Re: Help needed to configure FreeRADIUS for eduroam
Hi, > For some reason, it is working now, I did only tiny changes though. well..you made changes... obviously they were beneficial > - the differences between the WiKi > https://confluence.terena.org/display/H2eduroam/How+to+deploy+eduroam+on-site+or+on+campus > and the cookbook > http://www.eduroam.org/downloads/docs/GN2-08-230-DJ5.1.5.3-eduroamCookbook.pdf. > The configuration files are slightly different. the wiki is up to date. the cookbook is printed material...and is from GEANT2 days - so older > - the inner logic behind the virtual servers eduroam and server > eduroam-inner-tunnel; how it is working; how packets are passed from > one to the other. eduroam server passes EAP stuff into eduroam inner-tunnel - just like, by default, the default server passes things into the inner-tunnel.. how does stuff go into eduroam VS? well, usually via an entry in client.conf which says to put traffic from a particular NAS into a particualr virtual server > - how to implement anonymous outer identity? What to configure in > Radius? Is there any configuration needed in the suplicant? the RADIUS server will just handle it - it will get to the EAP part and open the tunnel to see the good stuff inside. be aware that if you have made ANY assumptions about ID based on the outerID then those can be abused/miscontrued. anonymous ID ability is based on the supplicant - some supplicants can set it, others cant. some can set a different realm ini the outer ID, some cant. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed to configure FreeRADIUS for eduroam
Hi, Thank you to Stefan, Scot and Alan who took time to reply to me. For some reason, it is working now, I did only tiny changes though. What I still don't understand: - the differences between the WiKi https://confluence.terena.org/display/H2eduroam/How+to+deploy+eduroam+on-site+or+on+campus and the cookbook http://www.eduroam.org/downloads/docs/GN2-08-230-DJ5.1.5.3-eduroamCookbook.pdf. The configuration files are slightly different. - the inner logic behind the virtual servers eduroam and server eduroam-inner-tunnel; how it is working; how packets are passed from one to the other. - how to implement anonymous outer identity? What to configure in Radius? Is there any configuration needed in the suplicant? Best regards, Olivier On Thu, Jun 28, 2012 at 1:21 PM, Stefan Winter wrote: > Hi, > >> I am struggling to configure my FreeRADIUS server for eduroam >> (www.eduroam.org), as I understood that some subscribers have done the >> configuration successfully, I come here to get help. >> >> I have been running my FreeRADIUS server with out problem for several >> years, identifying to an openLdap backend. >> >> I managed to configure a test WiFi access point to identify with >> 802.1x against that same radius/ldap server. >> >> But I have a problem to configure eduroam, so I would be glad if I >> could see a working example. > > It would help if you told us *what* the problem is. Looking at what you > write, you have a working FreeRADIUS, working openLDAP backend, and have > configured it to do IEEE 802.1X on a WiFi access point. > > That is 99% of what eduroam needs. So, what's missing? > > Greetings, > > Stefan Winter > > -- > Stefan WINTER > Ingenieur de Recherche > Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et > de la Recherche > 6, rue Richard Coudenhove-Kalergi > L-1359 Luxembourg > > Tel: +352 424409 1 > Fax: +352 422473 > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed to configure FreeRADIUS for eduroam
Hi, > I have been running my FreeRADIUS server with out problem for several > years, identifying to an openLdap backend. > > I managed to configure a test WiFi access point to identify with > 802.1x against that same radius/ldap server. > > But I have a problem to configure eduroam, so I would be glad if I > could see a working example. you need to look at the output of 'radiusd -X' so see what is going on with your server and why it is failing. regarding eduroam - if you already have working 802.1X locally (which I'm not sure from your message as your OpenLDAP/RADIUS combo could have been just PAP authentication) - then all you need to do for eduroam is have some unlang which checks the realm and if its not your realm, then send it to a proxy pool (configure proxy.conf) - which will send the request to remote RADIUS servers that you will be told about by your federation operator.and for you to add those remote RADIUS servers as clients (clients.conf or NAS table in SQL) so that requests for you can be sent to you. you might want to also look at the eduroam confluence WIKI for help/advice/pointers https://confluence.terena.org/display/H2eduroam/How+to+deploy+eduroam+on-site+or+on+campus alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed to configure FreeRADIUS for eduroam
On 28 Jun 2012, at 02:54, Olivier Nicole wrote: > Hi, > > I am struggling to configure my FreeRADIUS server for eduroam > (www.eduroam.org), as I understood that some subscribers have done the > configuration successfully, I come here to get help. > > I have been running my FreeRADIUS server with out problem for several > years, identifying to an openLdap backend. > > I managed to configure a test WiFi access point to identify with > 802.1x against that same radius/ldap server. > > But I have a problem to configure eduroam, so I would be glad if I > could see a working example. Have you looked at the eduroam wiki: https://confluence.terena.org/display/H2eduroam/How+to+deploy+eduroam+on-site+or+on+campus Thanks --- Scott Armitage, Loughborough University PGP.sig Description: This is a digitally signed message part - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed to configure FreeRADIUS for eduroam
Hi, > I am struggling to configure my FreeRADIUS server for eduroam > (www.eduroam.org), as I understood that some subscribers have done the > configuration successfully, I come here to get help. > > I have been running my FreeRADIUS server with out problem for several > years, identifying to an openLdap backend. > > I managed to configure a test WiFi access point to identify with > 802.1x against that same radius/ldap server. > > But I have a problem to configure eduroam, so I would be glad if I > could see a working example. It would help if you told us *what* the problem is. Looking at what you write, you have a working FreeRADIUS, working openLDAP backend, and have configured it to do IEEE 802.1X on a WiFi access point. That is 99% of what eduroam needs. So, what's missing? Greetings, Stefan Winter -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help needed to configure FreeRADIUS for eduroam
Hi, I am struggling to configure my FreeRADIUS server for eduroam (www.eduroam.org), as I understood that some subscribers have done the configuration successfully, I come here to get help. I have been running my FreeRADIUS server with out problem for several years, identifying to an openLdap backend. I managed to configure a test WiFi access point to identify with 802.1x against that same radius/ldap server. But I have a problem to configure eduroam, so I would be glad if I could see a working example. TIA, Olivier - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html