I have now done a lot of debugging with my OS X Server + Open Directory Users setup:
Using an Apple Access Point AND using Apple's Server Admin management tool to configure radiusd I am able to authenticate to Open Directory users BUT only when I provide my shortname without the realm/domain name. EG Authenticating as user "u1" works, but authenticating as user "[EMAIL PROTECTED]" does not work. I now know that it IS possible to authenticate towards OD :) Unfortunately I am unable to figure out how to change the configuration to solve my problem authenticating users like "[EMAIL PROTECTED]" A complete debug is available here: http://voneyben.net/radius/auth-u1-ok.txt http://voneyben.net/radius/[EMAIL PROTECTED] When authenticating ("u1") is done correctly this part looks interesting: rlm_realm: No '@' in User-Name = "u1", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "u1" rlm_realm: Proxying request from user u1 to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. When authenticating ([EMAIL PROTECTED]) is going bad this part looks interesting: modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: Looking up realm "voneyben.net" for User-Name = "[EMAIL PROTECTED]" rlm_realm: Found realm "voneyben.net" rlm_realm: Adding Stripped-User-Name = "u1" rlm_realm: Proxying request from user u1 to realm voneyben.net rlm_realm: Adding Realm = "voneyben.net" rlm_realm: Authentication realm is LOCAL. So how do I modify proxy.conf to get the "[EMAIL PROTECTED]" to be handled the same way as "u1", meaning to get Apple's Open Directory to do it's thing :) Currently the realm in proxy.conf looks like this: realm voneyben.net { type = radius authhost = LOCAL accthost = LOCAL } The complete config files are available here; http://voneyben.net/radius/proxy.conf http://voneyben.net/radius/radiusd.conf http://voneyben.net/radius/eap.conf And - to save a lot of scrolling - without the comments: http://voneyben.net/radius/proxy-no-comments.conf http://voneyben.net/radius/radiusd-no-comments.conf http://voneyben.net/radius/eap-no-comments.conf - TvE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html