ackovski
join:2005-03-18
7000
| FreeRadius
I got a small wireless network with several clients.
I desperately need a radius server.
I tried to install it on a Mandriva, but without sucess.
Has anyone tried some of these versions?
»wiki.freeradius.org/Linux
Are these already installed versions of freeradius and is it working with EAP-TTLS?
Can you post some screen shots of the radius? |
|
No_Strings
Premium,Mod
join:2001-11-22
The OC
Host:
Wireless Networking
All Things Unix
D-Link
| I'm not using it right now, but I installed FreeRADIUS on Slack and Red Hat, configured for eap_tls.
What specifically is not working? What errors? Is the installation where you're having the problem or the configuration? Did you try running it in debug to elicit more details, etc.? |
|
ackovski
join:2005-03-18
7000
| I made it work with Steel Belted Radius under Windows XP, but it was trial version.
I would like to try some of these versions because they already have integrated installed version of FreeRadius.
I just need someone that has tried them if they really work or need something more to be installed.
I need EAP-TTLS exactly because it doesn't need certificates at the client side, only user and pass.
EAP_TLS needs certs a the clients side. |
|
No_Strings
Premium,Mod
join:2001-11-22
The OC
Host:
Wireless Networking
All Things Unix
D-Link
edit:
March 11th, @03:23PM
| I wasn't clear, apparently.
I realize that TLS requires certs. I made my own and installed them. Can't blame you for not wanting to go down that road.
FreeRADIUS works. It works with TLS, TTLS and any number of other protocols. Since you already have the client side done, you only need to worry about the server side.
You said:
said by ackovski  :I desperately need a radius server. I tried to install it on a Mandriva, but without sucess. I'm trying to clarify so I know best how to direct you. Is it Mandriva or FreeRADIUS you had trouble installing? Installing the FR server is not difficult, even if you don't use a distro that includes it. If you know nothing about Linux, if would be appropriate to ask some more questions.
Ubuntu is stupid easy. It's not geared toward a server environment, in my view, and I''d be reluctant to use it in a production business environment. RHEL and SuSE Enterprise would be more appropriate choices. There is a charge for support. CentOS, a free clone of RHEL would be a decent choice as well.
Will you need support? What's at stake? Is it a business? What is the risk - financial or otherwise - if data leakage occurs?
Not trying to be difficult. Honest. Just trying to get you the best possible answers. |
|
justanotherguy
@dslextreme.com
| Installing FreeRADIUS on CentOS 5 was pretty easy. Something like:
yum install freeradius
or something along those lines, then just configure (in that ditro, it was all under /etc/raddb). Question - what supplicant are you using to run EAP-TTLS? Funk (Juniper) Odyssey? |
|
jbibe
Premium,MVM
join:2001-02-22 | If you are running Windows, try SecureW2 for TTLS. |
|
jbibe
Premium,MVM
join:2001-02-22
edit:
March 11th, @07:10PM
| reply to ackovski
Several packages are available at
»download.opensuse.org/repositori···rk:/aaa/
Although I have never used these packages, they should work without too much trouble. If you decide to experiment with one of these packages, look for the latest freeradius server version; i.e., freeradius-server-2.0.2. It is preconfigured for TLS, PEAP, and TTLS. To help the new user, this version automatically produces some certificates.
You will need to add the names and passwords in the users file. For example,
"John Doe" Cleartext-Password := "Password"
You will also need to enter your network and server password in clients.conf. Modify one the preset network configurations. For example,
The inner EAP in the preset TTLS configuration is MD5. You can change the inner EAP by editing the eap.conf file.
You will have to look for the user, clients.conf, and eap.conf files. I would look in the /etc/raddb/ directory.
I am using freeradius-server-2.0.2, running on Fedora 8. It is configured for TLS. I have also used PEAP.
Edit: If you plan to use the server in a business environment, you should consider an Enterprise version, as suggested by No_Strings. |
|
OnHeL
Angel
Premium
join:2000-09-11
Jamaica, NY
clubs: 
 ·Optimum Online
·RoadRunner Cable
| I use ZeroShell on a PC Engines Alix board, works great.
»www.zeroshell.net/eng
»www.netgate.com/product_info.php···s_id=542
--
Do you remember when House began? |
|
jbibe
Premium,MVM
join:2001-02-22
| said by OnHeL :I use ZeroShell on a PC Engines Alix board, works great. Do you happen to know what version of FreeRADIUS is included in ZeroShell? From the 8/22/07 announcement, it appears that it includes freeradius-1.1.4. |
|
ackovski
join:2005-03-18
7000
edit:
March 12th, @02:15PM
| reply to ackovski
Almost all of the clients in my net use WinXP. SecureW2 is a client software. I don't need client software because all the PCI cards already come with their own client software that works with all WPA encryptions.
I think that you are complicating this thread. Why install or use some third party software if these versions have it installed already?
I was just asking if someone has used the integrated FreeRadius in one of these Linux versions. |
|
jbibe
Premium,MVM
join:2001-02-22 | If you are referring to my post, I was not answering you. I was suggesting SecureW2 to justanotherguy. |
|
OnHeL
Angel
Premium
join:2000-09-11
Jamaica, NY
clubs: | reply to jbibe
»www.zeroshell.net/eng/forum/view···hp?t=363
States 1.1.7
--
Do you remember when House began? |
|
ackovski
join:2005-03-18
7000
| reply to ackovski
KEWL!!! OnHel ALE ALE!!!
I managed to run it under WinXP with VMWare and works SO smooth. This way I can keep my win apps and still use all on one comp! Even managed to make an ADSL connection through it and works fine! I can ping google and use the update option.
Now I have to try the NAT in it to use it to share the internet in my net. Still haven't tried the Radius with EAP-TTLS or PEAP, but will soon!
Sheesh!
Thank you! |
|
ackovski
join:2005-03-18
7000
edit:
March 17th, @08:33AM
| reply to ackovski
I configured the AP and the Zeroshell and Radius works with both PEAP and TTLS! Zeroshell logs all successful PEAP, TTLS and the wrong unauthorized attempts!
It works! YAY!
One strange thing I noticed, but had no time to check...
My PCI wireless card connected to the AP after I turned off the Zeroshell... it connected as if it was granted access...
But the server was not on, so I don't know if it was just a temporary... or it will still work?! 
If it still works... whats the use of the Radius?  |
|
justanotherguy
@dslextreme.com
| I'm making some assumptions since I don't know how your AP is specifically configured, but normally (at least for me) if an SSID is specifically set up to do EAP / 802.1X only, then you should not be permitted access since a RADIUS server will need to validate your EAPOL-Identity Response (and other challenge messages) in real-time before letting you into the network.
However, maybe your AP is configured to fallback on using a pre-shared key setup somehow or an alternate authentication procedure? Or perhaps there's a credential caching mechanism here at work (maybe someone else can clarify if this is possible?). |
|
ackovski
join:2005-03-18
7000 | reply to ackovski
And it works!
The icon looks like connected, but there is no data transfer!
It Works!  |
|
OnHeL
Angel
Premium
join:2000-09-11
Jamaica, NY
clubs:
edit:
March 23rd, @10:14PM
| reply to ackovski
said by ackovski :KEWL!!! OnHel ALE ALE!!! ...Thank you! ;o) |
|
