Thank you for any consideration of this issue in advance. Essentially I, and several others on Apple's Server forum, are looking to get a Cisco ASA to authenticate VPN users against a Mac 10.6 Server (free)RADIUS. Can anyone offer setup suggestion to a modestly skilled user on a standard Apple installation? We tested the following setup procedure on a test 10.6.x server, the "radtest" did not work.
The set up we use currently was done as follows to give an idea of what we have figured out in the past : OSX Server 10.5.4 Cisco ASA 5510 In Server Admin > Radius: I did not use the setup helper. Select a certificate to use for radius manually. Start Radius Edit etc/raddb/users change DEFAULT Auth-Type = System to DEFAULT = opendirectory Restart Radius Test to see if it is working by issuing on the server sudo radtest usernameinOD userpasswordinOD localhost 0 testing123 If this is working you will get back some type of "accepted" message Edit etc/raddb/clients.conf Add Cisco ASA as client, read the comments in the file they are very clear and helpful. Take one of the sample clients, copy the sample and add appropriate settings for your ASA and uncomment the lines so that they are executed : IP address shared secret/key short/common name. File says that there are some optional items. I did not set any of them. On the ASA Go to the AAA settings. As appropriate, set up an authentication server using radius, at your RADIUS server IP using the shared key as expected and the shortname from the RADIUS setup as the common key in the ASA. Our ASA gave the option to test, put in a user who is in the OD RADIUS authorized group and as long as the test came back positive that server could now be used to authenticate the numerous things it can be assigned to. Thanks again for your consideration. -Erich Wetzel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
