cjanis · August 29, 2015 14:06
diff --git a/gistfile1.sh b/gistfile1.sh
 # turn on sudo
 sudo su
 # enter admin user password

 # create the SACL for access to RADIUS
 dseditgroup -q -o create -u <admin user> -n . com.apple.access_radius

 # configure radiusd to log both successful and failed authentications
 radiusconfig -setconfig auth yes
 radiusconfig -setconfig auth_badpass yes
 radiusconfig -setconfig auth_goodpass yes

 # configure rotation of logs and accounting data - maximum 30 files kept
 radiusconfig -autorotatelog on -n 30

 # add a RADIUS authenticator with a specific IP/host (if you're using Airport routers, be sure to set a static IP for your server, and be sure to set a static IP address for your routers as well) and shortname
 radiusconfig -addclient <IP/host> <shortname> other

 # create/export certificate identity (create a certificate by using Certificate Assistant -> Create a certificate)
 -- In Keychain Access, export both your certificate and private key to a .p12 file. Note the export password.

 # split your .p12 identity into separate certificate and private key with no encryption
 openssl pkcs12 -in /Users/admin/Desktop/Identity.p12 -out /etc/raddb/certs/server.key -nodes -nocerts
 openssl pkcs12 -in /Users/admin/Desktop/Identity.p12 -out /etc/raddb/certs/server.crt -nodes -nokeys

 # install the certificate and key into the radiusd configuration files
 radiusconfig -installcerts /etc/raddb/certs/server.key /etc/raddb/certs/server.crt

 # test run radiusd with a debug flag. you should see "Ready to process requests."
 radiusd -X

 # when ready, kill radiusd with Control-C, and use radiusconfig to start RADIUS properly
 radiusconfig -start

 # make the RADIUS logs accessible to read
 chmod -R 775 /private/var/log/radius

 # users in the group com.apple.access_radius should now be able to authenticate and be authorized for access on the authenticators you have configured

 # add new users in server manager, be sure to give them access to com.apple.access_radius, after adding users stop and restart radius server

 # view logs in finder
 open /private/var/log/radius
	# turn on sudo
	sudo su
	# enter admin user password

	# create the SACL for access to RADIUS
	dseditgroup -q -o create -u <admin user> -n . com.apple.access_radius

	# configure radiusd to log both successful and failed authentications
	radiusconfig -setconfig auth yes
	radiusconfig -setconfig auth_badpass yes
	radiusconfig -setconfig auth_goodpass yes

	# configure rotation of logs and accounting data - maximum 30 files kept
	radiusconfig -autorotatelog on -n 30

	# add a RADIUS authenticator with a specific IP/host (if you're using Airport routers, be sure to set a static IP for your server, and be sure to set a static IP address for your routers as well) and shortname
	radiusconfig -addclient <IP/host> <shortname> other

	# create/export certificate identity (create a certificate by using Certificate Assistant -> Create a certificate)
	-- In Keychain Access, export both your certificate and private key to a .p12 file. Note the export password.

	# split your .p12 identity into separate certificate and private key with no encryption
	openssl pkcs12 -in /Users/admin/Desktop/Identity.p12 -out /etc/raddb/certs/server.key -nodes -nocerts
	openssl pkcs12 -in /Users/admin/Desktop/Identity.p12 -out /etc/raddb/certs/server.crt -nodes -nokeys

	# install the certificate and key into the radiusd configuration files
	radiusconfig -installcerts /etc/raddb/certs/server.key /etc/raddb/certs/server.crt

	# test run radiusd with a debug flag. you should see "Ready to process requests."
	radiusd -X

	# when ready, kill radiusd with Control-C, and use radiusconfig to start RADIUS properly
	radiusconfig -start

	# make the RADIUS logs accessible to read
	chmod -R 775 /private/var/log/radius

	# users in the group com.apple.access_radius should now be able to authenticate and be authorized for access on the authenticators you have configured

	# add new users in server manager, be sure to give them access to com.apple.access_radius, after adding users stop and restart radius server

	# view logs in finder
	open /private/var/log/radius