Freeradius to authenticate against Google LDAP
Alan DeKok
aland at deployingradius.com
Wed Feb 10 14:35:54 CET 2021
On Feb 10, 2021, at 4:48 AM, Christian Bednarz <christian.bednarz at lanes-planes.com> wrote:
>
> Hi all.
>
> I finally managed to get an Access-Accept in radtest (I apparently forgot to uncomment the ldap section in sites-enabled/default’s authenticate section), so I went on trying to implement the whole free radius solution within our Ubiquity network for VPN. And communication between client, vpn gateway, freeradius and Google LDAP itself seem to work fine, telling from the debug log, which makes me extremely happy.
>
> But what fails it the authentication part while trying to connect with built-in VPN connect from macOS Big Sur (11.2.0). Here is the log:
Because OSX is doing MS-CHAP, and the password in Google is incompatible with it.
http://deployingradius.com/documents/protocols/compatibility.html
It is impossible to use MS-CHAP with Google LDAP.
Your choices are:
a) make the VPN use clear-text passwords
b) store clear-text password in a DB that your RADIUS server can use.
Alan DeKok.
More information about the Freeradius-Users
mailing list