Forum Mac Os X server

Forum francophone sur les technologies serveur d'Apple
AccueilAccueil  FAQFAQ  RechercherRechercher  S'enregistrerS'enregistrer  MembresMembres  GroupesGroupes  Connexion  

Partagez | 

 débrider le serveur Radius fourni sur Leopard Server

Aller en bas 

Nombre de messages : 442
Localisation : Nantes_Fr
Date d'inscription : 13/11/2005

MessageSujet: débrider le serveur Radius fourni sur Leopard Server   Mer 5 Mar - 18:31

Le service Radius fourni par 10.5 server semble n'être présent que pour gérer ce service avec les bases Airport. Pourtant, ce service, repose un véritable serveur freeRadius bridé.

Voici, in english comment lui rendre sa pleine fonctionnalité :

OS X 10.5 Server comes with a Radius server, but at the surface, it seems that Apple only ships with support for wireless access stations. However, the foundation is a fully working FreeRadius server.

When trying to get the Radius server to work together with our Checkpoint firewall for VPN authentication, I found that the Radius server tries to authenticate the users against the /etc/passwd file. However, for authorization, it correctly queries the OpenDirectory. I opened a support call with Apple, and I eventually received the following instructions to change the behavior.

Apple included RADIUS services in Leopard server to Apply support for our own Access points, (Airport Express and Extreme), Apple may continue work to implement further functions and support, but at this stage, RADIUS in Leopard Services configures AirPort Base Stations. But as you pointed out under the hood, Leopards RADIUS Service is really 'freeRADIUS.'

Regarding this error:

Tue Nov 20 15:02:19 2007 : Auth: rlm_opendirectory: User <****> is authorized.
Tue Nov 20 15:02:19 2007 : Auth: rlm_unix: [****]: invalid password

By default, the RADIUS process doesn't know how to deal with the request when it comes in, so the request falls through to the default authentication type of a Unix password file (System). In other words, it doesn't know to look in OpenDirectory for the MAC Address. To correct this, you need to change one line in /etc/raddb/users. At about line 153, you'll see this:

DEFAULT Auth-Type = System
Fall-Through = 1

Change this to:

DEFAULT Auth-Type = opendirectory
Fall-Through = 1

After making this change, you'll have to restart the RADIUS process, this should solve your issue. Furthermore, the logging pane may not show all information that is needed to troubleshoot RADIUS issues. But as the service is based on freeRADIUS, there are more logs that can be started (and stopped). Specifically, the RADIUS process can log all authentication requests, along with a valid password or invalid password. To do this, type the following in terminal from the server:

$ sudo radiusconfig -setconfig log_auth yes
$ sudo radiusconfig -setconfig log_auth_goodpass yes
$ sudo radiusconfig -setconfig log_auth_badpass yes

Revenir en haut Aller en bas
Voir le profil de l'utilisateur
débrider le serveur Radius fourni sur Leopard Server
Revenir en haut 
Page 1 sur 1
 Sujets similaires
» Serveur Proxy
» savoir si un fichier existe sur un serveur ftp !
» Problême de déconnexions intempestives (au serveur DNS??)
» Ping serveur Aubervillier +15
» Le matériel fourni avec l'offre Fibre Bbox

Permission de ce forum:Vous ne pouvez pas répondre aux sujets dans ce forum
Forum Mac Os X server :: Installation Os X serveur-
Sauter vers: