FR 3.0.21 authenticating to OpenDirectory on macOS Catalina

Alan DeKok aland at deployingradius.com
Sun Nov 22 15:03:03 CET 2020


On Nov 20, 2020, at 2:00 PM, Jason Holloway via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> 
>   FR compiled from source, configured according to Apple Support KB and
>   tested authenticating successfully via PAP.
> 
>   However, MSCHAPv2 authentication failing.
> 
>   (3) mschap: WARNING: No Cleartext-Password configured.  Cannot create
>   NT-Password
>   (3) mschap: No NT-Password configured. Trying OpenDirectory
>   Authentication
>   (3) mschap: OD username_string = jasonh, OD shortUserName= (length =
>   0)
>   (3) mschap: ERROR: rlm_mschap: authentication failed - status =
>   eUndefinedError

  What a helpful error message. :(

  The issue here is that FreeRADIUS hands the MS-CHAP data to OpenDirectory, and OpenDirectory returns success / fail.  Or in this case, "error".

  Unless we get more information about how OpenDirectory works, there isn't much more that we can do.

  Alan DeKok.




More information about the Freeradius-Users mailing list