the newbie on radiustesting strikes again

Ivan Kalik tnt at kalik.net
Sat Apr 19 18:34:36 CEST 2008


>> You need to sort out some basic things:
>> 
>> - your user sits at the laptop and connects to - what? What service is
>> router controlling?
>A: to internett via the router for example
>What service is router controlling?
>A:The traffic through the DSL-modem (You mean to say: "Which service is the router controlling" or "Which service is routercontrolling" i.e. controlling the router?)

OK. But how are they going to connect to the router? You are mentioning
PEAP, so I assume that router does support EAP (WPA-Enterprise)? For
wireless clients. Will there be wired clients? Can their access be
controlled?

>> - your router is most likely the only (radius) client on your network.
>> User machines should be removed from clients.conf.
>A:Remove all user machines
>Thus only one machine, the router, is to be defined as client
>client 192.168.0.1 {
>        secret          = testing123
>        shortname       = asus-TL
>        nastype         = other
># DLINK 635 Router
>}

That should be fine now.

>> 
>> - don't use Auth-Type and User-Password. Read instructions in users
>> file. Documentation you got these entries from is years out of date.
>A: FreeRADIUS Version 1.0.4. - And this is a tricky part. 
>If no Auth-Type and User-Password, should I apply Fall-Through instead
>to have a DEFAULT running?

OK, disregard what I said. You are using version that is years out of
date, so those entries are likely to be correct. Just check that you can
disable DHCP on the router and hand IPs via radius.

If you upgrade to current version certificates will be created for you.
Even if you don't want to upgrade you can download 2.0.3 and use it to
generate certificates that you can use in 1.0.4.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list