Freeradius to authenticate against Google LDAP

Alan DeKok aland at
Wed Feb 10 14:35:54 CET 2021

On Feb 10, 2021, at 4:48 AM, Christian Bednarz <christian.bednarz at> wrote:
> Hi all.
> I finally managed to get an Access-Accept in radtest (I apparently forgot to uncomment the ldap section in sites-enabled/default’s authenticate section), so I went on trying to implement the whole free radius solution within our Ubiquity network for VPN. And communication between client, vpn gateway, freeradius and Google LDAP itself seem to work fine, telling from the debug log, which makes me extremely happy.
> But what fails it the authentication part while trying to connect with built-in VPN connect from macOS Big Sur (11.2.0). Here is the log:

  Because OSX is doing MS-CHAP, and the password in Google is incompatible with it.

  It is impossible to use MS-CHAP with Google LDAP.

  Your choices are:

a) make the VPN use clear-text passwords

b) store clear-text password in a DB that your RADIUS server can use.

  Alan DeKok.

More information about the Freeradius-Users mailing list