Hi list, I'm a FreeRADIUS noob, and I've been charged with getting some WiFi APs authenticating against an existing FreeRADIUS server being used for dialup users. I've configured FreeRADIUS as best I can figure from what I've found on the web, but I'm having no success with getting WPA to work. I'm using a D-Link 2100AP access point, and a Mac OS X 10.4 client. From what I can gather it seems that I might have misconfigured FreeRADIUS, based on the error message below. I've configured a test user as follows: pants Auth-Type := Accept Tunnel-Type = 13, Tunnel-Medium-Type = 6, Tunnel-Private-Group-Id = 1 The last 3 lines I found in a tutorial on the web, but I'm not sure if they are necessary or not (and commenting them out makes no difference). When I run radtest everything looks OK: $ radtest pants "" localhost 1 XXXXXX Sending Access-Request of id 141 to 127.0.0.1:1812 User-Name = "pants" User-Password = "" NAS-IP-Address = newdeewhy NAS-Port = 1 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=141, length=35 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" When I try to connect from my Mac OS X client I get the following error: And the following appears in the radius.log: Fri Sep 1 15:50:59 2006 : Auth: Login OK: [pants] (from client testap port 1 cli 00-0D-93-86-48-8E) Fri Sep 1 15:51:02 2006 : Error: Authentication reply packet code 2 sent to a non-proxy reply port from client testap:1025 - ID 0 : IGNORED Watching the traffic shows the Access-Accept packet being sent back to the AP, but confusingly the AP sends an Access-Accept back to the RADIUS server! (10.0.0.100 is the AP, 10.0.0.101 is the RADIUS server): # tcpdump -nXi eth1 -s 65535 host 10.0.0.100 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes 16:08:43.990613 IP 10.0.0.100.1027 > 10.0.0.101.1812: RADIUS, Access Request (1), id: 0x00 length: 193 0x0000: 4500 00dd 0008 0000 4011 6540 0a00 0064 E.......@.e@...d 0x0010: 0a00 0065 0403 0714 00c9 0613 0100 00c1 ...e............ 0x0020: 3daa 0458 77d9 5edd 5149 6230 7717 7c71 =..Xw.^.QIb0w.|q 0x0030: 5012 091d 4b11 cb44 3587 c0cd d27e c929 P...K..D5....~.) 0x0040: 2bbd 0606 0000 0002 0108 7061 6e74 7300 +.........pants. 0x0050: 0c06 0000 05d0 1e1b 3030 2d31 312d 3935 ........ 00-11-95 0x0060: 2d44 422d 3337 2d30 423a 5465 7374 5750 - DB-37-0B:TestWP 0x0070: 411f 1330 302d 3044 2d39 332d 3836 2d34 A.. 00-0D-93-86-4 0x0080: 382d 3845 2015 442d 4c69 6e6b 2041 6363 8-8E..D- Link.Acc 0x0090: 6573 7320 506f 696e 743d 0600 0000 134d ess.Point=.....M 0x00a0: 1843 4f4e 4e45 4354 2035 344d 6270 7320 .CONNECT. 54Mbps. 0x00b0: 3830 322e 3131 674f 0c02 0000 0a01 7061 802.11gO......pa 0x00c0: 6e74 7304 060a 0000 6405 0600 0000 0157 nts.....d......W 0x00d0: 0e53 5441 2070 6f72 7420 2320 31 .STA.port.#.1 16:08:43.992271 IP 10.0.0.101.1812 > 10.0.0.100.1027: RADIUS, Access Accept (2), id: 0x00 length: 35 0x0000: 4500 003f 0015 4000 4011 25d1 0a00 0065 E..?..@.@. %....e 0x0010: 0a00 0064 0714 0403 002b fc7c 0200 0023 ...d..... +.|...# 0x0020: a6d5 7da7 33d8 c5a1 b0d4 f206 098f 1394 ..}. 3........... 0x0030: 4006 0000 000d 4106 0000 0006 5103 31 @.....A.....Q.1 16:08:46.987506 IP 10.0.0.100.1027 > 10.0.0.101.1812: RADIUS, Access Accept (2), id: 0x00 length: 35 0x0000: 4500 003f 0009 0000 4011 65dd 0a00 0064 E..?....@.e....d 0x0010: 0a00 0065 0403 0714 002b 1ab7 0200 0023 ...e..... +.....# 0x0020: 3daa 0458 77d9 5edd 5149 6230 7717 7c71 =..Xw.^.QIb0w.|q 0x0030: 4006 0000 000d 4106 0000 0006 5103 31 @.....A.....Q.1 16:08:48.382840 IP 10.0.0.100.1027 > 10.0.0.101.1812: RADIUS, Access Request (1), id: 0x01 length: 193 0x0000: 4500 00dd 000a 0000 4011 653e 0a00 0064 E.......@.e>...d 0x0010: 0a00 0065 0403 0714 00c9 bedd 0101 00c1 ...e............ 0x0020: 0489 1566 53aa 5f00 1842 47e4 38e0 661d ...fS._..BG.8.f. 0x0030: 5012 46a9 7407 9185 bbc4 4d10 7445 1df2 P.F.t.....M.tE.. 0x0040: 301d 0606 0000 0002 0108 7061 6e74 7300 0.........pants. 0x0050: 0c06 0000 05d0 1e1b 3030 2d31 312d 3935 ........ 00-11-95 0x0060: 2d44 422d 3337 2d30 423a 5465 7374 5750 - DB-37-0B:TestWP 0x0070: 411f 1330 302d 3044 2d39 332d 3836 2d34 A.. 00-0D-93-86-4 0x0080: 382d 3845 2015 442d 4c69 6e6b 2041 6363 8-8E..D- Link.Acc 0x0090: 6573 7320 506f 696e 743d 0600 0000 134d ess.Point=.....M 0x00a0: 1843 4f4e 4e45 4354 2035 344d 6270 7320 .CONNECT. 54Mbps. 0x00b0: 3830 322e 3131 674f 0c02 0100 0a01 7061 802.11gO......pa 0x00c0: 6e74 7304 060a 0000 6405 0600 0000 0157 nts.....d......W 0x00d0: 0e53 5441 2070 6f72 7420 2320 31 .STA.port.#.1 16:08:48.384472 IP 10.0.0.101.1812 > 10.0.0.100.1027: RADIUS, Access Accept (2), id: 0x01 length: 35 0x0000: 4500 003f 0016 4000 4011 25d0 0a00 0065 E..?..@.@. %....e 0x0010: 0a00 0064 0714 0403 002b e581 0201 0023 ...d..... +.....# 0x0020: fcf6 b690 11e0 81d6 d8ca 90b4 c0f3 833e ...............> 0x0030: 4006 0000 000d 4106 0000 0006 5103 31 @.....A.....Q.1 16:08:51.370904 IP 10.0.0.100.1027 > 10.0.0.101.1812: RADIUS, Access Accept (2), id: 0x01 length: 35 0x0000: 4500 003f 000b 0000 4011 65db 0a00 0064 E..?....@.e....d 0x0010: 0a00 0065 0403 0714 002b 0eb4 0201 0023 ...e..... +.....# 0x0020: 0489 1566 53aa 5f00 1842 47e4 38e0 661d ...fS._..BG.8.f. 0x0030: 4006 0000 000d 4106 0000 0006 5103 31 @.....A.....Q.1 16:09:02.626769 IP 10.0.0.100.1028 > 10.0.0.101.1812: RADIUS, Access Request (1), id: 0x00 length: 193 0x0000: 4500 00dd 000c 0000 4011 653c 0a00 0064 E.......@.e<...d 0x0010: 0a00 0065 0404 0714 00c9 03eb 0100 00c1 ...e............ 0x0020: 32b4 2a4d 2ac5 2831 0ba6 120d 3064 6cf9 2.*M*. (1....0dl. 0x0030: 5012 f943 27f4 f8c4 d74c b014 6c59 69e2 P..C'....L..lYi. 0x0040: bc6d 0606 0000 0002 0108 7061 6e74 7300 .m........pants. 0x0050: 0c06 0000 05d0 1e1b 3030 2d31 312d 3935 ........ 00-11-95 0x0060: 2d44 422d 3337 2d30 423a 5465 7374 5750 - DB-37-0B:TestWP 0x0070: 411f 1330 302d 3044 2d39 332d 3836 2d34 A.. 00-0D-93-86-4 0x0080: 382d 3845 2015 442d 4c69 6e6b 2041 6363 8-8E..D- Link.Acc 0x0090: 6573 7320 506f 696e 743d 0600 0000 134d ess.Point=.....M 0x00a0: 1843 4f4e 4e45 4354 2035 344d 6270 7320 .CONNECT. 54Mbps. 0x00b0: 3830 322e 3131 674f 0c02 0000 0a01 7061 802.11gO......pa 0x00c0: 6e74 7304 060a 0000 6405 0600 0000 0157 nts.....d......W 0x00d0: 0e53 5441 2070 6f72 7420 2320 31 .STA.port.#.1 16:09:02.628391 IP 10.0.0.101.1812 > 10.0.0.100.1028: RADIUS, Access Accept (2), id: 0x00 length: 35 0x0000: 4500 003f 0017 4000 4011 25cf 0a00 0065 E..?..@.@. %....e 0x0010: 0a00 0064 0714 0404 002b 310c 0200 0023 ...d..... +1....# 0x0020: 0f90 831a 311e 14e3 2b1e ce7b 7b42 5bdd ....1...+.. {{B[. 0x0030: 4006 0000 000d 4106 0000 0006 5103 31 @.....A.....Q.1 16:09:05.620998 IP 10.0.0.100.1028 > 10.0.0.101.1812: RADIUS, Access Accept (2), id: 0x00 length: 35 0x0000: 4500 003f 000d 0000 4011 65d9 0a00 0064 E..?....@.e....d 0x0010: 0a00 0065 0404 0714 002b 6f69 0200 0023 ...e..... +oi...# 0x0020: 32b4 2a4d 2ac5 2831 0ba6 120d 3064 6cf9 2.*M*. (1....0dl. 0x0030: 4006 0000 000d 4106 0000 0006 5103 31 @.....A.....Q.1 16:09:06.912295 IP 10.0.0.100.1028 > 10.0.0.101.1812: RADIUS, Access Request (1), id: 0x01 length: 193 0x0000: 4500 00dd 000e 0000 4011 653a 0a00 0064 E.......@.e:...d 0x0010: 0a00 0065 0404 0714 00c9 efec 0101 00c1 ...e............ 0x0020: 25b0 0c0b 4bde 0758 193b 59e7 19fb 7f5e %...K..X.;Y....^ 0x0030: 5012 8626 e5d6 1f1e 6d3f ca86 5fd6 5f64 P..&....m?.._._d 0x0040: 9e83 0606 0000 0002 0108 7061 6e74 7300 ..........pants. 0x0050: 0c06 0000 05d0 1e1b 3030 2d31 312d 3935 ........ 00-11-95 0x0060: 2d44 422d 3337 2d30 423a 5465 7374 5750 - DB-37-0B:TestWP 0x0070: 411f 1330 302d 3044 2d39 332d 3836 2d34 A.. 00-0D-93-86-4 0x0080: 382d 3845 2015 442d 4c69 6e6b 2041 6363 8-8E..D- Link.Acc 0x0090: 6573 7320 506f 696e 743d 0600 0000 134d ess.Point=.....M 0x00a0: 1843 4f4e 4e45 4354 2035 344d 6270 7320 .CONNECT. 54Mbps. 0x00b0: 3830 322e 3131 674f 0c02 0100 0a01 7061 802.11gO......pa 0x00c0: 6e74 7304 060a 0000 6405 0600 0000 0157 nts.....d......W 0x00d0: 0e53 5441 2070 6f72 7420 2320 31 .STA.port.#.1 16:09:06.913952 IP 10.0.0.101.1812 > 10.0.0.100.1028: RADIUS, Access Accept (2), id: 0x01 length: 35 0x0000: 4500 003f 0018 4000 4011 25ce 0a00 0065 E..?..@.@. %....e 0x0010: 0a00 0064 0714 0404 002b 43c4 0201 0023 ...d..... +C....# 0x0020: b02e 5ba5 c0a4 59b4 ee06 063d 6d18 0f23 .. [...Y....=m..# 0x0030: 4006 0000 000d 4106 0000 0006 5103 31 @.....A.....Q.1 16:09:07.627117 arp who-has 10.0.0.100 tell 10.0.0.101 0x0000: 0001 0800 0604 0001 0080 c8cf df7e 0a00 .............~.. 0x0010: 0065 0000 0000 0000 0a00 0064 .e.........d 16:09:07.627526 arp reply 10.0.0.100 is-at 00:11:95:db:37:0b 0x0000: 0001 0800 0604 0002 0011 95db 370b 0a00 ............7... 0x0010: 0064 0080 c8cf df7e 0a00 0065 0000 0000 .d.....~...e.... 0x0020: 0000 0000 0000 0000 0000 0000 0000 .............. 16:09:09.904367 IP 10.0.0.100.1028 > 10.0.0.101.1812: RADIUS, Access Accept (2), id: 0x01 length: 35 0x0000: 4500 003f 000f 0000 4011 65d7 0a00 0064 E..?....@.e....d 0x0010: 0a00 0065 0404 0714 002b 4903 0201 0023 ...e..... +I....# 0x0020: 25b0 0c0b 4bde 0758 193b 59e7 19fb 7f5e %...K..X.;Y....^ 0x0030: 4006 0000 000d 4106 0000 0006 5103 31 @.....A.....Q.1 Anybody know what is going on here? What have I misconfigured? Thanks, Loukas
On the rare occasions that I post to mailing lists I always forget something in the first message. This is the error that I get from Internet Connect on Mac OS X when I connect: 802.1X Authentication has failed. 802.1X is unable to authenticate. It is possible that the configuration you have provided is invalid. If you are unsure about what configuration to connect with, check with your network administrator. ( Error: 1 on port en1 ) Loukas On 01/09/2006, at 4:12 PM, Loukas Kalenderidis wrote:
Hi list,
I'm a FreeRADIUS noob, and I've been charged with getting some WiFi APs authenticating against an existing FreeRADIUS server being used for dialup users. I've configured FreeRADIUS as best I can figure from what I've found on the web, but I'm having no success with getting WPA to work. I'm using a D-Link 2100AP access point, and a Mac OS X 10.4 client. From what I can gather it seems that I might have misconfigured FreeRADIUS, based on the error message below.
I've configured a test user as follows: pants Auth-Type := Accept Tunnel-Type = 13, Tunnel-Medium-Type = 6, Tunnel-Private-Group-Id = 1
The last 3 lines I found in a tutorial on the web, but I'm not sure if they are necessary or not (and commenting them out makes no difference).
When I run radtest everything looks OK:
$ radtest pants "" localhost 1 XXXXXX Sending Access-Request of id 141 to 127.0.0.1:1812 User-Name = "pants" User-Password = "" NAS-IP-Address = newdeewhy NAS-Port = 1 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=141, length=35 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1"
When I try to connect from my Mac OS X client I get the following error:
And the following appears in the radius.log: Fri Sep 1 15:50:59 2006 : Auth: Login OK: [pants] (from client testap port 1 cli 00-0D-93-86-48-8E) Fri Sep 1 15:51:02 2006 : Error: Authentication reply packet code 2 sent to a non-proxy reply port from client testap:1025 - ID 0 : IGNORED
Watching the traffic shows the Access-Accept packet being sent back to the AP, but confusingly the AP sends an Access-Accept back to the RADIUS server! (10.0.0.100 is the AP, 10.0.0.101 is the RADIUS server):
# tcpdump -nXi eth1 -s 65535 host 10.0.0.100 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes 16:08:43.990613 IP 10.0.0.100.1027 > 10.0.0.101.1812: RADIUS, Access Request (1), id: 0x00 length: 193 0x0000: 4500 00dd 0008 0000 4011 6540 0a00 0064 E.......@.e@...d 0x0010: 0a00 0065 0403 0714 00c9 0613 0100 00c1 ...e............ 0x0020: 3daa 0458 77d9 5edd 5149 6230 7717 7c71 =..Xw.^.QIb0w.|q 0x0030: 5012 091d 4b11 cb44 3587 c0cd d27e c929 P...K..D5....~.) 0x0040: 2bbd 0606 0000 0002 0108 7061 6e74 7300 +.........pants. 0x0050: 0c06 0000 05d0 1e1b 3030 2d31 312d 3935 ........ 00-11-95 0x0060: 2d44 422d 3337 2d30 423a 5465 7374 5750 - DB-37-0B:TestWP 0x0070: 411f 1330 302d 3044 2d39 332d 3836 2d34 A.. 00-0D-93-86-4 0x0080: 382d 3845 2015 442d 4c69 6e6b 2041 6363 8-8E..D- Link.Acc 0x0090: 6573 7320 506f 696e 743d 0600 0000 134d ess.Point=.....M 0x00a0: 1843 4f4e 4e45 4354 2035 344d 6270 7320 .CONNECT. 54Mbps. 0x00b0: 3830 322e 3131 674f 0c02 0000 0a01 7061 802.11gO......pa 0x00c0: 6e74 7304 060a 0000 6405 0600 0000 0157 nts.....d......W 0x00d0: 0e53 5441 2070 6f72 7420 2320 31 .STA.port.#.1 16:08:43.992271 IP 10.0.0.101.1812 > 10.0.0.100.1027: RADIUS, Access Accept (2), id: 0x00 length: 35 0x0000: 4500 003f 0015 4000 4011 25d1 0a00 0065 E..?..@.@. %....e 0x0010: 0a00 0064 0714 0403 002b fc7c 0200 0023 ...d..... +.|...# 0x0020: a6d5 7da7 33d8 c5a1 b0d4 f206 098f 1394 ..}. 3........... 0x0030: 4006 0000 000d 4106 0000 0006 5103 31 @.....A.....Q.1 16:08:46.987506 IP 10.0.0.100.1027 > 10.0.0.101.1812: RADIUS, Access Accept (2), id: 0x00 length: 35 0x0000: 4500 003f 0009 0000 4011 65dd 0a00 0064 E..?....@.e....d 0x0010: 0a00 0065 0403 0714 002b 1ab7 0200 0023 ...e..... +.....# 0x0020: 3daa 0458 77d9 5edd 5149 6230 7717 7c71 =..Xw.^.QIb0w.|q 0x0030: 4006 0000 000d 4106 0000 0006 5103 31 @.....A.....Q.1 16:08:48.382840 IP 10.0.0.100.1027 > 10.0.0.101.1812: RADIUS, Access Request (1), id: 0x01 length: 193 0x0000: 4500 00dd 000a 0000 4011 653e 0a00 0064 E.......@.e>...d 0x0010: 0a00 0065 0403 0714 00c9 bedd 0101 00c1 ...e............ 0x0020: 0489 1566 53aa 5f00 1842 47e4 38e0 661d ...fS._..BG.8.f. 0x0030: 5012 46a9 7407 9185 bbc4 4d10 7445 1df2 P.F.t.....M.tE.. 0x0040: 301d 0606 0000 0002 0108 7061 6e74 7300 0.........pants. 0x0050: 0c06 0000 05d0 1e1b 3030 2d31 312d 3935 ........ 00-11-95 0x0060: 2d44 422d 3337 2d30 423a 5465 7374 5750 - DB-37-0B:TestWP 0x0070: 411f 1330 302d 3044 2d39 332d 3836 2d34 A.. 00-0D-93-86-4 0x0080: 382d 3845 2015 442d 4c69 6e6b 2041 6363 8-8E..D- Link.Acc 0x0090: 6573 7320 506f 696e 743d 0600 0000 134d ess.Point=.....M 0x00a0: 1843 4f4e 4e45 4354 2035 344d 6270 7320 .CONNECT. 54Mbps. 0x00b0: 3830 322e 3131 674f 0c02 0100 0a01 7061 802.11gO......pa 0x00c0: 6e74 7304 060a 0000 6405 0600 0000 0157 nts.....d......W 0x00d0: 0e53 5441 2070 6f72 7420 2320 31 .STA.port.#.1 16:08:48.384472 IP 10.0.0.101.1812 > 10.0.0.100.1027: RADIUS, Access Accept (2), id: 0x01 length: 35 0x0000: 4500 003f 0016 4000 4011 25d0 0a00 0065 E..?..@.@. %....e 0x0010: 0a00 0064 0714 0403 002b e581 0201 0023 ...d..... +.....# 0x0020: fcf6 b690 11e0 81d6 d8ca 90b4 c0f3 833e ...............> 0x0030: 4006 0000 000d 4106 0000 0006 5103 31 @.....A.....Q.1 16:08:51.370904 IP 10.0.0.100.1027 > 10.0.0.101.1812: RADIUS, Access Accept (2), id: 0x01 length: 35 0x0000: 4500 003f 000b 0000 4011 65db 0a00 0064 E..?....@.e....d 0x0010: 0a00 0065 0403 0714 002b 0eb4 0201 0023 ...e..... +.....# 0x0020: 0489 1566 53aa 5f00 1842 47e4 38e0 661d ...fS._..BG.8.f. 0x0030: 4006 0000 000d 4106 0000 0006 5103 31 @.....A.....Q.1 16:09:02.626769 IP 10.0.0.100.1028 > 10.0.0.101.1812: RADIUS, Access Request (1), id: 0x00 length: 193 0x0000: 4500 00dd 000c 0000 4011 653c 0a00 0064 E.......@.e<...d 0x0010: 0a00 0065 0404 0714 00c9 03eb 0100 00c1 ...e............ 0x0020: 32b4 2a4d 2ac5 2831 0ba6 120d 3064 6cf9 2.*M*. (1....0dl. 0x0030: 5012 f943 27f4 f8c4 d74c b014 6c59 69e2 P..C'....L..lYi. 0x0040: bc6d 0606 0000 0002 0108 7061 6e74 7300 .m........pants. 0x0050: 0c06 0000 05d0 1e1b 3030 2d31 312d 3935 ........ 00-11-95 0x0060: 2d44 422d 3337 2d30 423a 5465 7374 5750 - DB-37-0B:TestWP 0x0070: 411f 1330 302d 3044 2d39 332d 3836 2d34 A.. 00-0D-93-86-4 0x0080: 382d 3845 2015 442d 4c69 6e6b 2041 6363 8-8E..D- Link.Acc 0x0090: 6573 7320 506f 696e 743d 0600 0000 134d ess.Point=.....M 0x00a0: 1843 4f4e 4e45 4354 2035 344d 6270 7320 .CONNECT. 54Mbps. 0x00b0: 3830 322e 3131 674f 0c02 0000 0a01 7061 802.11gO......pa 0x00c0: 6e74 7304 060a 0000 6405 0600 0000 0157 nts.....d......W 0x00d0: 0e53 5441 2070 6f72 7420 2320 31 .STA.port.#.1 16:09:02.628391 IP 10.0.0.101.1812 > 10.0.0.100.1028: RADIUS, Access Accept (2), id: 0x00 length: 35 0x0000: 4500 003f 0017 4000 4011 25cf 0a00 0065 E..?..@.@. %....e 0x0010: 0a00 0064 0714 0404 002b 310c 0200 0023 ...d..... +1....# 0x0020: 0f90 831a 311e 14e3 2b1e ce7b 7b42 5bdd ....1... +..{{B[. 0x0030: 4006 0000 000d 4106 0000 0006 5103 31 @.....A.....Q.1 16:09:05.620998 IP 10.0.0.100.1028 > 10.0.0.101.1812: RADIUS, Access Accept (2), id: 0x00 length: 35 0x0000: 4500 003f 000d 0000 4011 65d9 0a00 0064 E..?....@.e....d 0x0010: 0a00 0065 0404 0714 002b 6f69 0200 0023 ...e..... +oi...# 0x0020: 32b4 2a4d 2ac5 2831 0ba6 120d 3064 6cf9 2.*M*. (1....0dl. 0x0030: 4006 0000 000d 4106 0000 0006 5103 31 @.....A.....Q.1 16:09:06.912295 IP 10.0.0.100.1028 > 10.0.0.101.1812: RADIUS, Access Request (1), id: 0x01 length: 193 0x0000: 4500 00dd 000e 0000 4011 653a 0a00 0064 E.......@.e:...d 0x0010: 0a00 0065 0404 0714 00c9 efec 0101 00c1 ...e............ 0x0020: 25b0 0c0b 4bde 0758 193b 59e7 19fb 7f5e %...K..X.;Y....^ 0x0030: 5012 8626 e5d6 1f1e 6d3f ca86 5fd6 5f64 P..&....m?.._._d 0x0040: 9e83 0606 0000 0002 0108 7061 6e74 7300 ..........pants. 0x0050: 0c06 0000 05d0 1e1b 3030 2d31 312d 3935 ........ 00-11-95 0x0060: 2d44 422d 3337 2d30 423a 5465 7374 5750 - DB-37-0B:TestWP 0x0070: 411f 1330 302d 3044 2d39 332d 3836 2d34 A.. 00-0D-93-86-4 0x0080: 382d 3845 2015 442d 4c69 6e6b 2041 6363 8-8E..D- Link.Acc 0x0090: 6573 7320 506f 696e 743d 0600 0000 134d ess.Point=.....M 0x00a0: 1843 4f4e 4e45 4354 2035 344d 6270 7320 .CONNECT. 54Mbps. 0x00b0: 3830 322e 3131 674f 0c02 0100 0a01 7061 802.11gO......pa 0x00c0: 6e74 7304 060a 0000 6405 0600 0000 0157 nts.....d......W 0x00d0: 0e53 5441 2070 6f72 7420 2320 31 .STA.port.#.1 16:09:06.913952 IP 10.0.0.101.1812 > 10.0.0.100.1028: RADIUS, Access Accept (2), id: 0x01 length: 35 0x0000: 4500 003f 0018 4000 4011 25ce 0a00 0065 E..?..@.@. %....e 0x0010: 0a00 0064 0714 0404 002b 43c4 0201 0023 ...d..... +C....# 0x0020: b02e 5ba5 c0a4 59b4 ee06 063d 6d18 0f23 .. [...Y....=m..# 0x0030: 4006 0000 000d 4106 0000 0006 5103 31 @.....A.....Q.1 16:09:07.627117 arp who-has 10.0.0.100 tell 10.0.0.101 0x0000: 0001 0800 0604 0001 0080 c8cf df7e 0a00 .............~.. 0x0010: 0065 0000 0000 0000 0a00 0064 .e.........d 16:09:07.627526 arp reply 10.0.0.100 is-at 00:11:95:db:37:0b 0x0000: 0001 0800 0604 0002 0011 95db 370b 0a00 ............7... 0x0010: 0064 0080 c8cf df7e 0a00 0065 0000 0000 .d.....~...e.... 0x0020: 0000 0000 0000 0000 0000 0000 0000 .............. 16:09:09.904367 IP 10.0.0.100.1028 > 10.0.0.101.1812: RADIUS, Access Accept (2), id: 0x01 length: 35 0x0000: 4500 003f 000f 0000 4011 65d7 0a00 0064 E..?....@.e....d 0x0010: 0a00 0065 0404 0714 002b 4903 0201 0023 ...e..... +I....# 0x0020: 25b0 0c0b 4bde 0758 193b 59e7 19fb 7f5e %...K..X.;Y....^ 0x0030: 4006 0000 000d 4106 0000 0006 5103 31 @.....A.....Q.1
Anybody know what is going on here? What have I misconfigured?
Thanks, Loukas
-List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
Loukas Kalenderidis <loukas@hb.com.au> wrote:
I've configured FreeRADIUS as best I can figure from what I've found on the web, but I'm having no success with getting WPA to work. I'm using a D-Link 2100AP access point, and a Mac OS X 10.4 client. From what I can gather it seems that I might have misconfigured FreeRADIUS, based on the error message below.
I've configured a test user as follows: pants Auth-Type := Accept
That won't make WPA work. WPA requires a whole bunch of data exchange before all the machines involved believe that net access has been granted. You have to configure users, passwords, and certificates for it to work.
The last 3 lines I found in a tutorial on the web, but I'm not sure if they are necessary or not (and commenting them out makes no difference).
They're for VLAN assignment. You don't need them.
Watching the traffic shows the Access-Accept packet being sent back to the AP, but confusingly the AP sends an Access-Accept back to the RADIUS server! (10.0.0.100 is the AP, 10.0.0.101 is the RADIUS server):
That's what the debug log shows, too. I'm a little surprised that the AP is sending the Access-Request back to the server. Since you've configured the server to do something the AP doesn't expect, I guess you're in an untested area of its behavior. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
On 01/09/2006, at 6:37 PM, Alan DeKok wrote:
Loukas Kalenderidis <loukas@hb.com.au> wrote:
I've configured FreeRADIUS as best I can figure from what I've found on the web, but I'm having no success with getting WPA to work. I'm using a D-Link 2100AP access point, and a Mac OS X 10.4 client. From what I can gather it seems that I might have misconfigured FreeRADIUS, based on the error message below.
I've configured a test user as follows: pants Auth-Type := Accept
That won't make WPA work. WPA requires a whole bunch of data exchange before all the machines involved believe that net access has been granted.
You have to configure users, passwords, and certificates for it to work.
I've been trying to use an existing user that works with dialup access, but kept having authorization rejected, so I decided to try configuring that test user with Auth-Type:= Accept to simplify the problem. Bad idea? I was under the impression I don't need certificates unless I'm using TLS, is this incorrect?
The last 3 lines I found in a tutorial on the web, but I'm not sure if they are necessary or not (and commenting them out makes no difference).
They're for VLAN assignment. You don't need them.
Thanks.
Watching the traffic shows the Access-Accept packet being sent back to the AP, but confusingly the AP sends an Access-Accept back to the RADIUS server! (10.0.0.100 is the AP, 10.0.0.101 is the RADIUS server):
That's what the debug log shows, too.
Is this what the following error is about? Error: Authentication reply packet code 2 sent to a non-proxy reply port from client testap:1025 - ID 0 : IGNORED That makes more sense now. Thanks, Loukas
Loukas Kalenderidis <loukas@hb.com.au> wrote:
I've been trying to use an existing user that works with dialup access, but kept having authorization rejected, so I decided to try configuring that test user with Auth-Type:= Accept to simplify the problem. Bad idea? I was under the impression I don't need certificates unless I'm using TLS, is this incorrect?
As I said in my previous message, you need to configure users, passwords, and certificates for it to work. You can believe me, or you can continue doing what you're doing now, which doesn't work. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Hi, On 04/09/2006, at 11:36 AM, Alan DeKok wrote:
Loukas Kalenderidis <loukas@hb.com.au> wrote:
I've been trying to use an existing user that works with dialup access, but kept having authorization rejected, so I decided to try configuring that test user with Auth-Type:= Accept to simplify the problem. Bad idea? I was under the impression I don't need certificates unless I'm using TLS, is this incorrect?
As I said in my previous message, you need to configure users, passwords, and certificates for it to work.
You can believe me, or you can continue doing what you're doing now, which doesn't work.
I asked you questions relating to your statement in your previous message and you didn't really answer them. Can you elaborate on "configure users, passwords and certificates for it to work" please? Do you mean the users file needs specific configuration to work with WPA-EAP? And as I said before, I was under the impression I don't need certificates unless I'm using TLS, am I wrong? I'm happy to follow your advice, if you give me some that isn't just "configure stuff dude". This is what the debug log says when I connect now: rad_recv: Access-Request packet from host 10.0.0.100:1026, id=0, length=193 Message-Authenticator = 0x5206d718f6573c1eb840261956ec4ed5 Service-Type = Framed-User User-Name = "pants" Framed-MTU = 1488 Called-Station-Id = "00-11-95-DB-37-0B:TestWPA" Calling-Station-Id = "00-0D-93-86-48-8E" NAS-Identifier = "D-Link Access Point" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0200000a0170616e7473 NAS-IP-Address = 10.0.0.100 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_eap: EAP packet type response id 0 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 rlm_realm: No '@' in User-Name = "pants", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 radius_xlat: 'pants' rlm_sql (sql): sql_set_user escaped user --> 'pants' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM dialup_radcheck WHERE Username = 'pants' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): User pants not found in radcheck radius_xlat: 'SELECT dialup_radgroupcheck.id,dialup_radgroupcheck.GroupName,dialup_radgroupch eck.Attribute,dialup_radgroupcheck.Value,dialup_radgroupcheck.op FROM dialup_radgroupcheck,dialup_usergroup WHERE dialup_usergroup.Username = 'pants' AND dialup_usergroup.GroupName = dialup_radgroupcheck.GroupName ORDER BY dialup_radgroupcheck.id' radius_xlat: 'SELECT dialup_radgroupreply.id,dialup_radgroupreply.GroupName,dialup_radgroupre ply.Attribute,dialup_radgroupreply.Value,dialup_radgroupreply.op FROM dialup_radgroupreply,dialup_usergroup WHERE dialup_usergroup.Username = 'pants' AND dialup_usergroup.GroupName = dialup_radgroupreply.GroupName ORDER BY dialup_radgroupreply.id' rlm_sql (sql): User pants not found in radgroupcheck rlm_sql (sql): User not found rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns notfound for request 0 users: Matched entry pants at line 47 users: Matched entry DEFAULT at line 156 users: Matched entry DEFAULT at line 175 modcall[authorize]: module "files" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type Accept rad_check_password: Auth-Type = Accept, accepting the user Login OK: [pants] (from client testap port 1 cli 00-0D-93-86-48-8E) Sending Access-Accept of id 0 to 10.0.0.100:1026 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Accept packet from host 10.0.0.100:1026, id=0, length=38 Authentication reply packet code 2 sent to a non-proxy reply port from client testap:1026 - ID 0 : IGNORED --- Walking the entire request list --- Waking up in 3 seconds... rad_recv: Access-Request packet from host 10.0.0.100:1026, id=1, length=193 Message-Authenticator = 0x593aef9381f04eb85805621b1ee22f6d Service-Type = Framed-User User-Name = "pants" Framed-MTU = 1488 Called-Station-Id = "00-11-95-DB-37-0B:TestWPA" Calling-Station-Id = "00-0D-93-86-48-8E" NAS-Identifier = "D-Link Access Point" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0201000a0170616e7473 NAS-IP-Address = 10.0.0.100 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_eap: EAP packet type response id 1 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 rlm_realm: No '@' in User-Name = "pants", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 radius_xlat: 'pants' rlm_sql (sql): sql_set_user escaped user --> 'pants' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM dialup_radcheck WHERE Username = 'pants' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 rlm_sql (sql): User pants not found in radcheck radius_xlat: 'SELECT dialup_radgroupcheck.id,dialup_radgroupcheck.GroupName,dialup_radgroupch eck.Attribute,dialup_radgroupcheck.Value,dialup_radgroupcheck.op FROM dialup_radgroupcheck,dialup_usergroup WHERE dialup_usergroup.Username = 'pants' AND dialup_usergroup.GroupName = dialup_radgroupcheck.GroupName ORDER BY dialup_radgroupcheck.id' radius_xlat: 'SELECT dialup_radgroupreply.id,dialup_radgroupreply.GroupName,dialup_radgroupre ply.Attribute,dialup_radgroupreply.Value,dialup_radgroupreply.op FROM dialup_radgroupreply,dialup_usergroup WHERE dialup_usergroup.Username = 'pants' AND dialup_usergroup.GroupName = dialup_radgroupreply.GroupName ORDER BY dialup_radgroupreply.id' rlm_sql (sql): User pants not found in radgroupcheck rlm_sql (sql): User not found rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns notfound for request 1 users: Matched entry pants at line 47 users: Matched entry DEFAULT at line 156 users: Matched entry DEFAULT at line 175 modcall[authorize]: module "files" returns ok for request 1 modcall[authorize]: module "mschap" returns noop for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type Accept rad_check_password: Auth-Type = Accept, accepting the user Login OK: [pants] (from client testap port 1 cli 00-0D-93-86-48-8E) Sending Access-Accept of id 1 to 10.0.0.100:1026 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 0 with timestamp 44fcba57 Waking up in 4 seconds... rad_recv: Access-Accept packet from host 10.0.0.100:1026, id=1, length=38 Authentication reply packet code 2 sent to a non-proxy reply port from client testap:1026 - ID 1 : IGNORED --- Walking the entire request list --- Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 1 with timestamp 44fcba5b Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.0.0.100:1026, id=2, length=193 Message-Authenticator = 0xf0a27f90359498a1ec16af5eb7268366 Service-Type = Framed-User User-Name = "pants" Framed-MTU = 1488 Called-Station-Id = "00-11-95-DB-37-0B:TestWPA" Calling-Station-Id = "00-0D-93-86-48-8E" NAS-Identifier = "D-Link Access Point" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0202000a0170616e7473 NAS-IP-Address = 10.0.0.100 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_eap: EAP packet type response id 2 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 rlm_realm: No '@' in User-Name = "pants", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 radius_xlat: 'pants' rlm_sql (sql): sql_set_user escaped user --> 'pants' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM dialup_radcheck WHERE Username = 'pants' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): User pants not found in radcheck radius_xlat: 'SELECT dialup_radgroupcheck.id,dialup_radgroupcheck.GroupName,dialup_radgroupch eck.Attribute,dialup_radgroupcheck.Value,dialup_radgroupcheck.op FROM dialup_radgroupcheck,dialup_usergroup WHERE dialup_usergroup.Username = 'pants' AND dialup_usergroup.GroupName = dialup_radgroupcheck.GroupName ORDER BY dialup_radgroupcheck.id' radius_xlat: 'SELECT dialup_radgroupreply.id,dialup_radgroupreply.GroupName,dialup_radgroupre ply.Attribute,dialup_radgroupreply.Value,dialup_radgroupreply.op FROM dialup_radgroupreply,dialup_usergroup WHERE dialup_usergroup.Username = 'pants' AND dialup_usergroup.GroupName = dialup_radgroupreply.GroupName ORDER BY dialup_radgroupreply.id' rlm_sql (sql): User pants not found in radgroupcheck rlm_sql (sql): User not found rlm_sql (sql): Released sql socket id: 2 modcall[authorize]: module "sql" returns notfound for request 2 users: Matched entry pants at line 47 users: Matched entry DEFAULT at line 156 users: Matched entry DEFAULT at line 175 modcall[authorize]: module "files" returns ok for request 2 modcall[authorize]: module "mschap" returns noop for request 2 modcall: group authorize returns updated for request 2 rad_check_password: Found Auth-Type Accept rad_check_password: Auth-Type = Accept, accepting the user Login OK: [pants] (from client testap port 1 cli 00-0D-93-86-48-8E) Sending Access-Accept of id 2 to 10.0.0.100:1026 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User Finished request 2 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Accept packet from host 10.0.0.100:1026, id=2, length=38 Authentication reply packet code 2 sent to a non-proxy reply port from client testap:1026 - ID 2 : IGNORED --- Walking the entire request list --- Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 2 ID 2 with timestamp 44fcba61 Nothing to do. Sleeping until we see a request. Thanks, Loukas
Loukas Kalenderidis <loukas@hb.com.au> wrote:
I asked you questions relating to your statement in your previous message and you didn't really answer them. Can you elaborate on "configure users, passwords and certificates for it to work" please?
I'm not sure what is unclear about that. You need a server certificate, as documented in many of the EAP howto's. You need at least one user, with a "known good" password. Simply saying "Auth-Type := Accept" will not work. Ever.
Do you mean the users file needs specific configuration to work with WPA-EAP?
As in a user with a password...
And as I said before, I was under the impression I don't need certificates unless I'm using TLS, am I wrong?
Yes, you're wrong. PEAP *does* use TLS. The comments in the "eap.conf" file make this clear.
I'm happy to follow your advice, if you give me some that isn't just "configure stuff dude".
The server comes with documentation that describes what to do, and how to configure it. Read "eap.conf", it points you to web pages that desribe describe in *detail* what to do.
rad_check_password: Auth-Type = Accept, accepting the user
My previous message explained that this won't work, and why. Yet you're not only trying it again, you're posting essentially the same debug log as last time. I don't see why. Now, you can keep trying what you're doing, which is obviously not working. Or, you can read the documentation that comes with the server, and the web pages it points to. I'm sorry if this sounds abrupt, but I've put a lot of work into making the server easy to use, into documenting exactly what to do, and in answering questions on this list. You're still arguing with me over my answers, rather than following my directions. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Hi Loukas, Loukas Kalenderidis schrieb:
I'm happy to follow your advice, if you give me some that isn't just "configure stuff dude".
FreeRadius is very confusing and the docs do not explain everything in a manner, a beginner can understand. That was my problem. I found this HowTo very useful: http://www.hep.phys.soton.ac.uk/~jhe/documents/WPA-Authentication+RADIUS-HOW... Which will IMHO exactly do what you want. Start with that one and if it works start to go into details. This worked for me. Only a few hints, never forget the right OIDs in the certs and check that the time on your computers do not differ to much. And don't use Debian, because eap is not included and compilation fails on Debian. That should save you around 3 weeks of work and 2 years of your life. :-) cu Alexandros
Alexandros Gougousoudis <gougousoudis@kh-berlin.de> wrote:
FreeRadius is very confusing and the docs do not explain everything in a manner, a beginner can understand.
They (and the main web page) point to EAP howto's on the main web site, which include screenshots for configuring Windows for wireless, including exactly where to add the certificates.
And don't use Debian, because eap is not included and compilation fails on Debian.
The server includes a "debian" directory, whixch is used to build debian packages. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Hi Alan, Alan DeKok schrieb:
They (and the main web page) point to EAP howto's on the main web site, which include screenshots for configuring Windows for wireless,
Thats true, but as a beginner it is not clear what is important to set up. Most people simply want to connect their notebook over WLAN to their network, other go more into detail with LDAP, SQL whatever. Knowledge about EAP-PEAP, EAP-TLS, MSCHAPv2 is still not developed. As you and others reply on questions of people on the list is very often like "tell us in detail what you want to do..." is not what many people seek, I think most expect to be told what is important and what they should do. As always in IT-Business, the customer doesn't know what he needs, but it must be nice and fancy when it is ready. :-)) FR is a great program, thanks a lot to all who work on this!
The server includes a "debian" directory, whixch is used to build debian packages.
I tried that with source-install of the deb, but compilation fails on sarge and unstable, bug list is full on debian.org, so I'am not the only one who had this problem. I think at least the eap module relies on some lib which is not GPL and not included into Debian and they try to move around it. But FR without EAP is at least for me useless. I did not try the debian dir of the official tar of freeradius.org, I will do that soon, because Suse 10.1 sucks. cu Alex P.S: I look for a good book, covering all about radius and especially FR. As an overview and as a reference.
Hi, I won't comment on the relative merits of "I don't know how, but it works for me in my little universe" vs "Lots of reading, complex, perhaps trial-and-error-prone configuration but immensly versatile" styles different people obiously think differently about., On 9/6/06, Alexandros Gougousoudis <gougousoudis@kh-berlin.de> wrote:
The server includes a "debian" directory, whixch is used to build debian packages.
I tried that with source-install of the deb, but compilation fails on sarge and unstable, bug list is full on debian.org, so I'am not the only one who had this problem. I think at least the eap module relies on some lib which is not GPL and not included into Debian and they try to move around it. But FR without EAP is at least for me useless.
I did not try the debian dir of the official tar of freeradius.org, I
But that is going just too far, let me set the record straight: 1. Building packages with eap on pre-sarge and later on for released sarge used to be a bit awkward but doable and has improved much over time. 2. debian maintainers of freeradius imho do a great job in providing working and policy conformant packages. 3. debian source package builds on unstable without problem here. And it provides a minimal intrusive way of enabling ssl and postgres related stuff. 4. Although not the way intended by debian in general, the upstream tarball contains a debian dir (as noted), which, at least, leads to compiling, package building with the proper tools (just tested). Sorry, I didn't check functionality , but I suppose there won't be any problerms until shown otherwise. And you suggested compilation errors, which doesn't hold true. 5. http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=freeradius does only list 1 minor bug (which might be considered whishlist) and 4 wishlist bugs, ancient or left there for reference purposes. 6. Technically, the needed libssl-dev is part of debian, but because of alleged license problems (which this list and many other searchable places contain lots of information about) freeradius in debian is not linked against it. Ok, enough <defend-debian-mode> for now. :) regards K. Hoercher
-----Original Message----- 3. debian source package builds on unstable without problem here. And it provides a minimal intrusive way of enabling ssl and postgres related stuff.
Just to follow up. It appears that in FreeRadius 1.1.3, if you follow the directions in the WIKI http://wiki.freeradius.org/index.php/Build#Building_Debian_packages That you will get a working PEAP/TTLS EAP It has the necessary sections included. You can view what is done in the Debian/rules file
Hi,
You can view what is done in the Debian/rules file
Yupp, it works now! My mistake was to use the little bit broken 1.1.0 deb package a few months ago. Source-Build didn't work. If I take the sources of the official tar.gz I can build now all without problems under unstable. Great. Don't like Suse... Thanks Alex -- ServiceCenter IT - Alexandros Gougousoudis (Leiter) Gemeinsame Einrichtung der Kunsthochschule Berlin-Weissensee, Hochschule für Musik "Hanns Eisler" und der Hochschule für Schauspielkunst "Ernst Busch". Tel.: 030 / 477 05 - 444 * Fax.: 030 / 477 05 - 445
Alexandros Gougousoudis <gougousoudis@kh-berlin.de> wrote:
Thats true, but as a beginner it is not clear what is important to set up. Most people simply want to connect their notebook over WLAN to their network, other go more into detail with LDAP, SQL whatever.
That really is the fundamental problem, and one I've seen a lot. Everyone wants documentation for how to configure the server for their system. They'd rather not read through documentation for how to configure *other* peoples systems. And they'd rather not read through general documentation saying how the server works, and what each module does. I plan on addressing at least some of that with my book.
As you and others reply on questions of people on the list is very often like "tell us in detail what you want to do..." is not what many people seek, I think most expect to be told what is important and what they should do.
Yes, and many questions are "How do I configure the server to do stuff?" That's a useless question, and guaranteed to not solve the problem.
P.S: I look for a good book, covering all about radius and especially FR. As an overview and as a reference.
I'm writing one. I've got about 60 pages of good content, and 50 pages of rough notes. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
----- Original Message ----- From: "Alan DeKok" <aland@deployingradius.com>
I plan on addressing at least some of that with my book.
P.S: I look for a good book, covering all about radius and especially FR. As an overview and as a reference.
I'm writing one. I've got about 60 pages of good content, and 50 pages of rough notes. I would be glad to send you some of my configs for examples. Many of them you instructed me on how to accomplish the goal on the list. I posted a bunch on the wiki but that thing keeps getting spammed =( I would think at least ISP's would gain some insight from some of them.
On Wed 06 Sep 2006 23:05, Lewis Bergman wrote:
----- Original Message ----- From: "Alan DeKok" <aland@deployingradius.com>
I plan on addressing at least some of that with my book.
P.S: I look for a good book, covering all about radius and especially FR. As an overview and as a reference.
I'm writing one. I've got about 60 pages of good content, and 50 pages of rough notes.
I would be glad to send you some of my configs for examples. Many of them you instructed me on how to accomplish the goal on the list. I posted a bunch on the wiki but that thing keeps getting spammed =( I would think at least ISP's would gain some insight from some of them.
The wiki should be mostly spam free these days as I have implimented some counter measures. If you notice any spam, please remove it AND notify me. Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc
participants (7)
-
Alan DeKok -
Alexandros Gougousoudis -
K. Hoercher -
King, Michael -
Lewis Bergman -
Loukas Kalenderidis -
Peter Nixon