[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Freeradius to authenticate against Google LDAP
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2021-02-10 13:35:54
Message-ID: 9C0AEFA3-4DD9-4056-9DAF-DFA55CB447E5 () deployingradius ! com
[Download RAW message or body]

On Feb 10, 2021, at 4:48 AM, Christian Bednarz <christian.bednarz@lanes-planes.com> \
wrote:
> 
> Hi all.
> 
> I finally managed to get an Access-Accept in radtest (I apparently forgot to \
> uncomment the ldap section in sites-enabled/default's authenticate section), so I \
> went on trying to implement the whole free radius solution within our Ubiquity \
> network for VPN. And communication between client, vpn gateway, freeradius and \
> Google LDAP itself seem to work fine, telling from the debug log, which makes me \
> extremely happy. 
> But what fails it the authentication part while trying to connect with built-in VPN \
> connect from macOS Big Sur (11.2.0). Here is the log:

  Because OSX is doing MS-CHAP, and the password in Google is incompatible with it.

http://deployingradius.com/documents/protocols/compatibility.html

  It is impossible to use MS-CHAP with Google LDAP.

  Your choices are:

a) make the VPN use clear-text passwords

b) store clear-text password in a DB that your RADIUS server can use.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]