Setting up FreeRADIUS accounting with IP address logging
A.L.M.Buxey at lboro.ac.uk
Sun Apr 15 17:16:26 CEST 2012
>I'm setting up wifi internet in my student dorm (90 people) and thought wpa2 enterprise with FreeRADIUS (version 2.1.8 running on Ubuntu) would be a good solution, together with the >incredibly stable Linksys WRT54GL and dd-wrt. There are a few problems I cannot figure out though:
i'd advise that you run the latest version before doing anything else.
>1. How to set up plain-text accounting.
>I saw in the configuration that the log directory is set to /var/log/freeradius/radacct so I created the directory and made writable (777 to be sure) but alas, there are no logs.
accounting required your NAS (your linksys boxes with dd-wrt) to actually send accounting packets. you should still
get authentication logs in the /var/log/freeradius directory (when you dont run in debug mode!)
>2. How to get freeRADIUS to work with a DHCP server.
>I'm not asking about the experimental built-in DHCP server, as it seems very limited, but is it possible to somehow log the IP addresses that each user is assigned? We need to know >who was using a certain IP address at a certain time.
accounting will show IP addresss versus MAC address..... however, to use a DHCP server just ensure that the network that
people are dropped onto after authorization/authentication has a DHCP listener on it to hand out addresses. your Linux box
could have an interface on the client network and be handing out IP addresses via ISC DHCPD for example. you could
always take the syslog of the DHCP server pumped across the net to syslogNG on your linux box too - with
some local scripts you can tie things together like that too
>3. How to connect using Windows.
>It's dead simple to connect to the network with linux, mac and smartphones but for Windows it seems impossible to find the right combination of settings. I haven't googled this issue so >much, so maybe there's a simple answer. Also, it's a later problem.
? just choose PEAP, ensure that you are NOT using the windows loging username/password (unless you have access to eg active directory).
check the certificate, validate the CA... if you search for eg 'eduroam windows' you'll find hundreds of academic sites that use 802.1X with Windows
- just look at their step by step instructions...and IGNORE those that say dont check the cert/CA (!)
>P.S. I have attached the radiusd.conf file at the end. I haven't changed much though.
radiusd -X is the only thing of use on the ML
More information about the Freeradius-Users