Installing FreeRADIUS from source on macOS
Palvelin Postmaster
postmaster at palvelin.fi
Fri Oct 12 08:26:03 CEST 2018
> On 11 Oct 2018, at 16:03, Alan DeKok <aland at deployingradius.com> wrote:
>
> On Oct 11, 2018, at 4:37 AM, Sebastian Hagedorn <Hagedorn at uni-koeln.de> wrote:
>> Apple has recently published this guide that also covers FR 3 with OD:
>>
>> <https://developer.apple.com/support/macos-server/macOS-Server-Service-Migration-Guide.pdf>
>
> It looks to be reasonable. I've added a link to it from the "opendirectory" module configuration.
Having read this, I have some concerns,
Quote 1 from the RADIUS section: "Converting to the open source version allows continued authentication for all current users with password type RECOVERABLE. New users won’t be able to use FreeRADIUS."
Quote 2: "Adding a user to freeRadius: Add new users of the radius service through the Server.app. This will require that the user’s password be stored in a less secure manner."
These quotes are both confusing and conflicting. On one hand it bluntly states "new users" won’t be able to use FreeRADIUS. New how? Added after upgrading to macOS Mojave? On the other hand it also instructs adding new users via OD.
Additionally, it discusses storing passwords ”in a less secure manner” which, I’m guessing, refers to using Crypt or Shadow password types instead of OD type. This would be, of course, less desirable, but based on my initial research it looks like it’s also impossible because macOS Mojave’s OD service doesn’t allow selection of password type anymore.
Can anyone offer any insights?
--
Palvelin.fi Hostmaster
postmaster at palvelin.fi
More information about the Freeradius-Users
mailing list