OS X Mavericks not connecting to Debian FreeRADIUS

Alan DeKok aland at deployingradius.com
Wed Aug 12 09:29:01 CEST 2015 

On Aug 12, 2015, at 1:02 AM, Edward Ulrich <email at edwardulrich.com> wrote:
> I think configuring FreeRadius can be more within the grasp of people who aren’t career sys admins if the instructions were more clear.

  The documentation assumes that you understand a little bit about networking and system administration.  We do *not* provide a full "introduction to Unix" course as part of FreeRADIUS.  Such expectations are unreasonable.

>  For example when finding the value to use as “ipaddr” in clients.conf, the instructions in the config file only mention to use the IP of the client, it does not mention if I should use the LAN IP or the WAN IP of my wireless router, for example.

  This requires understanding routing.  Can the LAN IP route to the RADIUS server IP?  Yes?  Then that's what you use.

  If you think that IP addresses are magic numbers with no meaning... you're going to have a bad time.

>  Now, obviously I would be able to figure that out through trail and error, but when there is a problem someplace else in the chain I want to know for certain that this value has been set exactly to what it needs to be right from the start..  A career systems administrator may already know which value to use but others would not, so why don’t they just give a specific example of using a wireless router in the lengthy docs of the config file and mention the name LAN IP or WAN IP?

  Because not every system has a LAN IP and a WAN IP.  Many just have one IP.  We presume that the administrator is experienced enough to know which one to use.

  i.e. stop thinking about your particular system.  We have to document FreeRADIUS for *everyone*.  It is again unreasonable to expect that we document *everything* about *everyone's* system... world-wide.

>  Also it is annoying to me how often the wireless router is referred to as the  “client” in all sorts of instructions that I see, it is confusing terminology for the process even if it is technically correct.

  It's not just "technically correct", it's the accepted terminology.  It's how people refer to systems on the net.

  If you take your car to a mechanic, he's going to get cranky when you refer to the engine as a "carrot", because you find the term "engine" too "techy", and too hard to remember.

> I have seen varying instructions which explain differing optimum addresses to set the static address of the server computer to be.  I realize that it is important to set this to ensure that it doesn't change over time, but you did not really answer my question when I asked if it is crucial to set that for testing purposes when I know what the address of the server computer is in the meantime.

  I did answer your question.  As you've shown, you're unwilling to believe the documentation, or my answers here.

> As far as using the default method for creating the certificates in “raddb/certs,” almost all of the online sources I have seen have said not to use that method and give instructions for clearing that out and using custom openssl commands instead.

  Those sources are stupid and wrong.  If you read the FreeRADIUS documentation (I suggest doing so...), the docs and web pages say that most third party documentation is wrong and outdated.

>  Do you know of success creating certificates that work with OS X Mavericks using that default method?  And can that method be automated using scripting?

  Uh... the default methods *already* use scripting.

>  Right now that directory has been wiped out on my computer according to online instructions I have followed,

  Go back and re-install the default configuration.

> so I can’t read any instructions that may have been included with it.

  If only there was a way for you to download a *new* copy of the server, and get a fresh copy of the files.

 Your attitude is part of the problem.  It's why you're finding this so difficult to do.  You shoot yourself in the foot, refuse all help... and then complain that your foot hurts.

  Just stop it.

>  Do you know if there has there been recent upgrades to the “raddb/certs” method in the newer versions of FreeRADIUS which would give it greater compatibility with newer versions of OS X?

  Did you even bother trying the default scripts that come with the server?

  No?

  Since you're too lazy to follow the documentation and use the examples that ships with the server, I'm too lazy to answer any more of your questions.

  Alan DeKok.

More information about the Freeradius-Users mailing list