ZyAir B-3000 and freeradius
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Mon Mar 6 00:07:57 CET 2006
Hi,
> Hence here is the problem:
> I'm using Debian Sarge (kernel 2.6.8-2-686) and I'm trying to use
> freeradius 1.0.2 with quite all extensions available for my distro
> (dialupadmin, ldap, mysql, perl etc ...).
> Freeradius is installed correctly (no error messages, during the setup
> process) and when I launch it with
you are aware than the Debian version doesnt have all the
EAP stuff properly compiled in because of the OpenSSL licence
issue? You are better off compiling it yourself...add into
that fact that 1.1.0 has been out for a while now.....
your server appears to have loaded up fine. if you want to
start BASIC, i'd recommend that you comment out all the fancy
stuff such as proxy, sql, snmp, ldap etc
> Now I'd like (and this is the real question) to use the server with a
> Zyxel ZyAir B-3000 that has a built in RADIUS function to authenticate
> users and authorize to access my LAN (mostly for using an Internet
> connection).
> What is the simplest way to configure the server and the client (ZyAir)
> to make them works together? How can I test the settings, before to make
> them operative? If I can't get help here is there anybody that knows a
> step-by-step tutorial I can download on the Internet (in italian?)?
tp 'get started' simply add the IP of this AP into the clients.conf
file (see the example entries) and give it a secret passphrase...now
on the AP, put the IP of your freeradius server...and the passphrase.
the server is running on default ports 1812, 1813. then you need
to choose what sort of RADIUS you are doing. for simple passphrase
stuff you can put an entry into the users file (see examples in users
file) and this will be good enough to do the basic stuff...you can then
progress to EAP methods (TTLS is best) once you've done the groundwork
of generating a server certificate (and which point you'll hit
the SSL problem I mentioned above)...and then you can authenticate
the users against passwords held in SQL database, MSCHAPv2 against
a compatible backend...or even /etc/passwd. though EAP-TLS is always
the 'holy grail' for a small manageable system/environment.
alan
More information about the Freeradius-Users
mailing list