Alan, I don't know what your capacity in freeradius, but I sure hope this product is comparable to steel belt or Cisco's ACS, which are very costly. Abstract I'm not a hacker, and have not used free software in this capacity before. I'm spoiled in using purchased software, which uses GUIs all the time. So my expectations are little different. While six years working with Sun Microsystems, I kept hearing all the time difficulty was the nature of Solaris, and Unix. The most elegant OS, Solaris, unfortunately did not go any where, and Sun went under. Why? Because it was not user friendly. You read man pages written by developers at 3:00 AM in the morning and expect to make sense out of them. Unfortunately, man pages have not improved at all. They still lack examples .etc. Freeradius is not an exception. The documentation is not user friendly at all. Document problems: Here is an example excerpt from a page on the web: CLIENTS Make sure the clients (portmasters, Linux with portslave etc) are set up to use the host FreeRADIUS is running on as authentication and accounting host. Configure these clients to use a "radius secret password". For every client, also enter this "secret password" into the file /etc/raddb/clients.conf Allow me to tell you where my confusion is: 1-The "clients" becomes confusing, when I see portmasters .etc. Is this meant the users who want to get access through a NAS or AP? 2-The "host" here meant to be the server? Why is it called host? 3-The "radius secret password" is defined again as "secret password" and "shared secret", all these meant PSK (preshared key). Why is it not called so? Instead of adding many different words for the same definition. See I'm an engineer; definitions are critical to my understanding, and subtle differences can throw me off. May be I'm too meticulous. 4-I looked up the "secret password" in the clients.conf, it was defined as "shared secret". All this confusion could have been eliminated by just using PSK (PreShared Key). 5-Please take a look at this paragraph from the same file: # # You can now specify one secret for a network of clients. # When a client request comes in, the BEST match is chosen. # i.e. The entry from the smallest possible network. # #client 192.168.0.0/24 { # secret = testing123-1 # shortname = private-network-1 #} 1-The above tells me, every user will have to be entered into Radius with a user and password, which is obvious, but why the IP address has to be as part of this context? A user would use DHCP so this cannot be used. 2- The shortname is confusing, when a user login, all he/she has is name not a FQDN. When I saw this, first thing came to mind that this clients.conf file is not for my set up, but I used it any way. Adding to all this confusion is the file /etc/raddb/users which seems to be used for something, but it's not on the wiki, or at least not in a conspicuous spot. It took me quite some time to find out which platform I should have used. What's in the wiki is vague, not specific to specific versions. And what packages of freeradious I should have installed. Till Tim clarified this for me, I was at loss and frustrated. You have to understand, this is free software, compatibility, and interoperability is at a big question; I don't have the time test every OS to find out which one is good, soso, or even bad. It should have been stated clearly in the wiki under "operating systems", and which version of each OS you have tested. Take a look at this paragraph which clearly proves my point. The link under "several versions of Linux" would not bring up a page. And in the same page, all OSes listed have links to download the softwar, which is convenient, but did not tell me, what is there has been tested. Snippett from the wiki ------------------ Porting to other unix-like platforms should be easy. Due to the limited resources of the FreeRADIUS development team, we are not able to test each version on all platforms before release. In general we test on several versions of Linux and Solaris and FreeBSD appears to also be a popular deployment platform for our users so we hear about any issues on those platforms quickly. The website is not helpful in this too: You start with http://freeradius.org/list/users.html Click on the wiki tab Click on configuration: once you're there you would see a different configuration file than the one you mailed me (http://wiki.freeradius.org/CONFIGURATION_FILES), where is that one and how you get to it from the home page beats me. A picture is worth a thousand words. Network topologies, samples of clients.conf and radiusd.conf with various features from basic to complex security configuration can be downladed and used would save a lot time and confusion. If there is such samples, you would not hear from me. I hope this helps. Rgrds, Alex -----Original Message----- From: freeradius-users-bounces+alexbahoor=sbcglobal.net@lists.freeradius.org [mailto:freeradius-users-bounces+alexbahoor=sbcglobal.net@lists.freeradius.o rg] On Behalf Of Alan Buxey Sent: Thursday, December 10, 2009 3:18 PM To: FreeRadius users mailing list Subject: Re: Testing radius server Hi,
I had enough of this.
what? free support pointing out the same suggestions and help every time? just a _little_ bit of reading would have informed you of the basics...but I think there _could_ be issues and am open to suggestions to fix the docs/guides for newcomers (and I've used all the alternatives to FreeRADIUS so know what you face on those platforms) so - please point out the weaknesses that you faced alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __________ Information from ESET NOD32 Antivirus, version of virus signature database 4677 (20091210) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ Information from ESET NOD32 Antivirus, version of virus signature database 4677 (20091210) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com