Help in moving FR1.x to 3.x EAP-TLS setup.
Gregory Sloop
gregs at sloop.net
Thu May 30 00:44:50 CEST 2019
AD> It's not that more complex. Configure the server / CA
AD> certificate as described in the web page. Issue a client
AD> certificate using the CA. It *will* work.
AD> If you use eapol_test as described in that page, it's simple to
AD> add client configurations for EAP-TLS. In v3, sample
AD> configuration for eapol_test are in src/tests/eap*.conf
I don't see any of that ^^^ in Ubuntu.
I'm puzzled. Perhaps FR3 from sources is way different than FR3 in Ubuntu 18.04 - but I'm pretty sure you'll need an eap[.conf] cofigured in the /mods-available and linked in the /mods-enabled directory to make this work.
Thus, you can't just create a CA/Cert/Key and EAP-TLS 'just works' as per http://deployingradius.com/documents/configuration/eap.html - at least not with Ubuntu.
I'm fine with having to configure eap, but at least on Ubuntu it won't work unless you configure EAP and put a link [or the actual config] in
/etc/freeradius/3.0/mods-enabled.
Probably I'll try to work up a how-to for Ubuntu 18.04 - since the WPA-Enterprise/Radius howto on the wiki is at least 10 years old, and doesn't reflect the realities of 2.x or 3.x, or anything newer than Windows XP.
I stand a few of these up, perhaps every 10 years or the like - so I'm never going to become a FR guru. Having something modestly straight-forward, without having to wade through a bunch of documentation would be helpful.
-Greg
More information about the Freeradius-Users
mailing list