RADIUS on 10.7.4 Server
Have had a great week setting up a Lion Server using the Lynda.com How to. Great tool! Especially the Cert buying/signing/installing module. Outstanding teacher.
There have been a few glitches, though, one resolved yesterday, the other today, but the other still plagues me.
First was NAT forwarding to default host on the AEB. In the tutorial it suggests that this is turned on and routed to the correct host with the Server app - maybe in the tutorial (which used the Airport Utility5X) - but this install ha(d) only AU 6, which apparently doesn't talk to server that well. And may be the root cause of all problems here, I may add.
Solved that one whilst clicking through the AEB config with the Airport Utility 5.6 for Lion. Strongly recommended. 6 is not yet ready for prime time. Now my test users can get to profile manager from elsewhere on the outside world. Cool.
Second was VPN on iOS. Turns out that I had only enabled L2TP when rolling out the profile to my test users. Test Mac had no problem with this and setup correctly; test iOS (pad and phone) installed correctly and authenticated the certs but would fail VPN.
Changed the Server to L2TP/PPTP - rolled out new profles to iOS - now iOS connects VPN as advertised.
Thirdly though is RADIUS on the AEB - tech docs (and the tutorial) all suggest that "throwing one switch" in Server App and a base station restart is all that is needed. Not quite - doing so does different things on Mac or iOS, but both are fails. I should add that network is fine and routes perfectly to clients using WPA2 Personal. This is only a problem with RADIUS and WPA2 Enterprise.
On both- connecting to network brings up proper credential dialog (name/pw).
On the Mac it authenticates in a snap, but fails to connect the device to the network (self assigned IP, no dns, no router).
On iOS it times out after 30 seconds.
Both get the following lines in logs-
Error: Ignoring request to authentication address * port 1812 from unknown client 75.140.XX.XX port 33978
(75.140.XX.XX is the AEB).
Hmm. Started looking in most obvious places (for me anyway)
I checked access for RADIUS using Server Admin app - it was set to Allow all users and groups. For giggles I set it to just the test user and stopped / started service, tried again, same result. Set it back to default (all).
A technote (sorry-not sure which- I've been through a herd) suggested that I should have iPV6 set to Tunnel, to allow Lion Server to correctly manage an AEB. It's on the default Local Link Only, so I changed that to Tunnel, restarted AEB, start/stop service, try again, no dice. For even more giggles set it to Host, then Router, same song and dance, same result.
I'm convinced that the problem lies somewhere in the AEB settings. But not having setup RADIUS before I'm not sure what good looks like. The NAT problem was a fast solve and face/palm, but this one has me wandering around in circles; it's not the one click solution I'm seeing in all the tech notes and tutorials.
Any help would be totaly appreciated.
HW: 2010 Quad Core Xeon, 32 gigs RAM, Server 10.7.4, AEB Fifth Gen. Services (at this point) - DNS, ODS, File Sharing (AFP, SAMBA and WebDAV), Profile Manager, VPN and hopefully RADIUS). DNS is fully qualified and certs are all a nice healthy green. 🙂
Thanks!
Tony
Mac Pro, Mac OS X (10.7.4), Server