How to add third-party devices in Mac OS X Radius server


So you want to use Open Directory authentication on your third-party wireless router with WPA2-Enterprise method using Mac OS X radius server?

Piece of cake.

Server Admin makes it easy to add Apple base stations to authenticate against Open Directory using RADIUS.  But adding third-party devices requires you to edit the radius configuration file. I have tested this on Mac OS X Server 10.5, but should work on 10.6 and later as well.

What is RADIUS and why do I need it?

Remote Authentication Dial-In User Service (RADIUS) is a well-known and heavily-used protocol, most often associated with managed switches, routers, modem pools, and other network devices.  On embedded systems like these, RADIUS is almost always available as a centralized authentication option.  RADIUS provides three important components to your network:  Authentication, Authorization, and Accounting.

Centralized authentication and authorization also allows for accounting.  You can see where your employees are accessing your network and when they did it.  Industry compliance requirements often dictate you need to be in control of this information.

So how do I get my devices talking to my RADIUS server? 


  1. Assuming your Radius server is all set up, i.e., already connected to your Open Directory server and with proper Certificates installed, open Terminal.
  2. Backup the file first:
  3. Edit the file clients.conf config file
  4. Append the following scripts according to your needs:
    Where:
    remotehostip = is the IP address of your wireless router
    secret = this is the password to use for communicating from your radius server to your wireless router
    shortname = this is the SSID name of your wireless router
  5. Restart Radius Service using Server Admin.
  6. Supply the secret password and your radius server IP into your wireless router.

Powered by Blogger.