OpenDirectory Authentication fails

Alan DeKok aland at
Tue Feb 4 16:48:55 CET 2020

On Feb 4, 2020, at 7:05 AM, Carsten Kirschner via Freeradius-Users <freeradius-users at> wrote:
>    We have freeradius with the open directory plugin, which accesses a mac server to authenticate users. This works for most users, but we have a few users that experience errors what I cannot understand.
>    In the inner tunnel the OpenDirectory plugin accesses the server and when it fails it logs a weird value for shortUserName (HWeissbrodt7.0.0A?؎???). For the users which can use the radius server username_string and shortUserName are the same.

  The shortUserName comes from OpenDirectory.  i.e. FreeRADIUS asks OpenDirectory for the short name, and that's what OD returns.

>    I traced the debug print to

  Huh?  There *is* an official FreeRADIUS repository:

> which suggests — for me — that it is a problem with the open directory communication, but I am neither sure nor can I see how the shortUserName can become that strange in the first place.

  I don't know.  If that's what comes back from OpenDirectory, there isn't much that FreeRADIUS can do about it.

  Alan DeKok.

More information about the Freeradius-Users mailing list