RADIUS Setup for OS X El Capitan – Server 5.x

Posted: February 15th, 2016 | Author: | Filed under: Open Directory, RADIUS, SSL | 2 Comments »

Quite simple to setup. First paste in the following commands.

radiusconfig -setconfig auth yes
radiusconfig -setconfig auth_badpass yes

Now install an SSL cert/key pair for your host, the built in ones are found in /etc/certificates or you followed my previous article about becoming a certificate authority and you have the certs on hand.

radiusconfig -installcerts /path/to/key /path/to/cert

Now… if you didn’t make your own CA and you’re using the built in Apple Server certs then you’ll have to do some extra magicary. First use pull an ls /etc/certificates and not the key, cert, and chain files for your host.


radiusconfig -installcerts /path/to/key.pem /path/to/cert.pem /path/to/chain.pem
radiusconfig -setcertpassword
Apple:UseCertAdmin

The last line is the ‘magic’ that I spoke of earlier.

Finally add some clients

radiusconfig -addclient other

Then start the radius server

serveradmin start radius

When I did this recently I didn’t have a way to test the server so I installed the FreeRadius server via brew.

brew install freeradius-server

And then tested the server by using radtest The binary can be found in the following directory /usr/local/Cellar/freeradius-server/3.0.9/bin

The syntax of the command is as follows:

radtest username password radius-server[:port] nas-port-number secret

Here’s an example:

radtest username password 192.168.1.1 10 secret

An Access-Accept is a passing grade!


2 Comments on “RADIUS Setup for OS X El Capitan – Server 5.x”

  1. 1 Lacy said at 10:18 pm on June 24th, 2016:

    Hi, I was looking for a way to enable radius for
    os x server 5.1.5 and found this article.
    I typed the cmd as direction,but the radius can’t work normally in my os x server 5.1.5. And I saw the logs:
    (org.freeradius.radiusd):service exited with abnormal code:1
    (org.freeradius.radiusd):service only ran for 0 seconds

    Do you know a way to resolve it?
    Waiting for your reply.

  2. 2 Barbara Wyatt said at 4:39 pm on July 25th, 2016:

    Help! I am so glad I found your page! My setup is a Mac OS server on 5.1.7 and I have Meraki network equipment. I’m trying to setup a Radius service for my wireless network. Based on your blog/tweet it should be simple. However, I can’t get past the first command. I’m told I ‘Must be root to run radiusconfig.’ This is what my terminal screen says:
    mmserver:~ mmserver$ radiusconfig -setconfig auth yes
    Must be root to run radiusconfig
    mmserver:~ mmserver$

    Please help. Thanks.


Leave a Reply