• Synology

    Install the RADIUS Server on a Synology

    Don’t let the name fool you, RADIUS, or Remote Authentication Dial-In User Service is more widely used today than ever before. This protocol enables remote access to servers and networks and is frequently a fundamental building block of VPNs, wireless networks and other high-security services that have nothing to do with dialup bulletin boards from the 80s.  I’ve run RADIUS services on Mac servers for years. But as that code starts to become stale and no longer supported, let’s look at running a basic RADIUS service on a network appliance, such as a Synology. To get started, open Package Manager, click All in the sidebar and then search for RADIUS. Click Install for…

  • Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment,  Network Infrastructure

    Set Up The VPN Server and Client on Yosemite Server

    OS X Server has long had a VPN service that can be run. The server is capable of running the two most commonly used VPN protocols: PPTP and L2TP. The L2TP protocol is always in use, but the server can run both concurrently. You should use L2TP when at all possible. Sure, “All the great themes have been used up and turned into theme parks.” But security is a theme that it never hurts to keep in the forefront of your mind. If you were thinking of exposing the other services in Yosemite Server to the Internet without having users connect to a VPN service then you should think again,…

  • Mac OS X,  Mac OS X Server

    10 Features I Miss From Mountain Lion & Mountain Lion Server

    Apple’s not going to slow down innovation just to make me happy. I get that. But what have I noticed most about the differences between Mountain Lion and Mountain Lion Server and their predecessors, and maybe what to do to get some of them back? Podcast Producer: I am going to just put it out there. I liked Podcast Producer. I hope it shows back up in the future, even though I’m controlling my expectations. As someone who deals with a lot of video, there are a number of features that were really helpful to me, with or without Xgrid. I’ve replaced the command line aspects with tools such as…

  • Mac OS X Server,  Mac Security

    Finishing RADIUS Kbase Article for AAPL

    Troubleshooting radius is a crappy task. But crappy articles don’t help: http://support.apple.com/kb/HT3929 To be more specific, the debug mode flag is -X (not sure why that was so hard). In that case it’s doing single server mode and the process cannot fork. You can also do the lowercase, -x (which is part of -X), or -xx for further granularity. In order to set the launchd item to debug mode you would therefore find the /System/Library/LaunchDaemons/org.freeradius.radiusd.plist file (only created once you’ve fired up RADIUS btw). From here, locate the array for invoking the command: <string>/usr/sbin/radiusd</string> <string>-sf</string> Change the -sf to either a -X or add an x or two in there…

  • Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Basic pkcs12 Management with security

    Recently, I did an article for afp548.com where I explained that you can import a pkcs12 file into an 802.1x profile using networksetup. In that type of environment you would be leveraging TLS or TTLS with the Mac OS X client acting as the supplicant and the certificate required to establish authentication with the authenticator. So you need the certificate to get started, but how do you get the pkcs12 and dish it out to clients programatically? We’re going to start out with a new keychain where we’ve imported the certificate into that keychain (or skip this step if you already have a p12 file). First, find the certificate and…

  • Mac OS X Server,  Mac Security

    Mac OS X Server 10.5: Introduction to RADIUS

    I originally posted this at http://www.318.com/TechJournal Remote Authentication Dial In User Service (RADIUS) can help to take the security of your wireless network to the next level beyond standard WPA authentication. Prior to Leopard RADIUS communications could be obtained using Elektron or OpenRADIUS running on OS X – but in Leopard no 3rd party software is required beyond Leopard Server. So how difficult is it to setup RADIUS on Leopard? You be the judge after reading this quick walkthrough. For the purpose of this walkthrough we are going to assume that you are using the Advanced Mac OS X Server style. Before you begin this walkthrough, make sure that the…