Quite simple to setup. First paste in the following commands.



radiusconfig -setconfig auth yes

radiusconfig -setconfig auth_badpass yes



Now install an SSL cert/key pair for your host, the built in ones are found in /etc/certificates or you followed my previous article about becoming a certificate authority and you have the certs on hand.



radiusconfig -installcerts /path/to/key /path/to/cert



Now… if you didn’t make your own CA and you’re using the built in Apple Server certs then you’ll have to do some extra magicary. First use pull an ls /etc/certificates and not the key, cert, and chain files for your host.



radiusconfig -installcerts /path/to/key.pem /path/to/cert.pem /path/to/chain.pem

radiusconfig -setcertpassword

Apple:UseCertAdmin



The last line is the ‘magic’ that I spoke of earlier.

Finally add some clients



radiusconfig -addclient other



Then start the radius server



serveradmin start radius



When I did this recently I didn’t have a way to test the server so I installed the FreeRadius server via brew.

brew install freeradius-server

And then tested the server by using radtest The binary can be found in the following directory /usr/local/Cellar/freeradius-server/3.0.9/bin

The syntax of the command is as follows:



radtest username password radius-server[:port] nas-port-number secret



Here’s an example:



radtest username password 192.168.1.1 10 secret



An Access-Accept is a passing grade!