Can ZeroShell us OS X LDAP to Authenticate users?

Forums Network Management Networking Can ZeroShell us OS X LDAP to Authenticate users?

  • This topic is empty.
Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
  • #41809

    I’d like to have ZeroShell authenticate users via its RADIUS server using my existing OS X Server LDAP. Can this be done? I’ve got ZeroShell running and doing what I need it to do, but it’s main purpose is to be a RADIUS server to secure our wireless. I don’t intent to use is as an LDAP/DHCP/DNS/Firewall/…etc.

    I’ve managed to have it relay DHCP request to our dedicated DHCP server.



    Does OS X have it’s own radius server implementation ?


    You’re right as you know OS X does have its own RADIUS, but apparently it only works with its base stations. My infrastructure is not built on base stations.


    There is a way to proxy the radius requests to OS X Server which is separate from the base station scenario. This avoids using LDAP integration. I will test on my OS X server but if i don’t reply to this post send me a PM.


    I have OS X Server replying to RADIUS requests from non Airport base stations, it should be able to respond to ZS as well.

    I want to configure ZS to authenticate my OpenVPN users against my OS X Server RADIUS or LDAP.


    Well I got OS X RADIUS to do work with my Dlinks. I liked Zeroshell but I needed a fast solution. In brief:
    – Create a self signed cert in OS X RADIUS (otherwise it wont start)
    – Edit these files /etc/raddb/users to say this

    DEFAULT Auth-Type = opendirectory
    Fall-Through = 1

    – Edit /etc/raddb/clients.conf
    Add your AP (client) as instructed here’s mine

    client 10.60.300.25 {
    secret = openup
    shortname = Dlink (whatever you have)
    nastype = other (OS X manual says you must use other if not listed)
    login = admin
    password = nopass

    Restart RADIUS
    Configure your AP to point to the RADIUS server and use the secret password.

    That’s it. All my users now need to auth using their existing OpenLDAP accounts credentials. I’ve created accounts for Windows users (just login accounts) and is all good. If you need further details I’ll post. Like I said I like zeroshell, but it needed to fully integrate into my existing infrastructure.

Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.