www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Can ZeroShell us OS X LDAP to Authenticate users?

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Networking
View previous topic :: View next topic  
Author Message
subzer0



Joined: 21 Jul 2009
Posts: 3
PostPosted: Tue Jul 21, 2009 5:31 pm    Post subject: Can ZeroShell us OS X LDAP to Authenticate users? Reply with quote
I'd like to have ZeroShell authenticate users via its RADIUS server using my existing OS X Server LDAP. Can this be done? I've got ZeroShell running and doing what I need it to do, but it's main purpose is to be a RADIUS server to secure our wireless. I don't intent to use is as an LDAP/DHCP/DNS/Firewall/...etc.

I've managed to have it relay DHCP request to our dedicated DHCP server.

Help,
Back to top
View user's profile Send private message
vpn_rollercoaster



Joined: 30 Aug 2008
Posts: 80
PostPosted: Tue Jul 21, 2009 6:07 pm    Post subject: Proxy Radius Reply with quote
Does OS X have it's own radius server implementation ?
Back to top
View user's profile Send private message
subzer0



Joined: 21 Jul 2009
Posts: 3
PostPosted: Tue Jul 21, 2009 7:30 pm    Post subject: Reply with quote
You're right as you know OS X does have its own RADIUS, but apparently it only works with its base stations. My infrastructure is not built on base stations.
Back to top
View user's profile Send private message
vpn_rollercoaster



Joined: 30 Aug 2008
Posts: 80
PostPosted: Tue Jul 21, 2009 8:03 pm    Post subject: Reply with quote
There is a way to proxy the radius requests to OS X Server which is separate from the base station scenario. This avoids using LDAP integration. I will test on my OS X server but if i don't reply to this post send me a PM.
Back to top
View user's profile Send private message
zevlag



Joined: 14 Jul 2009
Posts: 27
PostPosted: Tue Jul 21, 2009 10:20 pm    Post subject: Reply with quote
I have OS X Server replying to RADIUS requests from non Airport base stations, it should be able to respond to ZS as well.

I want to configure ZS to authenticate my OpenVPN users against my OS X Server RADIUS or LDAP.
Back to top
View user's profile Send private message
subzer0



Joined: 21 Jul 2009
Posts: 3
PostPosted: Wed Jul 22, 2009 8:44 pm    Post subject: Reply with quote
Well I got OS X RADIUS to do work with my Dlinks. I liked Zeroshell but I needed a fast solution. In brief:
- Create a self signed cert in OS X RADIUS (otherwise it wont start)
- Edit these files /etc/raddb/users to say this

DEFAULT Auth-Type = opendirectory
Fall-Through = 1

- Edit /etc/raddb/clients.conf
Add your AP (client) as instructed here's mine

client 10.60.300.25 {
secret = openup
shortname = Dlink (whatever you have)
nastype = other (OS X manual says you must use other if not listed)
login = admin
password = nopass
}

Restart RADIUS
Configure your AP to point to the RADIUS server and use the secret password.

That's it. All my users now need to auth using their existing OpenLDAP accounts credentials. I've created accounts for Windows users (just login accounts) and is all good. If you need further details I'll post. Like I said I like zeroshell, but it needed to fully integrate into my existing infrastructure.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Networking All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group