PDA

View Full Version : Radius Server



Nevets_Anderson
17th December 2007, 07:10 PM
Hay!

Anyone out there ever had trouble with Mac os 10.4 and Radius servers? We have 2 new intel mac minies and no matter what I do the darn things are not picking up dhcp / ip address.

Both Macs can talk to each other across a basic network but not talk to the darn radius - It's very strange!

Nevets

purana
17th December 2007, 07:13 PM
Why are you using a Radius server? These machines using wireless to a central AP that does Radius backend authentication? Only reason why I can think a radius server would be in use.

Nevets_Anderson
17th December 2007, 07:16 PM
Believe me it's not my choice! Security side of things - hangover from that whole idea that if it's not registered with a radius server you can't get it on the network...!

And to make things interesting we are not using wireless but ethernet !

purana
17th December 2007, 07:22 PM
Can't say I have seen an ethernet implementation, do tell more. How does it prompt for the authentication?

Nevets_Anderson
17th December 2007, 07:39 PM
Standard sort of thing the log shows that the thing is attempting to connect (can see the mac address etc) but it is not accepting the ip address. Tried automatic and 100 Base T manual settings even hard wiring the Ip address ... Still no love!

purana
17th December 2007, 07:55 PM
Standard sort of thing the log shows that the thing is attempting to connect (can see the mac address etc) but it is not accepting the ip address. Tried automatic and 100 Base T manual settings even hard wiring the Ip address ... Still no love!

What 802.11x settings you using as part of the ethernet advanced settings? User/System/Login Window? what authentication methods?

rickyd
17th December 2007, 08:08 PM
What is RADIUS btw? That is...in terms I can understand :p

purana
17th December 2007, 08:09 PM
What is RADIUS btw? That is...in terms I can understand :p

Please go use google and not side track the query...

Nevets_Anderson
17th December 2007, 08:24 PM
http://en.wikipedia.org/wiki/Radius_server

Ok the only sort of authentication we are using is a Mac address (like 00:10:5b:8f:de:c3) and a particular realm

After that very basic authentication

parameters, such as
The specific IP address to be assigned to the user /Machine and
The maximum length that the user may remain connected are defined.

>>802.11x is not being used as it's ethernet

I've tried automatic settings on the ethernet as well as slower (100 base T etc)

Nevets_Anderson
17th December 2007, 08:29 PM
Ok may be if I step it out this will help

1 Users Mac address is entered into the radius system and is also given a realm
2 User hooks machine up to network and starts machine radius authenticates on the Mac address
3 Radius server is also managing DHCP and assigns an ip address from a pool to the users machine

Currently via looking at the logs it's at stage 3 that things get ugly

zbaron
17th December 2007, 08:31 PM
Ok the only sort of authentication we are using is a Mac address (like 00:10:5b:8f:de:c3) and a particular realm

After that very basic authentication

>>802.11x is not being used as it's ethernet

Does that very basic authentication involve a username and password or any other credentials? 802.1x can certainly be used over ethernet. OS X 10.4 does not have dot1x integrated as well as Leopard does so might require the use of "Internet Connect". So far i've only done dot1x for wireless, but found OS X to be a very nice client compared to other platforms that only implement less than the basic minimal required EAP methods.


3 Radius server is also managing DHCP and assigns an ip address from a pool to the users machine

Currently via looking at the logs it's at stage 3 that things get ugly

In this case, the OS X machine is not getting involved in the authentication at all. The switch is communicating to the RADIUS server, getting the OK because the MAC address is known and setting it's port to the right VLAN. The OS X machine will then attempt to negotiate an IP address using vanilla DHCP not RADIUS.

Welcome to the wonderful world of NAC. :rolleyes:

Nevets_Anderson
17th December 2007, 08:41 PM
Ah ! Vlan That may be what's causing the insanity! Thanks - I'll look at that.

rickyd
17th December 2007, 09:04 PM
Please go use google and not side track the query...

Please don't be stubborn. You don't think I did that?

I know shit all about wireless stuff and was just looking for someone to explain it with simplicity.

Thanks to those who did help.

purana
17th December 2007, 09:35 PM
Please don't be stubborn. You don't think I did that?

I know shit all about wireless stuff and was just looking for someone to explain it with simplicity.

Thanks to those who did help.

If you had done what I said, you wouldn't of posted the question. Maybe you could of PM'd someone, rather then attempt to side track the topic. In any case, OP posted a link. I still cannot work out how on earth you couldn't find anything on google when the term is going to provide a number of useful links on the first page.

Jaffa
17th December 2007, 09:37 PM
Please don't be stubborn. You don't think I did that?

I know shit all about wireless stuff and was just looking for someone to explain it with simplicity.

Thanks to those who did help.

Don't worry, Purana's buttons get stuck sometimes :)

He just has to oil them and he'll be good soon :D

:cool:


If you had done what I said, you wouldn't of posted the question. Maybe you could of PM'd someone, rather then attempt to side track the topic. In any case, OP posted a link. I still cannot work out how on earth you couldn't find anything on google when the term is going to provide a number of useful links on the first page.

Don't worry Purana, some people, including myself, have a few issues we need to sort out with Google ;)

Nevets_Anderson
21st December 2007, 10:53 PM
Thanks to everyone - issue was realm / vlan related - thanks again for the help!

Linux_insidev2
22nd December 2007, 12:20 AM
Yeah, if you have any issues with RADIUS pm me, I admin a RADIUS system for WIFI auth using password challenges and also with certificates, RADIUS is a bastard but once you've got it working it's well worth it.