Unable to setup freeradius server to authenticate from Unix username/passwords

Fajar A. Nugraha list at fajar.net
Tue Feb 28 09:46:02 CET 2012


On Tue, Feb 28, 2012 at 3:26 PM, Mohit Aron <extproxy at gmail.com> wrote:
>> You shouldn't need to do that. The files should have freerad group
>> ownership (at least it does last time I look on Natty), so freerad
>> user will be able to read it. Did you test it and it didn't work, or
>> did you THINK it wouldn't work so you do a chown manually?
>>
>> If it's the first, file a bug on launchpad, cause it's packaging bug.
>> If it's the later, try with a fresh install.
>>
>
> They are all owned by root in Ubuntu 11.10. So it is a packaging bug.
> I've also tried using Ubuntu 10.04 - there it is fine. I've filed a
> bug already on launchpad.

Really? They messed up big time then.

You can try my ppa: https://launchpad.net/~freeradius/+archive/stable
It was created based on Natty's 2.1.10, updated to 2.1.12 for
lucid-oneiric and hardy.

>
>> You need a third-party supplicant that can send passwords in cleartext
>> (e.g. TTLS-PAP, EAP-PEAP-GTC).
>>
>
> Sorry I'm new to freeradius. How can I setup this supplicant.

At work we use odyssey, but it's not free:
http://www.juniper.net/us/en/products-services/software/ipc/odyssey-access-client/

wpa_suppllicant (http://hostap.epitest.fi/wpa_supplicant/) might work
as well, but last time I tried it's kinda hit-and-miss.

>
> I'd really like to use Unix passwords to authenticate and not create
> another setup of passwords for users. The documentation on radius is
> really sparse.

Did you check the wiki, http://wiki.freeradius.org/?
If you think there's something that should be there but isn't, feel
free to add some content.

> If you can advise what all I need to just make my wifi
> clients authenticate using radius against the passwd file on a Linux
> box, that'll be super.

You can also do it the other way around: store the passwords as
clear-text (nt-hash should also work, although I haven't tried),
either in database (e.g. mysql) or LDAP, then use pam_radius or
pam_ldap (only if you use ldap) so linux uses radius for
authentication.

-- 
Fajar



More information about the Freeradius-Users mailing list