As per the suggestion made by Andreas Wolf, I picked up a set of prebuilt binaries based on freeradius-snapshot-20040607 and an (experimental) OpenDirectory module for OS X server. After following all of the instructions in "Setting up a simple WPA Enterprise Infrastructure with MacOS X, AirPort Extreme and freeRadius" I cannot seem to get the radius server to authenticate against OpenDirectory. Instead it seems to insist on trying to authenticate against eap_unix as evidenced (I think, please correct me if I'm wrong) in the debug listing below. Is there somewhere I've gone wrong or misconfigured?
Thanks, Phil
Fri Oct 1 19:09:37 2004 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 5
Fri Oct 1 19:09:37 2004 : Debug: rlm_eap: Request found, released from the list
Fri Oct 1 19:09:37 2004 : Debug: rlm_eap: EAP/ttls
Fri Oct 1 19:09:37 2004 : Debug: rlm_eap: processing type ttls
Fri Oct 1 19:09:37 2004 : Debug: rlm_eap_ttls: Authenticate
Fri Oct 1 19:09:37 2004 : Debug: rlm_eap_tls: processing TLS
Fri Oct 1 19:09:37 2004 : Info: rlm_eap_tls: Length Included
Fri Oct 1 19:09:37 2004 : Debug: eaptls_verify returned 11
Fri Oct 1 19:09:37 2004 : Debug: eaptls_process returned 7
Fri Oct 1 19:09:37 2004 : Debug: rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes.
TTLS tunnel data in 0000: 00 00 00 01 00 00 00 0f 65 72 73 68 6c 65 72 00
TTLS tunnel data in 0010: 00 00 00 02 00 00 00 18 62 79 74 6d 69 6e 65 32
TTLS tunnel data in 0020: 00 00 00 00 00 00 00 00
TTLS: Got tunneled request
User-Name = "ershler"
User-Password = "myTestPassword"
FreeRADIUS-Proxied-To = 127.0.0.1
TTLS: Sending tunneled request
User-Name = "ershler"
User-Password = "myTestPassword"
FreeRADIUS-Proxied-To = 127.0.0.1
Fri Oct 1 19:09:37 2004 : Debug: Processing the authorize section of radiusd.conf
Fri Oct 1 19:09:37 2004 : Debug: modcall: entering group authorize for request 5
Fri Oct 1 19:09:37 2004 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 5
Fri Oct 1 19:09:37 2004 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 5
Fri Oct 1 19:09:37 2004 : Debug: modcall[authorize]: module "preprocess" returns ok for request 5
Fri Oct 1 19:09:37 2004 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 5
Fri Oct 1 19:09:37 2004 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 5
Fri Oct 1 19:09:37 2004 : Debug: modcall[authorize]: module "chap" returns noop for request 5
Fri Oct 1 19:09:37 2004 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 5
Fri Oct 1 19:09:37 2004 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 5
Fri Oct 1 19:09:37 2004 : Debug: modcall[authorize]: module "mschap" returns noop for request 5
Fri Oct 1 19:09:37 2004 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 5
Fri Oct 1 19:09:37 2004 : Debug: rlm_realm: No '@' in User-Name = "ershler", looking up realm NULL
Fri Oct 1 19:09:37 2004 : Debug: rlm_realm: No such realm "NULL"
Fri Oct 1 19:09:37 2004 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 5
Fri Oct 1 19:09:37 2004 : Debug: modcall[authorize]: module "suffix" returns noop for request 5
Fri Oct 1 19:09:37 2004 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 5
Fri Oct 1 19:09:37 2004 : Debug: rlm_eap: No EAP-Message, not doing EAP
Fri Oct 1 19:09:37 2004 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 5
Fri Oct 1 19:09:37 2004 : Debug: modcall[authorize]: module "eap" returns noop for request 5
Fri Oct 1 19:09:37 2004 : Debug: modsingle[authorize]: calling files (rlm_files) for request 5
Fri Oct 1 19:09:37 2004 : Debug: users: Matched DEFAULT at 152
Fri Oct 1 19:09:37 2004 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 5
Fri Oct 1 19:09:37 2004 : Debug: modcall[authorize]: module "files" returns ok for request 5
Fri Oct 1 19:09:37 2004 : Debug: modcall: group authorize returns ok for request 5
Fri Oct 1 19:09:37 2004 : Debug: rad_check_password: Found Auth-Type System
Fri Oct 1 19:09:37 2004 : Debug: auth: type "System"
Fri Oct 1 19:09:37 2004 : Debug: Processing the authenticate section of radiusd.conf
Fri Oct 1 19:09:37 2004 : Debug: modcall: entering group authenticate for request 5
Fri Oct 1 19:09:37 2004 : Debug: modsingle[authenticate]: calling unix (rlm_unix) for request 5
Fri Oct 1 19:09:37 2004 : Auth: rlm_unix: [ershler]: invalid shell []
Fri Oct 1 19:09:37 2004 : Debug: modsingle[authenticate]: returned from unix (rlm_unix) for request 5
Fri Oct 1 19:09:37 2004 : Debug: modcall[authenticate]: module "unix" returns reject for request 5
Fri Oct 1 19:09:37 2004 : Debug: modcall: group authenticate returns reject for request 5
Fri Oct 1 19:09:37 2004 : Debug: auth: Failed to validate the user.
TTLS: Got tunneled reply RADIUS code 3
Fri Oct 1 19:09:37 2004 : Debug: TTLS: Got tunneled Access-Reject
Fri Oct 1 19:09:37 2004 : Debug: rlm_eap: Handler failed in EAP/ttls
Fri Oct 1 19:09:37 2004 : Debug: rlm_eap: Failed in EAP select
Fri Oct 1 19:09:37 2004 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 5
Fri Oct 1 19:09:37 2004 : Debug: modcall[authenticate]: module "eap" returns invalid for request 5
Fri Oct 1 19:09:37 2004 : Debug: modcall: group authenticate returns invalid for request 5
Fri Oct 1 19:09:37 2004 : Debug: auth: Failed to validate the user.
Fri Oct 1 19:09:37 2004 : Debug: Delaying request 5 for 1 seconds
Fri Oct 1 19:09:37 2004 : Debug: Finished request 5
Fri Oct 1 19:09:37 2004 : Debug: Going to the next request
Fri Oct 1 19:09:37 2004 : Debug: Waking up in 5 seconds...
rad_recv: Access-Request packet from host 155.100.140.15:1026, id=35, length=269
Sending Access-Reject of id 35 to 155.100.140.15:1026
EAP-Message = 0x04060004
Message-Authenticator = 0x00000000000000000000000000000000
Fri Oct 1 19:09:37 2004 : Debug: Waking up in 5 seconds...
Fri Oct 1 19:09:42 2004 : Debug: --- Walking the entire request list ---
Fri Oct 1 19:09:42 2004 : Debug: Cleaning up request 0 ID 30 with timestamp 415dffd0
Fri Oct 1 19:09:42 2004 : Debug: Cleaning up request 1 ID 31 with timestamp 415dffd0
Fri Oct 1 19:09:42 2004 : Debug: Cleaning up request 2 ID 32 with timestamp 415dffd0
Fri Oct 1 19:09:42 2004 : Debug: Cleaning up request 3 ID 33 with timestamp 415dffd0
Fri Oct 1 19:09:42 2004 : Debug: Waking up in 1 seconds...
Fri Oct 1 19:09:43 2004 : Debug: --- Walking the entire request list ---
Fri Oct 1 19:09:43 2004 : Debug: Cleaning up request 4 ID 34 with timestamp 415dffd1
Fri Oct 1 19:09:43 2004 : Debug: Cleaning up request 5 ID 35 with timestamp 415dffd1
Fri Oct 1 19:09:43 2004 : Debug: Nothing to do. Sleeping until we see a request.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
