I got the first step..., FreeRadius and OpenDirectory are "speaking" the same language BUT I'm not able to authenticate the users...
On the client side I have a function to get the chap and on the server side I don't save the password in hashing manner (i guess) ... When I try to auth, this is the output: rad_recv: Access-Request packet from host 192.168.58.126 port 55684, id=4, length=234 Vendor-14559-Attr-8 = 0x312e322e33 User-Name = "root" CHAP-Challenge = 0x0edd76439301b38946e175305f4f951f CHAP-Password = 0x0009043c756f718e348b26b5300f0e10ab Service-Type = Login-User Acct-Session-Id = "4e30263e00000001" Framed-IP-Address = 10.10.0.1 NAS-Port-Type = Wireless-802.11 NAS-Port = 1 NAS-Port-Id = "00000001" Calling-Station-Id = "00-23-DF-8E-F7-7A" Called-Station-Id = "00-60-E0-E0-A4-D4" NAS-IP-Address = 10.10.0.15 NAS-Identifier = "kenny" WISPr-Logoff-URL = "http://10.10.0.15:3990/logoff" Message-Authenticator = 0x02107a4aa5448c95bcb1c66989947389 +- entering group authorize {...} ++[preprocess] returns ok [chap] Setting 'Auth-Type := CHAP' ++[chap] returns ok ++[mschap] returns noop [suffix] No '@' in User-Name = "root", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[unix] returns updated ++[files] returns noop rlm_opendirectory: The SACL group "com.apple.access_radius" does not exist on this system. rlm_opendirectory: The host 192.168.58.126 does not have an access group. rlm_opendirectory: no access control groups, all users allowed. ++[opendirectory] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = CHAP +- entering group CHAP {...} [chap] login attempt by "root" with CHAP password [chap] Cleartext-Password is required for authentication ++[chap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> root attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 10 for 1 seconds Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 192.168.58.126 port 55684, id=4, length=234 Waiting to send Access-Reject to client lan port 55684 - ID: 4 Waking up in 0.9 seconds. Sending delayed reject for request 10 Sending Access-Reject of id 4 to 192.168.58.126 port 55684 Waking up in 4.9 seconds. Cleaning up request 10 ID 4 with timestamp +1898 Ready to process requests. I have some doubt on the Apple side.., is the server asking for clear password on the apple side? I hope you can help me, one more time. Cheers, Max Il 27/07/11 14.54, Alan DeKok ha scritto: > Massimiliano Tommasi wrote: >> You are pretty right ;) >> I have just recompiled freeradius with that module, which I need... >> It seems to be what I need but ... I notice a lack of documentation for >> that module.. >> I have found nothing at all :( >> Could you suggest me some doc or/and example of the conf, please? > > I said: > >>> Just list "opendirectory" in the "authorize" and "authenticate" sections. > > That's it. > > It's that simple. It doesn't need more documentation. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- :: P u r p l e s r l :: security and network :: via Vittorio Veneto 8/B :: i-20091 Bresso - Milano :: web: www.purplesrl.com :: Massimiliano Tommasi :: email: m.tomm...@purplesrl.com :: phone: +39 02 36687280 :: fax: +39 02 700511249 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html