OpenDirectory on FreeRadius 3.0.19

Dave Walsh dave_walsh at lsrhs.net
Wed Aug 14 19:04:14 CEST 2019 

Thanks Alan, Apple definitely must have changed something.

It won't work on OS X 10.14, but when I configured it on an OS X 10.11
machine it works as expected.

Thanks for the suggestion.

-Dave Walsh
Network Administrator
Lincoln-Sudbury Regional HS
Sudbury, MA 01776
(978) 443-9961 x3336

On Wed, Aug 14, 2019 at 9:30 AM Alan DeKok <aland at deployingradius.com> wrote:
>
> On Aug 14, 2019, at 9:19 AM, Dave Walsh <dave_walsh at lsrhs.net> wrote:
> >
> > I had a FreeRadius 2.2.0 server running under Mac OS X 10.8.5
> > connected to my old wireless setup. We just replaced the wireless with
> > Aruba gear and I'm trying to configure a new install of FreeRadius
> > 3.0.19 to use OpenDirectory like the old install. I think I've got all
> > the configs set straight, but client connections are failing with
> > known good username/password combinations. And yes, I fixed the
> > homebrew settings so the dylib for OpenDirectory loads.
>
>   That may be a home-brew thing.  I just install FR from source.
>
> > Is there a how-to guide on setting up FR3 with OpenDirectory? I
> > couldn't find one with a few different searches...
>
>   The opendirectory configuration file mods-available/opendirectory contains a pointer to the official Apple documentation.
>
> > Or maybe something will jump out of the debug log below?
>
>   Going to the relevant portion:
>
> > /usr/local/Cellar/freeradius-server/3.0.19/etc/raddb/sites-enabled/inner-tunnel
> > (11) eap_mschapv2:   authenticate {
> > (11) mschap: WARNING: No Cleartext-Password configured.  Cannot create
> > NT-Password
> > (11) mschap: WARNING: No Cleartext-Password configured.  Cannot create
> > LM-Password
> > (11) mschap: No NT-Password configured. Trying OpenDirectory Authentication
> > (11) mschap: OD username_string = average, OD shortUserName=average?
> > (length = 8)
> > (11) mschap: ERROR: rlm_mschap: authentication failed - status = eUndefinedError
>
>   Hmm... that's a bit weird.
>
>   The only thing I can think of is that maybe Apple has changed / deprecated their API?
>
>   Or, see the official Apple documentation for more configuration instructions.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list