Results 1 to 9 of 9

Thread: FreeRadius....

  1. #1

    Default FreeRadius....

    I'm new to linux and im following this Cool Solutions: Configuring FreeRADIUS on Open Enterprise Server for Linux documentation.

    My Goal is for people to log in with there novell accounts and be encrypted with TTLS on wireless.

    As I go through the steps in the doc I hope to ask questions here to get over some road blocks....I'm probably going to ask a lot of questions.

    This is my first question.

    From the documentation: Step 1 - Install FreeRADIUS

    1. Copy the 2 packages for FreeRADIUS on your OES Linux server into /tmp directory.
    2. Go into yast
    3. Go Software/Install and remove program - Search for FreeRADIUS package. If there are not installed, install it.
    Note: We installed FreeRADIUS with Yast because FreeRADIUS have a couple of dependencies. It's more easy to do it like this if you don't know which package is needed. Return at the command line and install both Freeradium RPM.
    4. rpm -Uvh --force /tmp/freeradius-1.0.2-0.i586.r?pm
    rpm -Uvh --force /tmp/freeradius-devel-1.0.2-0.?i586.rpm


    I installed FreeRadius using YAST. do I really have to do step 4 and install the rmp packages?

  2. #2
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: FreeRadius....

    No, if you have already installed it using YaST, you can proceed. It's always preferable to install it with YaST as opposed to using rpm on a package.

  3. #3

    Default Re: FreeRadius....

    thanks,

    here my next question about step 12.

    At what line should I paste each of these sections. For examble should I paste the change under module section on line 613 under the title module configuration?

    (from the document)
    step 12 Modify the file /etc/raddb/radiusd.conf
    # ... Change under MODULE SECTION ... #

    modules {
    pap {
    encryption_scheme = crypt
    }


    chap {
    authtype = CHAP
    }


    pam {
    pam_auth = radiusd
    }


    unix {
    cache = no
    cache_reload = 600
    radwtmp = ${logdir}/radwtmp
    }


    $INCLUDE ${confdir}/eap.conf


    mschap {
    authtype = MS-CHAP
    use_mppe = yes
    require_encryption = yes
    require_strong = yes
    authtype = MS-CHAP
    }


    ldap {
    server = "localhost"
    identity = "cn=admin,o=complys"
    password = password # !!! Use your own admin password here !!!
    basedn = "o=complys"
    filter = "(uid=%{Stripped-User-Name:-%{?User-Name}})"
    base_filter = "(objectclass=radiusprofile)"
    start_tls = yes
    tls_cacertfile = /etc/raddb/certs/rootder.b64
    access_attr = "dialupAccess"
    ldap_connections_number = 5
    password_attribute = nspmPassword
    edir_account_policy_check=yes
    timeout = 4
    timelimit = 3
    net_timeout = 1


    }


    # ... CHANGE UNDER AUTHORIZE SECTION ... #


    authorize {
    preprocess
    chap
    mschap
    suffix
    eap
    files
    ldap



    }


    # ... CHANGE UNDER AUTHENTICATE SECTION ... #

    authenticate {


    Auth-Type PAP {
    pap
    }


    Auth-Type CHAP {
    chap
    }


    Auth-Type MS-CHAP {
    mschap
    }


    unix


    Auth-Type LDAP {
    ldap
    }


    eap



    }


    # ... CHANGE UNDER POST-AUTH SECTION ... #

    post-auth {


    ldap
    Post-Auth-Type REJECT {
    ldap
    }



    }

  4. #4
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: FreeRadius....

    Ah sorry, it's been ages since I had to configure freeradius, but IIRC you have to modify the existing file where indicated. There should be comments delimiting the sections. Don't just paste things in blindly. You have to make sure that it goes into the right place, matching braces and all, or you will have mysterious syntax errors. Also replace existing lines that are obviously substituted by your changes. Good luck.

  5. #5

    Default Re: FreeRadius....

    Quote Originally Posted by ken_yap View Post
    Ah sorry, it's been ages since I had to configure freeradius, but IIRC you have to modify the existing file where indicated. There should be comments delimiting the sections. Don't just paste things in blindly. You have to make sure that it goes into the right place, matching braces and all, or you will have mysterious syntax errors. Also replace existing lines that are obviously substituted by your changes. Good luck.
    I see a line in my config file that said $INCULDE eap.conf and from the document it said $INCLUDE ${confdir}/eap.conf

    These 2 phrases look the same. Do you know what they mean. I'm taking a guess but I think one of them tells freeRadius to look into the eap.conf for more information

    Should I replace $INCULDE eap.conf with $INCLUDE ${confdir}/eap.conf and paste in everything about eap under it?

  6. #6
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: FreeRadius....

    $INCLUDE as the name suggests, means insert the contents of the named file at that point. It's a convenient way to make the configuration more modular. ${confdir} means substitute the value of the variable confdir which was probably declared earlier on to be the path of the configuration directory. The one without ${confdir} just includes it from the current directory.

    I hope you know what you are doing with freeradius. Configuring it and getting it to work is not for the faint-hearted.

  7. #7

    Default Re: FreeRadius....

    I think I get it then. They dont want that one config file getting to big so they break it down into a bunch of configs. adding: $INCLUDE superduperfile.conf would add everything writen in the superduperfile.conf file.


    im looking at all the protocols it wants to name like mschap.

    If I only want TTLS then why would I need to do this?

    also I added I pasted the snyntax for the module stuff on the line after "Module {" starting with pap
    Last edited by redcoat; 08-Jul-2009 at 11:53. Reason: more info needed

  8. #8

    Default Re: FreeRadius....

    ALl I want is TTLS not TLS. Do I need to have TLS configured for it to work?

    Can you explain to me what these commands below really mean. I read the comments about them but I'm still if-y.

    ttls {
    default_eap_type = md5
    copy_request_to_tunnel = yes
    use_tunneled_reply = yes


    Those commands were already typed in and all I had to do was write yes or no. Is there any other commands I have to type in?

    for default_eap_type = , what other types can i type in?

    Also What other config files do I have to change to get ttls working. So far I think I only need to change eap.conf, clients.conf, LDAP.conf and radiusd.conf

  9. #9
    twiles66 NNTP User

    Default Re: FreeRadius....

    Hi I am trying to set up freeradius to use with our centrally controlled wireless. I am new to linux and could use any help out there, where to find step by step instructions would be great. I am using 11.1 I can reinstall another version if needed.
    Thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •