Glad to see you're still online.

OS X server uses openLDAP. FreeRadius is fairly popular. OpenRadius exists and is rumoured to be part of OS X Server 10.5. Before Architecture made to decision to transfer our servers and network to IST, my idea was to allow the use of an OS X server running OpenRadius for 802.1x switch port and login authentication. The goal was to provide the ability to distinguish between Architecture users, Guests, and UofM users on Architecture's wired and wireless network.

I was able to extend the NDS schema to account for OS X users. Roaming profiles worked. Wireless authentication to OS X server using Radius and EAP-TLS/TTLS works.

I believe it's possible to (without modifying the IST NDS schema) to use OS X Server as the "master" authentication server to authenticate your users and to pass off unknown users to NDS via LDAP to authenticate non-local users.

I had hoped that in conjunction with my automated Nessus scanning and SNMP monitoring of all network ports and devices, the authentication with Radius would have provided entensive security and logging for the Architecture wired and wireless network. Nessus can also detect some usage of rogue APs.

Perhaps someone can continue exploring OS X server and its authentication options?

Tony ================================

On Thu, 7 Jun 2007, Mark Rogers wrote:

This looks very interesting.

http://www.macdevcenter.com/pub/a/mac/2007/06/01/discover-the-power- of-open-directory.html

Mark

Mark Rogers

www: http://web.mac.com/mark_rogers msn: mark underscore rogers at mac dot com