Unable to start radiusd, permission issues, and minimal configuration
James Prestwood
prestwoj at gmail.com
Fri Dec 2 00:39:11 UTC 2022
On Thu, 2022-12-01 at 19:17 -0500, Alan DeKok wrote:
> On Dec 1, 2022, at 6:24 PM, James Prestwood <prestwoj at gmail.com> wrote:
> > I've also got some additional questions as to how difficult it would
> > be
> > to strip down the configuration, hopefully to a few files?
>
> You've got to understand what the configuration is doing. But it's
> not hard. Just take it slowly, deleting files you don't need, or
> configuration bits you're not using.
>
> > I'm trying to add freeradius to our automated testing framework for
> > wifi, which currently uses hostapd's internal radius server for all
> > EAP
> > tests which is basically two config files. The problem is its not
> > testing against a RADIUS server that you would encounter in real
> > life,
> > like freeradius. So I would like to test against freeradius as well
> > and
> > hopefully catch any subtle differences between the two
> > implementations.
>
> I'm not sure what you're trying to catch. hostapd follows the specs,
> as does FreeRADIUS. And both are *very* widely used.
>
> If there's an issue with either one, it will be discovered very
> quickly.
Do professional/corporate networks actually use the hostapd
implementation? I'm genuinely curious. Its just very limited on what
you can do compared to freeRADIUS.
We have had users in the past say their EAP configuration doesn't work
when we test the same configuration in our automated testing. So
whether this is extra attributes we don't expect, default options that
differ between hostapd/freeRADIUS, etc. we just don't know without
testing both.
In a perfect world you're right, they should be identical in terms of
the protocol. What I'm doing now is figuring out if thats actually true
:)
>
> > The framework runs on a minimal kernel VM and all daemon
> > configurations
> > are held in our upstream project (e.g. dbus, dhcpd, radvd, hostapd
> > etc.). The freeradius config is an entire folder structure with many
> > config files so duplicating that upstream isn't really desired. I've
> > seen "don't modify the config" everywhere, but that aside, is a
> > minimal
> > configuration possible? we only need EAP.
>
> The server comes with many files in "mods-available" and "sites-
> available". If you're not using those, you can delete them.
>
> A minimal configuration of the server is maybe 100 lines, plus the
> EAP module configuration. It just takes time and effort to clean up
> for your local needs.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list