[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: Freeradius to authenticate against Google LDAP
From: Alan DeKok <aland () deployingradius ! com>
Date: 2021-02-10 13:35:54
Message-ID: 9C0AEFA3-4DD9-4056-9DAF-DFA55CB447E5 () deployingradius ! com
[Download RAW message or body]
On Feb 10, 2021, at 4:48 AM, Christian Bednarz <christian.bednarz@lanes-planes.com> \
wrote:
>
> Hi all.
>
> I finally managed to get an Access-Accept in radtest (I apparently forgot to \
> uncomment the ldap section in sites-enabled/default's authenticate section), so I \
> went on trying to implement the whole free radius solution within our Ubiquity \
> network for VPN. And communication between client, vpn gateway, freeradius and \
> Google LDAP itself seem to work fine, telling from the debug log, which makes me \
> extremely happy.
> But what fails it the authentication part while trying to connect with built-in VPN \
> connect from macOS Big Sur (11.2.0). Here is the log:
Because OSX is doing MS-CHAP, and the password in Google is incompatible with it.
http://deployingradius.com/documents/protocols/compatibility.html
It is impossible to use MS-CHAP with Google LDAP.
Your choices are:
a) make the VPN use clear-text passwords
b) store clear-text password in a DB that your RADIUS server can use.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic