On Tue, Feb 28, 2012 at 2:34 PM, Mohit Aron <extproxy@gmail.com> wrote:
Hello,
I'm using the freeradius 2.10 server that comes with Ubuntu 11.10. I'm unable to set it up so as to authenticate incoming requests from the Unix username/passwords stored in /etc/{passwd, shadow}.
Here is a description of my setup. I've setup wifi security on my wireless router to WPA-Enterprise and entered the IP address of the radius server in the router to that of a Linux machine running freeradius.
Here's a description of all the changes I made to /etc/freeradius directory to even reach the point to make it partially work: 1) chown -R freerad /etc/freeradius The above is needed as Ubuntu seems to install every file there as root and thus the freeradius server which runs as user freerad isn't able to read the configuration files.
You shouldn't need to do that. The files should have freerad group ownership (at least it does last time I look on Natty), so freerad user will be able to read it. Did you test it and it didn't work, or did you THINK it wouldn't work so you do a chown manually? If it's the first, file a bug on launchpad, cause it's packaging bug. If it's the later, try with a fresh install.
I've tried using both Windows 7 as well as an iPad as a client to connect using wifi.
IIRC Windows will use EAP-PEAP-MSCHAPv2, which requires cleartext-password (or NT-Hash, or accounts stored in AD). Linux passwords in /etc/shadow is hashed (the ones I have use SHA-512), so they're not compatible. You need a third-party supplicant that can send passwords in cleartext (e.g. TTLS-PAP, EAP-PEAP-GTC). -- Fajar