Can ZeroShell us OS X LDAP to Authenticate users?

Home Page Forums Network Management Networking Can ZeroShell us OS X LDAP to Authenticate users?

This topic contains 4 replies, has 0 voices, and was last updated by  subzer0 9 years, 7 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #41809

    subzer0
    Member

    I’d like to have ZeroShell authenticate users via its RADIUS server using my existing OS X Server LDAP. Can this be done? I’ve got ZeroShell running and doing what I need it to do, but it’s main purpose is to be a RADIUS server to secure our wireless. I don’t intent to use is as an LDAP/DHCP/DNS/Firewall/…etc.

    I’ve managed to have it relay DHCP request to our dedicated DHCP server.

    Help,

    #48493

    Does OS X have it’s own radius server implementation ?

    #48494

    subzer0
    Member

    You’re right as you know OS X does have its own RADIUS, but apparently it only works with its base stations. My infrastructure is not built on base stations.

    #48495

    There is a way to proxy the radius requests to OS X Server which is separate from the base station scenario. This avoids using LDAP integration. I will test on my OS X server but if i don’t reply to this post send me a PM.

    #48496

    zevlag
    Member

    I have OS X Server replying to RADIUS requests from non Airport base stations, it should be able to respond to ZS as well.

    I want to configure ZS to authenticate my OpenVPN users against my OS X Server RADIUS or LDAP.

    #48497

    subzer0
    Member

    Well I got OS X RADIUS to do work with my Dlinks. I liked Zeroshell but I needed a fast solution. In brief:
    – Create a self signed cert in OS X RADIUS (otherwise it wont start)
    – Edit these files /etc/raddb/users to say this

    DEFAULT Auth-Type = opendirectory
    Fall-Through = 1

    – Edit /etc/raddb/clients.conf
    Add your AP (client) as instructed here’s mine

    client 10.60.300.25 {
    secret = openup
    shortname = Dlink (whatever you have)
    nastype = other (OS X manual says you must use other if not listed)
    login = admin
    password = nopass
    }

    Restart RADIUS
    Configure your AP to point to the RADIUS server and use the secret password.

    That’s it. All my users now need to auth using their existing OpenLDAP accounts credentials. I’ve created accounts for Windows users (just login accounts) and is all good. If you need further details I’ll post. Like I said I like zeroshell, but it needed to fully integrate into my existing infrastructure.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.