cisco WAP/FreeRadius/OpenLDAP

Matt Arguin matt.arguin at currensee.com
Thu Oct 27 21:42:44 CEST 2011 

\hrm..i guess maybe i am getting my info crossed.  I am basically
trying to get secure wireless set up for my office.  we currently
utilize and openldap server and are trying to put cisco 1142's in
place.  my understanding, and if you tell me i took a wrong turn, i
will believe you.... is that the EAP-TLS secures the network and then
the RADIUS component authorizes  and authenticates the user .  Again,
I would believe you completely if you told me that  I was mashing
different sets of info together and coming up with my own incorrect
set.

-m

On Thu, Oct 27, 2011 at 3:01 PM,
<freeradius-users-request at lists.freeradius.org> wrote:
> Send Freeradius-Users mailing list submissions to
>        freeradius-users at lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
>        freeradius-users-request at lists.freeradius.org
>
> You can reach the person managing the list at
>        freeradius-users-owner at lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
>   1. Custom MySQL Queries (JennyBlunt)
>   2. RES: FreeRadius + MySQL | radacct: Errors and Warnings
>      (Daniel Menezes)
>   3. Failed to load module "jradius" (Travis Dimmig)
>   4. Re: Failed to load module "jradius" (Alan DeKok)
>   5. RE: Failed to load module "jradius" (Travis Dimmig)
>   6. Re: cisco WAP/FreeRadius/OpenLDAP (Alan DeKok)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 27 Oct 2011 10:37:28 -0700 (PDT)
> From: JennyBlunt <jennyshoehorn at me.com>
> Subject: Custom MySQL Queries
> To: freeradius-users at lists.freeradius.org
> Message-ID: <1319737048193-4943692.post at n5.nabble.com>
> Content-Type: text/plain; charset=us-ascii
>
> Hello
>
> What's the best approach regarding custom mysql queries? I'd like to check
> if a user is blocked whilst authorising..
>
> Have tried to add something like this to my dictionary file:
>
> ATTRIBUTE       User-Disabled-Attr      3002    integer
>
> And then putting a 1 / 0 in to radcheck against the user.
>
> What's the best way to do this kind of request? Is it better to write a
> lookup somewhere else?
>
> Thanks
>
> J
>
> --
> View this message in context: http://freeradius.1045715.n5.nabble.com/Custom-MySQL-Queries-tp4943692p4943692.html
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 27 Oct 2011 15:55:18 -0200
> From: "Daniel Menezes" <listas at dmnzs.com.br>
> Subject: RES: FreeRadius + MySQL | radacct: Errors and Warnings
> To: "'FreeRadius users mailing list'"
>        <freeradius-users at lists.freeradius.org>
> Message-ID: <02ce01cc94d1$96c37790$c44a66b0$@com.br>
> Content-Type: text/plain;       charset="us-ascii"
>
> Fajar,
>
>> So you mean radutmp was the root cause of your problem?
>
> I don't know, but it's better now. =)
>
>> What does FR log says? Does it say it recives duplicate or conflicting
> packets?
>> If yes, then the db is still slow. You still need to fix it. If not,
>> then the problem might be somewhere else (e.g. congested network
>> causing dropped packets)
>
> This is strange!
> When starting radius in debug mode I don't see any error, in normal mode
> duplicate or conflicting packages have disappeared.
> Always the statistics in MikroTik shows 2, 4 resends and timeouts .. a few.
>
> I'll try other ways, first, change the DB engine.
> Tomorrow i'll write about.
>
> Thanks.
>
>
> Sds,
>
> ---
> Daniel Menezes
>
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Thu, 27 Oct 2011 18:28:36 +0000
> From: Travis Dimmig <tdimmig at impulse.com>
> Subject: Failed to load module "jradius"
> To: FreeRadius users mailing list
>        <freeradius-users at lists.freeradius.org>
> Message-ID:
>        <2ECC69012853FB42A8ADABA5EB3B4B800C9D15CD at DSM-Mail01.dsm.net>
> Content-Type: text/plain; charset="us-ascii"
>
> I don't seem to be able to get freeRadius to load the "jradius" module.  My steps are as follows:
>
> wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.1.12.tar.gz
> tar -xzvf freeradius-server-2.1.12.tar.gz
> cd freeradius-server-2.1.12
> echo "rlm_jradius" >> src/modules/stable
> ./configure && make && make install
> cp src/modules/rlm_jradius/jradius./conf /usr/local/etc/raddb
>
> I configure jradius.conf to point to my JRadius server, and add jradius to the accounting section of sites-enabled.
> "radiusd -X" gives:
> /usr/local/etc/raddb/sites-enabled/default[443]: Failed to load module "jradius".
> /usr/local/etc/raddb/sites-enabled/default[378]: Errors parsing accounting section.
>
> I have verified that the jradius libraries have been compiled and installed /usr/local/lib.
>
> I've managed to comile freeRadius with the jradius module before just fine.....not sure what the problem is now.  Any help would be greatly appreciated.
>
> Travis Dimmig
> Software Development Specialist
> Impulse Point
> www.impulse.com<http://www.impulse.com>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20111027/66f79dc6/attachment.html>
>
> ------------------------------
>
> Message: 4
> Date: Thu, 27 Oct 2011 21:00:00 +0200
> From: Alan DeKok <aland at deployingradius.com>
> Subject: Re: Failed to load module "jradius"
> To: FreeRadius users mailing list
>        <freeradius-users at lists.freeradius.org>
> Message-ID: <4EA9AA30.3020202 at deployingradius.com>
> Content-Type: text/plain; charset=UTF-8
>
> Travis Dimmig wrote:
>> I don?t seem to be able to get freeRadius to load the ?jradius? module.
>> My steps are as follows:
>>...
>> ?radiusd ?X? gives:
>>
>> /usr/local/etc/raddb/sites-enabled/default[443]: Failed to load module
>> "jradius".
>
>  It should give more than that.  Look at the *previous* lines to see
> the real cause of the problem.
>
>  Alan DeKok.
>
>
> ------------------------------
>
> Message: 5
> Date: Thu, 27 Oct 2011 18:59:33 +0000
> From: Travis Dimmig <tdimmig at impulse.com>
> Subject: RE: Failed to load module "jradius"
> To: FreeRadius users mailing list
>        <freeradius-users at lists.freeradius.org>
> Message-ID:
>        <2ECC69012853FB42A8ADABA5EB3B4B800C9D1616 at DSM-Mail01.dsm.net>
> Content-Type: text/plain; charset="us-ascii"
>
> Figured it out.  The jradius.conf needs to be in /usr/local/etc/raddb/modules.  I swear it used to be one directory up...  Anyway, I don't know if it's the freeRadius team or the JRadius team that maintains this plugin, but the config file is not automatically copied into the "modules" directory even when freeRadius is compiled with jradius support.
>
>
> Travis
>
> From: freeradius-users-bounces+tdimmig=impulse.com at lists.freeradius.org [mailto:freeradius-users-bounces+tdimmig=impulse.com at lists.freeradius.org] On Behalf Of Travis Dimmig
> Sent: Thursday, October 27, 2011 2:29 PM
> To: FreeRadius users mailing list
> Subject: Failed to load module "jradius"
>
> I don't seem to be able to get freeRadius to load the "jradius" module.  My steps are as follows:
>
> wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.1.12.tar.gz
> tar -xzvf freeradius-server-2.1.12.tar.gz
> cd freeradius-server-2.1.12
> echo "rlm_jradius" >> src/modules/stable
> ./configure && make && make install
> cp src/modules/rlm_jradius/jradius./conf /usr/local/etc/raddb
>
> I configure jradius.conf to point to my JRadius server, and add jradius to the accounting section of sites-enabled.
> "radiusd -X" gives:
> /usr/local/etc/raddb/sites-enabled/default[443]: Failed to load module "jradius".
> /usr/local/etc/raddb/sites-enabled/default[378]: Errors parsing accounting section.
>
> I have verified that the jradius libraries have been compiled and installed /usr/local/lib.
>
> I've managed to comile freeRadius with the jradius module before just fine.....not sure what the problem is now.  Any help would be greatly appreciated.
>
> Travis Dimmig
> Software Development Specialist
> Impulse Point
> www.impulse.com<http://www.impulse.com>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20111027/392fa3ba/attachment.html>
>
> ------------------------------
>
> Message: 6
> Date: Thu, 27 Oct 2011 21:01:21 +0200
> From: Alan DeKok <aland at deployingradius.com>
> Subject: Re: cisco WAP/FreeRadius/OpenLDAP
> To: FreeRadius users mailing list
>        <freeradius-users at lists.freeradius.org>
> Message-ID: <4EA9AA81.50601 at deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Matt Arguin wrote:
>>   having trouble setting up my RADIUS(FreeRADIUS Version 2.1.7) to
>> auth to my openldap server (openldap-2.3.43-12.el5_6.7) on CentOS 5.5.
>>
>> i am trying to configure EAP-TLS
>
>  Then you don't need LDAP.  EAP-TLS does authentication based on client
> certificates.  It doesn't use passwords.
>
>  Why are you using EAP-TLS && LDAP?  What do you expect it to do?
>
>  Alan DeKok.
>
>
> ------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
> End of Freeradius-Users Digest, Vol 78, Issue 124
> *************************************************
>



--
This email and any files transmitted with it are confidential and
intended solely for the addressee.  If you received this email in
error, please do not disclose the contents to anyone; kindly notify
the sender by return email and delete this email and any attachments
from your system.

© 2011 Currensee Inc. is a member of the National Futures Association
(NFA) Member ID 0403251 | Over the counter retail foreign currency
(Forex) trading may involve significant risk of loss. It is not
suitable for all investors and you should make sure you understand the
risks involved before trading and seek independent advice if
necessary. Performance, strategies and charts shown are not
necessarily predictive of any particular result and past performance
is no indication of future results. Investor returns may vary from
Trade Leader returns based on slippage, fees, broker spreads,
volatility or other market conditions.

Currensee Inc | 54 Canal St 4th Floor | Boston, MA 02114 | +1.617.624.3824

More information about the Freeradius-Users mailing list