On Tue, Feb 28, 2012 at 2:34 PM, Mohit Aron <extpr...@gmail.com> wrote: > Hello, > > I'm using the freeradius 2.10 server that comes with Ubuntu 11.10. I'm unable > to set it up so as to authenticate incoming requests from the Unix > username/passwords stored in /etc/{passwd, shadow}. > > Here is a description of my setup. I've setup wifi security on my wireless > router to WPA-Enterprise and entered the IP address of the radius server in > the > router to that of a Linux machine running freeradius. > > Here's a description of all the changes I made to /etc/freeradius directory to > even reach the point to make it partially work: > 1) chown -R freerad /etc/freeradius > The above is needed as Ubuntu seems to install every file there as root and > thus the freeradius server which runs as user freerad isn't able to read > the configuration files.
You shouldn't need to do that. The files should have freerad group ownership (at least it does last time I look on Natty), so freerad user will be able to read it. Did you test it and it didn't work, or did you THINK it wouldn't work so you do a chown manually? If it's the first, file a bug on launchpad, cause it's packaging bug. If it's the later, try with a fresh install. > I've tried using both Windows 7 as well as an iPad as a client to connect > using > wifi. IIRC Windows will use EAP-PEAP-MSCHAPv2, which requires cleartext-password (or NT-Hash, or accounts stored in AD). Linux passwords in /etc/shadow is hashed (the ones I have use SHA-512), so they're not compatible. You need a third-party supplicant that can send passwords in cleartext (e.g. TTLS-PAP, EAP-PEAP-GTC). -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html