OS X Server can provide Remote Authentication Dial In User Service (RADIUS) for your AirPort Extreme Base Station (802.11n) or Time Capsule. RADIUS keeps your wireless network secure by making sure it’s used only by authorized users.
RADIUS can only be enabled on AirPort Extreme Base Stations or Time Capsules that are configured as wireless access points (WAPs) in Bridge Mode. There must be a wired connection between the Base Station and the computer running OS X Server.
With RADIUS, users log in to your wireless network by entering the name and password of a user account on your server. They can’t log in to your wireless network with the Wi-Fi network password, which is configured on the AirPort Extreme Base Station or Time Capsule. Without RADIUS, anonymous users who learn your Wi-Fi network password can log in to your wireless network.
When a user tries to access the wireless network of an AirPort Extreme Base Station or a Time Capsule, the device communicates with RADIUS on your server using Extensible Authentication Protocol (EAP) to authenticate and authorize the user. Users are given access to the network if their user credentials are valid and they’re authorized to use the AirPort Extreme Base Station or Time Capsule. Unauthorized users can’t access the network through the AirPort Extreme Base Station or Time Capsule.
You turn on RADIUS for OS X Server by selecting your Apple wireless device in the Server app sidebar and selecting “Require user name and password login over Wi-Fi.” The Server app starts RADIUS on your server, registers the selected Apple wireless device with RADIUS, and authorizes all user accounts on the server to access your wireless network.