the IP address of the router (192.168.1.1), or some other value?  I have 
tried all values and still get the same error message.  Note that I have 
not yet set the ip address of the server computer to be static in the 
"/etc/network/interfaces" file.  Following are the questions about this:

Question 1a:  What is the best value to use for the "ipaddr" variable in 
"clients.conf"?  Such as the ip address of the server computer, ect..

Question 1b:  What is the best value to use for the "Radius Auth Server 
Address" setting in the router (using DD-WRT)?  Presumably it is the 
same value as 1a?

Question 1c:  How important is setting the IP address of the server 
computer to be static while testing even though I am sure that the IP 
address of the server computer is currently 192.168.1.113 for the time 
being?

Question 1d:  What is the best source of information about this issue if 
the answer is complex?

_____

Question #2. Version 2.1.12 of FreeRADIUS is the one that was installed 
when I entered the "apt-get update" and "apt-get install freeradius" 
commands.  What would be the biggest benefits of upgrading to a newer 
version?  Presumably I would need to reconfigure from scratch if I 
upgraded, am I correct?  I have a feeling my problems are elsewhere for 
the time being if the user client computer is not connecting to the 
server though.

_____

Question #3.  When you say "Users cannot manually configure their 802.1x 
settings" on Mac computers starting with OS X Lion, do you mean that it 
is mandatory to configure Mavericks using the XML method?  I'm currently 
trying to configure the networking manually in the "Network > Wi-Fi" 
section of the prefs by selecting "WPA2-Enterprise", then "EAP-TLS," and 
it does seem to be taking all of the necessary information and it even 
gives the name of the certificate as a pull-down option, however it then 
says "invalid password" when I try to connect.

____

Question #4.  As for the certificates, they are being created using the 
"sha1" method like you suggested (typed like that rather than "sha-1" if 
that makes any difference.)  The "default_bits" are set to 2048.   
Following is the command I used to create the DH file: "openssl  
dhparam  -check  -text  -5  1024 -out  dh".  I have seen some 
instructions that say to trim sections out of the certificates using a 
text editor before using them with a Mac, would it be helpful to do that 
at all?

Thanks for your help!

More information about the Freeradius-Users mailing list