Re: newbie install problem
I have RedHat ES4 and I downloaded FreeRadius-1.0.5. unzipped it and did ./configure make make install It didn't seem to complain, but I can't run it. I can't find the radiusd file. And after server startup I don't see any radius daemon running. How do I run it? The radiusd binary should be in the /usr/local/sbin folder. If not, something went wrong during compile/installation. Check the output again. It may help if you redirect it to a file (like make make_output.txt). You can also check configure.log. Lefteris, __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Success Story (A tribute to the FreeRADIUS project)
Hello everyone, I am writing this -long overdue- letter to express my gratitude to all FR developers and other people who help through this mailing list. I may not be an active poster, but this list's archive has been a tremendous help during my involvement with FreeRADIUS. Thanks to the intense support (and of course great open source software), my project was a success and I managed to learn a couple of things too :-). To whom it may concern, I have deployed the following setup for my Univercity wifi hotspot: WiFi users connect to APs in the Univercity premises. Authentication follows two scenarios (depending on the particular AP site): Scenario A or NoCat Scenario (low security): -A NoCat captive gateway runs on a PC connected directly to the AP (or the AP itself, for embedded devices). This PC is also responsible for DHCP, firewall rules etc... -The user's web browser is redirected to the login page hosted at the AAA server for this building. There runs the NoCat Auth Server and (of course) a FreeRADIUS server. the NCA server gives the user credentials to FR, who in turns authorizes them against the local Windows AD (where Univercity users reside) and a mysql database (for temporary wifi accounts -can be duration-restricted). -After the NoCat gateway lets the user in, it periodically sends accounting information to the FR server (to be stored in the mysql DB). Scenario B or EAP scenario (high security): -A FreeRADIUS proxy runs on a PC connected directly to the AP (or the AP itself, for embedded devices). This PC is also responsible for DHCP, firewall rules etc... -The AP has WPA-Enterprise enabled and connects to the proxy FR for authentication. -Users IEEE.1X clients for EAP authentication (mainly PEAP). -The FR proxy forwards authentication packets to the central FR server (the same one as scenario A) who authenticates ands authorizes against the Windows AD and mysql DB. -Accounting packets are sent either by the AP (through the proxy) or a NoCat gateway (set in Open mode) which runs at the same PC with the proxy. Accounting information is monitored through the dialup_admin front-end, which is also used for temporary wifi accounts (that go in the mysql db). (The above may imply a large scale deployment but there are only two APs for now :-) [both running scenario A].) That's about it in a nutshell. I named the whole system the WAL (Wireless Aueb -my Univercity- Lan). As you can see, I have also made heavy use of the NoCat project (thanks to everyone in that mailing list/developer team too!!) but it saddens me to see that it got stuck in version 0.82 :-(. Anyway, thanks again and keep up the good work. I am not done with FR just yet, so I'll ne seeing you all :-). Stefanis Eleftherios MsC Student in Computer Science AUEB PS: Sorry for the long post, I just thought it would be nice for people to see what FR (combined with other great open source software) can do in a complete WiFi deployment. PS2: The total software cost for the WAL was 0$ and took one person (me) a total of about 2 months to architecture and setup. __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TLS problem: Received unexpected tunneled data after successful handshake
rlm_eap_tls: Received unexpected tunneled data after successful handshake. I had the same problem a while ago. It turned out the error lay with the generated certificates. I never pinpointed the exact problem (i fiddled with the scripts a lot), so i can't give any detailed solution but i'd try to recreate them (the certs) if i were you. Hope i helped, Lefteris __ Do you Yahoo!? Yahoo! Search - Find what youre looking for faster http://search.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TLS problem: Received unexpected tunneled data after successful handshake
What client are you using, and how have you configured it? I am using a Cisco Aironet 1200. I configured it to use Open Authentication with EAP, set the radius server IP and shared secret. I did all these through the AP's html interface. On the user side were running window 2000 with SP4 and the authentication patch. __ Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TLS problem: Received unexpected tunneled data after
Ok, here's some more info about my configuration on the user-side: I have installed the client and CA certificates (cert-clt.p12, root.der) which I created using the script described in Ken Roser's How-To (doc/EAP/TLS.pdf). They seem to be working fine (the TLS handshake doesn't complain about any of them). In the authentication tab i selected Use Smart Card or Certificate. When i try to connect i get a popup prompting me to choose the (client)certificate i want to use. Note that since i don't have winXP, i use my card's software to detect and connect to my AP. I have tried two different cards so far with the same result(PCMCIA AmbiCom and ZoomAir with PCI adapter). I have also tried using PEAP and TTLS(SecureW2) but (as was expected) to no avail. As far as the client(Cisco) is concerned, there aren't much more to be said. I didn't use the aaa commands in the documentation, since it didn't seem necessary in the How-To's (should I?). I just added a radius server (providing ip address , shared secret and selecting EAP authentication) and changed the authentication option for my SSID from Open Authentication no addition to Open authentication with EAP. Tomorrow i am going to try and use HostAp as a client for freeradius and i'll tell you if there this any progress. Thanks again for taking an interest. __ Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html