FR 3.0.21 authenticating to OpenDirectory on macOS Catalina
Alan DeKok
aland at deployingradius.com
Sun Nov 22 15:03:03 CET 2020
On Nov 20, 2020, at 2:00 PM, Jason Holloway via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> FR compiled from source, configured according to Apple Support KB and
> tested authenticating successfully via PAP.
>
> However, MSCHAPv2 authentication failing.
>
> (3) mschap: WARNING: No Cleartext-Password configured. Cannot create
> NT-Password
> (3) mschap: No NT-Password configured. Trying OpenDirectory
> Authentication
> (3) mschap: OD username_string = jasonh, OD shortUserName= (length =
> 0)
> (3) mschap: ERROR: rlm_mschap: authentication failed - status =
> eUndefinedError
What a helpful error message. :(
The issue here is that FreeRADIUS hands the MS-CHAP data to OpenDirectory, and OpenDirectory returns success / fail. Or in this case, "error".
Unless we get more information about how OpenDirectory works, there isn't much more that we can do.
Alan DeKok.
More information about the Freeradius-Users
mailing list