snan4love wrote:
Thank you very much for opening this topic. I have worked on FreeRadius for almost 2 monthes,my purpose is to set up a Radius server which could be used for authentication , authority and accounting for my WLAN.
That should be pretty straightforward.
Right now, I "guess" i have finished the "Authentication Step". I installed the Radius server + MySQL on my FC 14 host,there is a client AP connect to this radius server, the users hold Windows XP laptop could get authentication from radius server via PEAP or EAP-TLS. Here is a first little problem.Right now i could add and delete user in the radcheck table of MySQL,but all the passwords were stored in cleartext?is this the only way to store this password? is it safe enough?is it could be store in the format of ****** like what we set in the wpa-psk mode?
You will need to store the passwords in cleartext. It really is the best way.
Most Seriously, I am confused how to implement the "Authority Step" and "Accounting Step".
Not "authority", but "authorization".
For the "Authority Step",in my thought, I should create several different GROUPs, each GROUP has different authority,and then divide the users into different GROUPs and get different authority. Is that correct?
For "authorization", yes.
For the "Accounting Step",i used DaloRadius,but found out there are few help for this web base management system online, and the MANUAL will cost $250.And also the additional mySQL tables makes me more confused.
Why? What is confusing about them? Ask a question. Saying "I'm confused" means we don't know how to help you. The documentation exists, and should be clear. See doc/rlm_sql, among others. Alan DeKok.