Forum Mac Os X server
Vous souhaitez réagir à ce message ? Créez un compte en quelques clics ou connectez-vous pour continuer.
Forum Mac Os X server

Forum francophone sur les technologies serveur d'Apple
 
AccueilAccueil  RechercherRechercher  Dernières imagesDernières images  S'enregistrerS'enregistrer  Connexion  
-20%
Le deal à ne pas rater :
-20% Récupérateur à eau mural 300 litres (Anthracite)
79 € 99 €
Voir le deal

Forum Mac Os X server :: Installation Os X serveur
 

 débrider le serveur Radius fourni sur Leopard Server

Aller en bas 
AuteurMessage
Alex_
Admin



Nombre de messages : 442
Localisation : Nantes_Fr
Date d'inscription : 13/11/2005

débrider le serveur Radius fourni sur Leopard Server Empty
MessageSujet: débrider le serveur Radius fourni sur Leopard Server   débrider le serveur Radius fourni sur Leopard Server EmptyMer 5 Mar - 18:31
Le service Radius fourni par 10.5 server semble n'être présent que pour gérer ce service avec les bases Airport. Pourtant, ce service, repose un véritable serveur freeRadius bridé.

Voici, in english comment lui rendre sa pleine fonctionnalité :

OS X 10.5 Server comes with a Radius server, but at the surface, it seems that Apple only ships with support for wireless access stations. However, the foundation is a fully working FreeRadius server.

When trying to get the Radius server to work together with our Checkpoint firewall for VPN authentication, I found that the Radius server tries to authenticate the users against the /etc/passwd file. However, for authorization, it correctly queries the OpenDirectory. I opened a support call with Apple, and I eventually received the following instructions to change the behavior.



Apple included RADIUS services in Leopard server to Apply support for our own Access points, (Airport Express and Extreme), Apple may continue work to implement further functions and support, but at this stage, RADIUS in Leopard Services configures AirPort Base Stations. But as you pointed out under the hood, Leopards RADIUS Service is really 'freeRADIUS.'

Regarding this error:

Tue Nov 20 15:02:19 2007 : Auth: rlm_opendirectory: User <****> is authorized.
Tue Nov 20 15:02:19 2007 : Auth: rlm_unix: [****]: invalid password

By default, the RADIUS process doesn't know how to deal with the request when it comes in, so the request falls through to the default authentication type of a Unix password file (System). In other words, it doesn't know to look in OpenDirectory for the MAC Address. To correct this, you need to change one line in /etc/raddb/users. At about line 153, you'll see this:

DEFAULT Auth-Type = System
Fall-Through = 1

Change this to:

DEFAULT Auth-Type = opendirectory
Fall-Through = 1

After making this change, you'll have to restart the RADIUS process, this should solve your issue. Furthermore, the logging pane may not show all information that is needed to troubleshoot RADIUS issues. But as the service is based on freeRADIUS, there are more logs that can be started (and stopped). Specifically, the RADIUS process can log all authentication requests, along with a valid password or invalid password. To do this, type the following in terminal from the server:

$ sudo radiusconfig -setconfig log_auth yes
$ sudo radiusconfig -setconfig log_auth_goodpass yes
$ sudo radiusconfig -setconfig log_auth_badpass yes


source
Revenir en haut Aller en bas
http://www.erba-nantes.fr
 
débrider le serveur Radius fourni sur Leopard Server
Revenir en haut 
Page 1 sur 1
 Sujets similaires
-
» [Leopard Server] partage de fichiers
» [cherche] Mac OS X Server Leopard
» DVD Installation Mac os x serveur snow Leopard
» Debuter avec OSX Server Leopard

Permission de ce forum:Vous ne pouvez pas répondre aux sujets dans ce forum
Forum Mac Os X server :: Installation Os X serveur-
Sauter vers:  
Ne ratez plus aucun deal !
Abonnez-vous pour recevoir par notification une sélection des meilleurs deals chaque jour.
IgnorerAutoriser