Freeradius-Users Digest, Vol 144, Issue 10
Matthew Newton
mcn4 at leicester.ac.uk
Wed Apr 5 12:16:35 CEST 2017
On Wed, Apr 05, 2017 at 08:58:02AM +0000, Peter Hutchison wrote:
> I have 2 freeradius 2.1.12 servers on Ubuntu 14.04.5 servers and
> two old freeradius 2.1.10 servers on Ubuntu 12.04.5
You're probably already aware, but they are really old, and
unsupported. If nothing else there are EAP security issues in both
those versions with available exploits.
If you can't easily upgrade to version 3 then the latest 2.2.9,
while still unsupported, is at least pretty much a drop in
replacement.
> On the old server we have the default site and eduroam configured.
OK, so eduroam is authenticating against 2.1.10.
> On the new servers we have a switches which is similar to
> default but allows authentication to our Network switches.
OK, switches against 2.1.12.
> Extra configuration is set in the authorize section for switches
> but this does not work on the new servers.
I don't follow this - you say your switches already authenticate
on your new servers?
> How does freeradius know which site file to use for
> authentication? Does it try each file in turn and in what order?
The virtual server can be set, e.g. by a virtual_server setting
in the client definition. Otherwise it will fall back to using the
default virtual server.
Really the best thing to do is to run FreeRADIUS in debug mode.
freeradius -X
(radiusd -X on non Debian-based systems)
and read the output. It can be daunting at first, but it tells you
everything the server is doing and from where in what order.
There's no better way of finding out how your config is working.
> I know that each line is read and executed in turn but is there
> some policy or conditions that need setting to tell freeradius
> Out to authorize users?
I don't understand this - the whole FreeRADIUS config is basically
policy on how and when to authenticate users.
> Is there any document links I can read?
Try at least
http://networkradius.com/doc/FreeRADIUS%20Technical%20Guide.pdf
especially chapter 4 for basic server operation, but other
concepts are explained there too.
Also the NetworkRADIUS documentation at
http://networkradius.com/doc/current/
http://networkradius.com/doc/current/raddb/sites-available/home.html
explains about virtual servers, which requests are passed through.
There's lots on the wiki. Virtual servers at
http://wiki.freeradius.org/config/Virtual-server, but otherwise
start at http://wiki.freeradius.org/Home and look at least at the
Concepts and introduction pages. The HOWTOs are also really
useful.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list