1 Reply Latest reply: Jun 29, 2012 5:51 AM by JensSkov
JensSkov Level 1 Level 1 (0 points)



I'm trying to set up a Juniper SSG-5 as a VPN gateway in front of an OSX-server.

I have configured the radius server on OSX and I can use it to authenticate my VPN-users on the SSG-5 as long as I'm using an admin user.

If I try to log in as an non-admin user (that have been added to the "Allowed users list" I get:

Fri Jun 22 11:13:08 2012 : Auth: rlm_opendirectory: User <vpntest> is authorized.

Fri Jun 22 11:13:08 2012 : Auth: rlm_opendirectory: [vpntest]: invalid password


I have tried to follow a number of guides and I have tried to ask at a freeradius forum (the just blame Apple for changing it) but I have found noone that deals with this problem.

Mac OS X (10.6.8)
  • JensSkov Level 1 Level 1 (0 points)

    Hi again...


    Now I have tried running radiusd in debug mode and I get this:



    rlm_opendirectory: The host 192.168.x.x does not have an access group.

    rlm_opendirectory: User <vpntest> is authorized.

    rlm_opendirectory: Setting Auth-Type = opendirectory

    ++[opendirectory] returns ok

    ++[expiration] returns noop

    ++[logintime] returns noop

    [pap] Found existing Auth-Type, not changing it.

    ++[pap] returns noop

    Found Auth-Type = opendirectory

    +- entering group opendirectory {...}

    rlm_opendirectory: [vpntest]: invalid password

    ++[opendirectory] returns userlock

    Failed to authenticate the user.

    Using Post-Auth-Type Reject

    +- entering group REJECT {...}


    The password IS correct and I can't figure out if the problem is within radius or opendirectory.


    As long as the user is an adsministrator he will be authenticated, but not of it's a normal user.


    Any good ideas`?