Help in moving FR1.x to 3.x EAP-TLS setup.

Alan DeKok aland at
Wed May 29 18:50:16 CEST 2019

On May 29, 2019, at 11:48 AM, Gregory Sloop <gregs at> wrote:
> So, I've got a current FR setup, version 2.2.8 [although the last time I've done this was under a 1.x FR version - these configs are under an upgraded distro version - so the newer FR setups are somewhat confusing for me. This is all under Ubuntu - this setup started life as a 12.04 (IIRC) setup, and got upgraded to 16.04. I'm now trying to migrate it to a fresh setup on 18.04.]

  That's good.

> And I'm having trouble. Rather than have you look at a debug - perhaps I should start here.
> I'm not sure I'm doing the right steps for setup/configuration.


  That contains detailed instructions for (a) starting from a default config, and (b) having EAP / WiFi auth work.

> Here's what is in my current eap [in FR 2.2.8] - though the eap.conf file isn't in the mods-available directory, it's in the main FR config dir. I suppose I could probably leave it that way, but I'm trying to do this the "new" way.

  Please don't move your v2 config to v3.  Start with the default configuration in v3, in a fresh v3 installation.  Then, gradually re-create the *functionality* piece by piece, with testing.

> Though to start, I think I'll avoid checking a CRL - just to keep things simple.
> Do, I just essentially paste this config straight into the new one? 

  Please no.

> [I don't think so - there's a new section "tls-config tls-common" and I'm unsure about that.]

  It's because EAP-TLS, TTLS, and PEAP all share common TLS configuration.  Instead of replicating it 3 times, there's a "common TLS" configuration.

> I don't believe there are any changes I made previously [or need to make now] to radiusd.conf?
> Is there anything else I need to do? 

  If you made no more changes, then no.

  Alan DeKok.

More information about the Freeradius-Users mailing list