Re: mysql Accounting not working
on the sql.conf add sqltrace = yes start up with radiusd -X and see what happen. You test the mysql conneciotn from the SAME host that freeradius? On 7/14/05, Leonardo Valente [EMAIL PROTECTED] wrote: Hello, I use Debian Linux Sarge, kernel 2.6.8-2(368), freeradius 1.0.2, and I'm trying to configure freeradius + mysql Accounting. I created database from script db_mysql.sql, and created a user to access database with full privileges. I tested to access database from another host and it's fine. I can get authentication from localhost and another host. BUT freeradius is not insert accounting information in database. I used freeradius -X to get some debug information and I can't see it doing INSERT. But I know that freeradius connect into database when I start the daemon, I could see that in mysql.log. I looked into mysql.log and freeradius is not doing INSERT. Database name, database username, password and host are set in sql.conf. And accounting tag from radiusd.conf is: --- accounting { sql } Someone can tell me if I forgot some configuration? I just wanna do Mysql Accounting... Thanks in advance - Dize-me tuas comunidades e te direi quem és... Leonardo Valente MSN: [EMAIL PROTECTED] __ Converse com seus amigos em tempo real com o Yahoo! Messenger http://br.download.yahoo.com/messenger/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Postauth_query semi-duplicates records...
Hi! I've changed the postauth_query from the sql.conf to insert there some extra info (and changed the BD table to reflect this). postauth_query = INSERT into ${postauth_table} (id, user, date, clt_mac, ap_mac, ap_ip, ap_id) values ('', '%{User-Name}', NOW(), '%{Calling-Station-Id}', '%{Called-Station-Id}', '%{NAS-IP-Address}', '%{NAS-Identifier}') The wierd thing is that when a EAP/TLS client joins, the record on the BD keeps their info well. BUT, when a EAP/PEAP client authenticates, the record it's almost duplicated: ++--++---+---+--+---+ | id | user | date | clt_mac | ap_mac | ap_ip| ap_id | ++--++---+---+--+---+ | 49 | john| 20050713132540 | 00-0b-7d-0f-f7-35 | 00-0c-41-b1-37-07 | 192.168.20.7 | Linksys BEFW11S4-V4.X | | 50 | jairo| 20050713132629 | | | | | | 51 | jairo| 20050713132629 | 00-0b-7d-0f-f7-35 | 00-0c-41-b1-37-07 | 192.168.20.7 | Linksys BEFW11S4-V4.X | ++--++---+---+--+---+ Here, john it's a EAP/TLS auth. and jairo is the EAP/PEAP auth. On the server debug i see: modcall: entering group post-auth for request 47 rlm_sql (sql): Processing sql_postauth radius_xlat: 'jairo' rlm_sql (sql): sql_set_user escaped user -- 'jairo' radius_xlat: 'INSERT into radpostauth (id, user, date, clt_mac, ap_mac, ap_ip, ap_id) values ('', ' jairo', NOW(), '00-0b-7d-0f-f7-35', '00-0c-41-b1-37-07', '192.168.20.7', 'Linksys BEFW11S4-V4.X')' rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id, user, date, clt_mac, ap_mac, ap _ip, ap_id) values ('', 'jairo', NOW(), '00-0b-7d-0f-f7-35', '00-0c-41-b1-37-07', '192.168.20.7', 'L inksys BEFW11S4-V4.X') rlm_sql (sql): Reserving sql socket id: 0 rlm_sql (sql): Released sql socket id: 0 modcall[post-auth]: module sql returns ok for request 47 modcall: group post-auth returns ok for request 47 and that SEEMS ok, but, on the DB appears 2 records for that query. Do you know why is happening this? Thks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Tunneled authentication rejected on PEAP
Hi! I'm receiving a rlm_eap_peap: Had sent TLV failure, rejecting. on the end of the debug when trying to auth EAP/PEAP XP-SP2 client. Looking earlier, on the debug, i'd see: - rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. rlm_eap: Freeing handler modcall[authenticate]: module eap returns reject for request 6 modcall: group authenticate returns reject for request 6 auth: Failed to validate the user. PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE - But... now i don't know if the mschapv2 is the value that is Unknow or what value is unknow for the auth? Please, help me telling me what i doing wrong? Thanks in advice for your help. radiusd.conf: - prefix = /programas/freeradius2 exec_prefix = ${prefix} sysconfdir = ${prefix}/etc localstatedir = ${prefix}/var sbindir = ${exec_prefix}/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd log_file = ${logdir}/radius.log libdir = ${exec_prefix}/lib pidfile = ${run_dir}/radiusd.pid max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 bind_address = * port = 0 hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions= yes log_stripped_names = no log_auth = no log_auth_badpass = no log_auth_goodpass = no usercollide = no lower_user = no lower_pass = no nospace_user = no nospace_pass = no checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = no } proxy_requests = no $INCLUDE ${confdir}/clients.conf snmp= no thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { pap { encryption_scheme = crypt } chap { authtype = CHAP } pam { pam_auth = radiusd } unix { cache = no cache_reload = 600 radwtmp = ${logdir}/radwtmp } $INCLUDE ${confdir}/eap.conf mschap { authtype = MS-CHAP } ldap { server = ldap.your.domain basedn = o=My Org,c=UA filter = (uid=%{Stripped-User-Name:-%{User-Name}}) start_tls = no access_attr = dialupAccess dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 } checkval { item-name = Calling-Station-Id check-name = Calling-Station-Id data-type = string } with_cisco_vsa_hack = no files { usersfile = ${confdir}/users acctusersfile = ${confdir}/acct_users preproxy_usersfile = ${confdir}/preproxy_users compat = no } detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0600 } acct_unique { key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port } $INCLUDE ${confdir}/sql.conf radutmp { filename = ${logdir}/radutmp username = %{User-Name} case_sensitive = yes check_with_nas = yes perm = 0600 callerid = yes } radutmp sradutmp { filename = ${logdir}/sradutmp perm = 0644 callerid = no } attr_filter { attrsfile = ${confdir}/attrs } counter daily { filename = ${raddbdir}/db.daily key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session allowed-servicetype = Framed-User cache-size = 5000 } always fail { rcode = fail } always reject { rcode = reject } always ok { rcode = ok simulcount = 0 mpp = no } expr { } digest { } exec { wait = yes input_pairs = request } exec echo { wait = yes
Re: Tunneled authentication rejected on PEAP
Thks for the reply. Just below the eap.conf include line: - $INCLUDE ${confdir}/eap.conf mschap { authtype = MS-CHAP - That, with the commented lines would be: - $INCLUDE ${confdir}/eap.conf # Microsoft CHAP authentication # # This module supports MS-CHAP and MS-CHAPv2 authentication. # It also enforces the SMB-Account-Ctrl attribute. # mschap { # # As of 0.9, the mschap module does NOT support # reading from /etc/smbpasswd. # # If you are using /etc/smbpasswd, see the 'passwd' # module for an example of how to use /etc/smbpasswd # authtype value, if present, will be used # to overwrite (or add) Auth-Type during # authorization. Normally should be MS-CHAP authtype = MS-CHAP # if use_mppe is not set to no mschap will # add MS-CHAP-MPPE-Keys for MS-CHAPv1 and # MS-MPPE-Recv-Key/MS-MPPE-Send-Key for MS-CHAPv2 # #use_mppe = no # if mppe is enabled require_encryption makes # encryption moderate # #require_encryption = yes # require_strong always requires 128 bit key # encryption # #require_strong = yes # Windows sends us a username in the form of # DOMAIN\user, but sends the challenge response # based on only the user portion. This hack # corrects for that incorrect behavior. # #with_ntdomain_hack = no # The module can perform authentication itself, OR # use a Windows Domain Controller. This configuration # directive tells the module to call the ntlm_auth # program, which will do the authentication, and return # the NT-Key. Note that you MUST have winbindd and # nmbd running on the local machine for ntlm_auth # to work. See the ntlm_auth program documentation # for details. # # Be VERY careful when editing the following line! # #ntlm_auth = /path/to/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-% {User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00} } That's the module definition from radiusd.conf. No? On 7/12/05, Alan DeKok [EMAIL PROTECTED] wrote: Mario Alberto Cruz Gartner [EMAIL PROTECTED] wrote: Looking earlier, on the debug, i'd see: - ... rlm_eap: processing type mschapv2 ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. ... But... now i don't know if the mschapv2 is the value that is Unknow or what value is unknow for the auth? The EAP-MSCHAPv2 code uses the mschap module for authentication. Please, help me telling me what i doing wrong? You deleted the mschap module from radiusd.conf. Don't do that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems with the PEAP configuration
Hi! I'd finally knew why the client (Xp-SP2) was sending the username PEAP-MacAddress to the radius. I have installed the Cisco Aironet Client Utility (and the aironet drivers), and this software changed the EAP methods on XP and sends the mentioned user instead of the real one when tries PEAP auth. Now, the real username comes to the radius, the authorize comes ok, but the authenticate returns handled and the client doesn't authenticates well. I was looking the debug output and now i don't see where i can dig for details. EAP/TLS works fine already. Maybe i'm misleading something? What i'm doing wrong? Again, thks a lot for your help, it's annoying answer to too many similar questions, i know, but i didn't find something to do now of this. AND, i was thinking on make an updated version of the guides so ppl with less exp (like me!) can read and don't disturb you. =) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with the PEAP configuration
-Message = 0x025300c0198000b6160301008610820080c0337c715dc7bb20f9f3ae1c93ce91eeda23be9896f04a24a1a7eaa6c51d638f8fc423ff24639244ed837813aa94a1a1a4c8a25cbcb2a90d23ef570c7f4a4b77dbeda413aec277fd687a5e2798f6ce785ee93f517ed0ecab1f0f8ec59e208bebfc34c424df943b2996d3beba71dfe26d2434a3204ad3254ff966a329baa096c514030100010116030100209700c2ca07ba2fdfc3915277a9605110f596184a58fd99d554c3a8d15db4155d Message-Authenticator = 0x83310e6f7130347158203374e0a4ddaf Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 radius_xlat: 'jairo' rlm_sql (sql): sql_set_user escaped user -- 'jairo' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'jairo' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 0 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jairo' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'jairo' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'jairo' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 0 modcall[authorize]: module sql returns ok for request 5 modcall: group authorize returns ok for request 5 rad_check_password: Found Auth-Type Eap auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module eap returns handled for request 5 modcall: group authenticate returns handled for request 5 Sending Access-Challenge of id 137 to 192.168.20.7:55048 EAP-Message = 0x0154003119001403010001011603010020533c1f673a3aee80f1deaaed2ff144a756db39c16558b0aceda3820f62eaa87c Message-Authenticator = 0x State = 0x1aa36da01070891e38754bc1d457eb2b Finished request 5 Going to the next request Waking up in 6 seconds... On 7/8/05, Mario Alberto Cruz Gartner [EMAIL PROTECTED] wrote: Hi! I'd finally knew why the client (Xp-SP2) was sending the username PEAP-MacAddress to the radius. I have installed the Cisco Aironet Client Utility (and the aironet drivers), and this software changed the EAP methods on XP and sends the mentioned user instead of the real one when tries PEAP auth. Now, the real username comes to the radius, the authorize comes ok, but the authenticate returns handled and the client doesn't authenticates well. I was looking the debug output and now i don't see where i can dig for details. EAP/TLS works fine already. Maybe i'm misleading something? What i'm doing wrong? Again, thks a lot for your help, it's annoying answer to too many similar questions, i know, but i didn't find something to do now of this. AND, i was thinking on make an updated version of the guides so ppl with less exp (like me!) can read and don't disturb you. =) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP docs
Maybe http://howtos.linux.com/howtos/8021X-HOWTO/freeradius.shtml and http://www.dslreports.com/forum/remark,9286052~mode=flat could help you! On 7/7/05, Albrecht, Robert-Manfred [EMAIL PROTECTED] wrote: Hello, some months I had a cool document describing the installation of freeradius for eap-peap (over wlan) with windows as client. I lost the url. Could anyone forward me the url ? Regard, Robert - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: segmentation fault caused by sql ?
I'd had a similar segmentation fault when i'd try to use the sql module and the freeradius installation doesn't include the mysqlclient libraries. I've installed the libraries on the system, reconfigure, make, make install again and it works fine! On 7/6/05, vicky [EMAIL PROTECTED] wrote: Hi all! I have a segmentation fault and it scares me. I have attached the output of radiusd -X with this e-mail. It is not because the database is not there because when I connect to it manually it works. Is is permission issues? Is it a driver problem? Thanks for any help I can get! --Vicky Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /opt/freeradius/etc/raddb/proxy.conf Config: including file: /opt/freeradius/etc/raddb/trs_proxy.conf Config: including file: /opt/freeradius/etc/raddb/clients.conf Config: including file: /opt/freeradius/etc/raddb/trs_clients.conf Config: including file: /opt/freeradius/etc/raddb/snmp.conf Config: including file: /opt/freeradius/etc/raddb/sqlcounter.conf Config: including file: /opt/freeradius/etc/raddb/eap.conf Config: including file: /opt/freeradius/etc/raddb/sql.conf main: prefix = /opt/freeradius main: localstatedir = /opt/freeradius/var main: logdir = /opt/freeradius/var/log/radius main: libdir = /opt/freeradius/lib main: radacctdir = /opt/freeradius/var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /opt/freeradius/var/log/radius/radius.log main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = no main: pidfile = /opt/freeradius/var/run/radiusd/radiusd.pid main: user = trustive main: group = trustive main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /opt/freeradius/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /opt/freeradius/lib Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = (null) mschap: authtype = MS-CHAP mschap: ntlm_auth = (null) Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = (null) unix: group = (null) unix: radwtmp = /opt/freeradius/var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = md5 eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = Password: gtc: auth_type = PAP rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded attr_rewrite attr_rewrite: attribute = User-Name attr_rewrite: searchfor = promo.* attr_rewrite: searchin = packet attr_rewrite: replacewith = %{User-Password} attr_rewrite: append = no attr_rewrite: ignore_case = no attr_rewrite: new_attribute = no attr_rewrite: max_matches = 10 Module: Instantiated attr_rewrite (attr_rewrite) Module: Loaded preprocess preprocess: huntgroups = /opt/freeradius/etc/raddb/huntgroups preprocess: hints = /opt/freeradius/etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded detail detail: detailfile = /opt/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (auth_log) Module: Loaded realm realm: format = prefix realm: delimiter = / realm: ignore_default = yes realm: ignore_null = yes
Authorize, Authenticate.. EAP
Hi! After read some of the guides for the EAP/(TLS/TTLS/PEAP) setup i was wondering why major of them indicate put eap on the authorize section of radiusd.conf Obiosuly, on the authenticate section eap must be set, but, on the authorize section? I have a working installation with EAP/TLS but the authorize sections just points to the mysql server (via the sql directive). What specifically do the eap module when its called from the authorize section? I'm asking this because i noted that always accpeted the user, and passed to the authenticate. I'm wrong? confused or simply missed something? The guides show us some extra steps that doesn't are necessary? Thks a lot! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS 1.0.4 has been released.
OK! That solves the problem! I'd compiled succesfully freeradius-1.0.4 on a FB 4.11 machine with the indicated diff. Thks a lot for the colaboration Andrew! On 6/20/05, Andrew Thompson [EMAIL PROTECTED] wrote: On Mon, Jun 20, 2005 at 11:22:14AM -0400, Alan DeKok wrote: Andrew Thompson [EMAIL PROTECTED] wrote: Are you using the port becuase that problem has been fixed. If not then you will want the patch in: net/freeradius/files/patch-src-modules-rlm_attr_rewrite-rlm_attr_rewrite.c Is it something which can get pulled into FreeRADIUS? This problem only applies to FreeBSD 4.x and not the newer releases (5.0). It requires sys/types.h to be included before regex.h. --- src/modules/rlm_attr_rewrite/rlm_attr_rewrite.c.origSat Jun 18 14:29:43 2005 +++ src/modules/rlm_attr_rewrite/rlm_attr_rewrite.c Sat Jun 18 14:31:48 2005 @@ -27,6 +27,7 @@ #include stdio.h #include stdlib.h #include string.h +#include sys/types.h #ifdef HAVE_REGEX_H # include regex.h #endif Previously this was being pulled in from libradius.h, but that was removed 7 weeks ago. I am happy to keep this as a local patch as it is only a quirk of 4.x and the port properly patches it. Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Ayuda con radius
Es correcto. Pero en esta lista encontrarás (en Inglés) muy buena información, consejos, guías y ayudas para la implementación que buscas. De los pocos URL que conozco en español, sobre el Freeradius, indicando como se instala y configura en un sistema FreeBSD: http://www.computeridea.net/Actualidad/Paso_a_paso/Seguridad/Sistemas_de_protecci%C3%B3n/20041112023 Defnitivamente, el inglés os espera para resolver tus dudas a fondo. On 5/24/05, Alex Moreno [EMAIL PROTECTED] wrote: Hola Igor, mi proyecto final de carrera usa, entre otras muchas cosas, freeradius. No se exactamente que quieres hacer pero quizá nocat o chillispot te sirva de algo para el tema de autentificación, en conjunción con radius (es como lo tengo yo). Otra cosa, esta lista es de habla inglesa así que es muy probable que, excepto yo, poca gente más te conteste ;-). greetings. On 5/24/05, Igor Larrea [EMAIL PROTECTED] wrote: Hola a todos, soy un chico de Bilbao que quiere implantar una arquitectura de red Wi-Fi segura mediante 802.11i usando WPA-Enterprise con un servidor de autenticación RADIUS y un router (Linksys WRT54G) que haga de authenticator. La verdad estoy empezando a mirar cosillas, pero no se por donde empezar,no encuentro demasiada información de como montar el servidor... ni k sw que usar o como usarlo. Encima WPA-Enterprise es demasiado nuevo, no conozco a nadie que lo esté utilizando, en fín y para más inri, tampoco soy un artista en Linux, cosa que espero mejorar poquito a poco. Tenia pensado instalar una Debian, pero tampoco lo tengo claro.. En fín ya veis que no se ni como empezar, si me pudieseis echar una mano y mandarme información al respecto , o links, o ponerme en contacto con alguien que ya tenga implantado un servidor raduis... estaría muy agradecido. Sin más un cordial saludo Igor Larrea __ Renovamos el Correo Yahoo! Nuevos servicios, más seguridad http://correo.yahoo.es - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html