Hello all, There should be a place on the net that hosts official tutorials for FreeRadius that are up-to date.
Then many problems would disappear. I was about to follow this post to get "EAP/TTLS" to work: http://www.felipe-alfaro.org/blog/2005/11/01/wpa-enterprise/ Can anyone help me sort out what not to follow in his guide, since it has been posted 2005: The SSL create certificate steps that tutorial mentions is the same for all versions, and still up to date? 1. Generate a new unsigned certificate and its corresponding private key: openssl req -new -days 365 -newkey rsa:1024 \ -keyout /etc/pki/CA/sslkey.pem -out /etc/pki/CA/sslcert.pem 2. To sign this certificate: openssl ca -in /etc/pki/CA/sslcert.pem -out /etc/pki/CA/cert.pem 3. Installing the RADIUS X.509 certificate The certificate and its corresponding private key, plus the CA certificate, must be installed into /etc/raddb/certs in order to use EAP-TLS or EAP-TTLS: Install the RADIUS private key: mv /etc/pki/CA/sslkey.pem /etc/raddb/certs/RADIUS-key.pem Install the RADIUS signed X.509 certificate: mv /etc/pki/CA/cert.pem /etc/raddb/certs/RADIUS-cert.pem Install the CA certificate: cp /etc/pki/CA/cacert.pem /etc/raddb/certs/cacert.pem /etc/pki/CA/sslcert.pem holds the unsigned X.509 RADIUS certificate, so it can be safely removed: rm /etc/pki/CA/sslcert.pem Best regards, Johan Nyman Media Vision Group | MVG Stureplan 4C, 4tr 114 35 Stockholm Sweden Tfn: +46-8-463 10 58 Cell:+46-70-992 31 51 Fax: +46-8-463 10 10 E-mail: [EMAIL PROTECTED] Web: http://www.mediavisiongroup.se ---------------------------------------------------------------------------- ------------------------ CONFIDENTIALITY AND DISCLAIMER NOTICE This e-mail, including any attachments, is confidential and intended only for the addressee. If you are not the intended recipient, please notify us immediately and delete this e-mail from your system. Any use or disclosure of the information contained herein is strictly prohibited. ---------------------------------------------------------------------------- ------------------------ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] org] On Behalf Of Alan DeKok Sent: den 12 april 2008 17:45 To: FreeRadius users mailing list Subject: SPAM-LOW: SPAM(5.0) Re: EAP/TTLS Johan Nyman wrote: > - I'm going to copy back the default "eap.conf" "radiusd.conf" and "users" > files, so I can start over again with clean files. Good idea. > - Some tutorials I have followed are old, compared to the new version that I > have 2.0.3. I wish all old tutorial disappeared off of the net. Since most started out wrong, getting rid of them isn't a bad idea. > - Can you give me an example on how I should configure these three files > "users" "eap.con" "radius.conf". > > - The authentication method I am looking for to use is "EAP/TTLS" You do nothing. See doc/ChangeLog, for version 2.0.0. > - I have all the certificates ready to go. Put them in raddb/certs, in the files mentioned in eap.conf. Or, edit eap.conf to point to your certificates. The whole point of 2.0 is that you start the server... and almost everything works. The tutorials that described endless steps to configure things were usually wrong to begin with, and are completely unnecessary in 2.0. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html