Hi all! I'm new to this list and probably this is not the place where to post this kind of questions. I've searched all over the net and read a lot about various configurations for freeradius, but nothing so simple to solve my problem. Hence here is the problem: I'm using Debian Sarge (kernel 2.6.8-2-686) and I'm trying to use freeradius 1.0.2 with quite all extensions available for my distro (dialupadmin, ldap, mysql, perl etc ...). Freeradius is installed correctly (no error messages, during the setup process) and when I launch it with #freeradius -X I get this output: Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/freeradius/proxy.conf Config: including file: /etc/freeradius/clients.conf Config: including file: /etc/freeradius/snmp.conf Config: including file: /etc/freeradius/eap.conf Config: including file: /etc/freeradius/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/freeradius" main: libdir = "/usr/lib/freeradius" main: radacctdir = "/var/log/freeradius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/freeradius/radius.log" main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/freeradius/freeradius.pid" main: user = "freerad" main: group = "freerad" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "/etc/shadow" unix: group = "(null)" unix: radwtmp = "/var/log/freeradius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/freeradius/huntgroups" preprocess: hints = "/etc/freeradius/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/freeradius/users" files: acctusersfile = "/etc/freeradius/acct_users" files: preproxy_usersfile = "/etc/freeradius/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Addre ss, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-% Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/freeradius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Listening on proxy *:1814 Ready to process requests. ... I suppose that this means that the server works fine. Now I'd like (and this is the real question) to use the server with a Zyxel ZyAir B-3000 that has a built in RADIUS function to authenticate users and authorize to access my LAN (mostly for using an Internet connection). What is the simplest way to configure the server and the client (ZyAir) to make them works together? How can I test the settings, before to make them operative? If I can't get help here is there anybody that knows a step-by-step tutorial I can download on the Internet (in italian?)? Thanks in advance for your help and support Luciano PELLE
Hi,
Hence here is the problem: I'm using Debian Sarge (kernel 2.6.8-2-686) and I'm trying to use freeradius 1.0.2 with quite all extensions available for my distro (dialupadmin, ldap, mysql, perl etc ...). Freeradius is installed correctly (no error messages, during the setup process) and when I launch it with
you are aware than the Debian version doesnt have all the EAP stuff properly compiled in because of the OpenSSL licence issue? You are better off compiling it yourself...add into that fact that 1.1.0 has been out for a while now..... your server appears to have loaded up fine. if you want to start BASIC, i'd recommend that you comment out all the fancy stuff such as proxy, sql, snmp, ldap etc
Now I'd like (and this is the real question) to use the server with a Zyxel ZyAir B-3000 that has a built in RADIUS function to authenticate users and authorize to access my LAN (mostly for using an Internet connection). What is the simplest way to configure the server and the client (ZyAir) to make them works together? How can I test the settings, before to make them operative? If I can't get help here is there anybody that knows a step-by-step tutorial I can download on the Internet (in italian?)?
tp 'get started' simply add the IP of this AP into the clients.conf file (see the example entries) and give it a secret passphrase...now on the AP, put the IP of your freeradius server...and the passphrase. the server is running on default ports 1812, 1813. then you need to choose what sort of RADIUS you are doing. for simple passphrase stuff you can put an entry into the users file (see examples in users file) and this will be good enough to do the basic stuff...you can then progress to EAP methods (TTLS is best) once you've done the groundwork of generating a server certificate (and which point you'll hit the SSL problem I mentioned above)...and then you can authenticate the users against passwords held in SQL database, MSCHAPv2 against a compatible backend...or even /etc/passwd. though EAP-TLS is always the 'holy grail' for a small manageable system/environment. alan
participants (2)
-
A.L.M.Buxey@lboro.ac.uk -
Luciano PELLE