OpenDirectory on FreeRadius 3.0.19
Alan DeKok
aland at deployingradius.com
Wed Aug 14 15:30:12 CEST 2019
On Aug 14, 2019, at 9:19 AM, Dave Walsh <dave_walsh at lsrhs.net> wrote:
>
> I had a FreeRadius 2.2.0 server running under Mac OS X 10.8.5
> connected to my old wireless setup. We just replaced the wireless with
> Aruba gear and I'm trying to configure a new install of FreeRadius
> 3.0.19 to use OpenDirectory like the old install. I think I've got all
> the configs set straight, but client connections are failing with
> known good username/password combinations. And yes, I fixed the
> homebrew settings so the dylib for OpenDirectory loads.
That may be a home-brew thing. I just install FR from source.
> Is there a how-to guide on setting up FR3 with OpenDirectory? I
> couldn't find one with a few different searches...
The opendirectory configuration file mods-available/opendirectory contains a pointer to the official Apple documentation.
> Or maybe something will jump out of the debug log below?
Going to the relevant portion:
> /usr/local/Cellar/freeradius-server/3.0.19/etc/raddb/sites-enabled/inner-tunnel
> (11) eap_mschapv2: authenticate {
> (11) mschap: WARNING: No Cleartext-Password configured. Cannot create
> NT-Password
> (11) mschap: WARNING: No Cleartext-Password configured. Cannot create
> LM-Password
> (11) mschap: No NT-Password configured. Trying OpenDirectory Authentication
> (11) mschap: OD username_string = average, OD shortUserName=average?
> (length = 8)
> (11) mschap: ERROR: rlm_mschap: authentication failed - status = eUndefinedError
Hmm... that's a bit weird.
The only thing I can think of is that maybe Apple has changed / deprecated their API?
Or, see the official Apple documentation for more configuration instructions.
Alan DeKok.
More information about the Freeradius-Users
mailing list