FreeRadius, Eduroam, and me...

Alan Buxey alan.buxey at gmail.com
Mon Jun 22 21:05:39 CEST 2020


hi,

> but still have some issues.   I am now testing through an eduroam
> web-sign-in, where the actual main requests will come from.  It appears


there is no such thing as eduroam web sign-in. captive portal eduroam
was killed off back
in the early days - pre 2012

are you talking about a site you have access to that allows some sort
of testing functionality
in your NRO (is that SAFIRE per chance?) - if so, it should not be
using PAP , it should
be using at least a PEAP mechanism (ideally it would support any EAP
type supported
by the home organisation so ensure the home org can test its users
behaviour remotely).
(as said in previous reply, your RADIUS server should be configured to
drop incoming
requests if they are not EAP

>       require_message_authenticator = no

and set those to 'yes' in your clients.conf

> (1)   User-Name = "mytextusername at my.domain.edu"
> (1)   User-Password = "mypassinplaintext"

not an EAP request - so it wont get to your inner-server config
(which , being from outside world should
be a rather plain inner-server that doesnt do things like VLAN
assignment based on groups etc etc)

alan


More information about the Freeradius-Users mailing list