Help in moving FR1.x to 3.x EAP-TLS setup.

Gregory Sloop gregs at sloop.net
Thu May 30 00:44:50 CEST 2019


AD>   It's not that more complex.  Configure the server / CA
AD> certificate as described in the web page.  Issue a client
AD> certificate using the CA.  It *will* work.

AD>   If you use eapol_test as described in that page, it's simple to
AD> add client configurations for EAP-TLS.  In v3, sample
AD> configuration for eapol_test are in src/tests/eap*.conf

I don't see any of that ^^^ in Ubuntu.

I'm puzzled. Perhaps FR3 from sources is way different than FR3 in Ubuntu 18.04 - but I'm pretty sure you'll need an eap[.conf] cofigured in the /mods-available and linked in the /mods-enabled directory to make this work.

Thus, you can't just create a CA/Cert/Key and EAP-TLS 'just works' as per http://deployingradius.com/documents/configuration/eap.html - at least not with Ubuntu.

I'm fine with having to configure eap, but at least on Ubuntu it won't work unless you configure EAP and put a link [or the actual config] in 
/etc/freeradius/3.0/mods-enabled. 

Probably I'll try to work up a how-to for Ubuntu 18.04 - since the WPA-Enterprise/Radius howto on the wiki is at least 10 years old, and doesn't reflect the realities of 2.x or 3.x, or anything newer than Windows XP. 

I stand a few of these up, perhaps every 10 years or the like - so I'm never going to become a FR guru. Having something modestly straight-forward, without having to wade through a bunch of documentation would be helpful.

-Greg


More information about the Freeradius-Users mailing list