OS X Leopard RADIUS Server for AD users

[HodgeHi]

Good afternoon,

I am currently looking at getting the RADIUS server running. I have configured the Extreme Base Stations (which consisted adding them to the list) and then added the allowed users to the SACL list. I added the AD group into the list of allowed users.

I logged in as an admin on a macbook. I imported the RADIUS config. It prompted me for a username and password. I enter an allowed users' username and password and it accepts it and doesn't say anything else but it doesn't work. Looking at the RADIUS logs on the server reveals a little more:

Wed Nov 5 13:49:45 2008 : Auth: rlm_opendirectory: User <ADuser> is authorized.
Wed Nov 5 13:49:45 2008 : Auth: rlm_opendirectory: User <ADuser> is authorized.
Wed Nov 5 13:49:45 2008 : Auth: rlm_opendirectory: User <ADuser> is authorized.
Wed Nov 5 13:49:45 2008 : Auth: rlm_opendirectory: User <ADuser> is authorized.
Wed Nov 5 13:49:45 2008 : Auth: rlm_opendirectory: User <ADuser> is authorized.
Wed Nov 5 13:49:45 2008 : Error: rlm_mschap: authentication failed -14091
Wed Nov 5 13:49:45 2008 : Auth: Login incorrect: [ADuser/<no User-Password attribute>] (from client localhost port 0)
Wed Nov 5 13:49:45 2008 : Auth: Login incorrect: [ADuser/<no User-Password attribute>] (from client ICT Access Point port 0 cli 00-19-E3-04-63-48)

Now if i use an account in the Open Directory it works fine. What could be the problem?

[kingswood]

Apple chose freeRADIUS when they configured RADIUS support in OS X, and for that reason I believe they have inherited a freeRADIUS config file error that leads to this situation!

Resetting the user's password in WGM fixes the problems temporarily, but like I said, MS-CHAP support in freeRADIUS is a bit "wobbly" right now...

Sorry I can't be of more help!

If you *do* get it working let me know how you fixed it!

Paul