I have wireless clients authorization using freeradius.
Schema:
Internet---linux router---access point 1 (wds) access point 2 some
wireless clinets and some ethernet clients
wireless clients use wpa2/aes with eap-peap
But... is it possible to authorize ethernet (not wireless)
Do something like:
modules {
passwd mac2ok {
filename = /etc/raddb/mac2ok
format = *Calling-Station-Id:~My-Local-String
hashsize = 100
}
# other modules
}
authorize {
preprocess
mac2ok
files
# other modules
}
Do something like:
modules {
passwd mac2ok {
filename = /etc/raddb/mac2ok
format = *Calling-Station-Id:~My-Local-String
hashsize = 100
}
# other modules
}
authorize {
preprocess
mac2ok
files
# other modules
}
Make /etc/raddb/mac2ok read:
I have FreeRADIUS Version 1.1.0
I want to disallow login to access points for every hosts that are not in my
network.
So at the end of /usr/local/etc/raddb/users file I put regular expression that
checks if Calling-Station-Id IS NOT in list of my hosts...
DEFAULT Auth-Type := REJECT,
I have FreeRADIUS Version 1.1.0
I want to disallow login to access points for every hosts that are not
in my network.
So at the end of /usr/local/etc/raddb/users file I put regular
expression that checks if Calling-Station-Id IS NOT in list of my
hosts...
DEFAULT Auth-Type :=
I have freeradius serwer with PEAP auth. secrets of nasnames and user passwords
are in mysql.
Is it possible to set freeradius to send Access-Accept only where user try to
connect to specified access point? I try to check it by sql query modified by
me.
sql: authorize_check_query = SELECT
I have just run pppoe server with
freeradius
pppeo user radius.so and radattr.so
modules
It works ok, but clients gets 'random' IP
addreses... I need static IP (like that in /etc/ppp/chap-secrets last
column).
I try to add 1 record to my mysql, so I
have:
mysql SELECT id, UserName,
| 77 | norbert | User-Password | | == |
...
CHAP-Challenge = 0x4aaccdf7f520730e84f58bc4018c04217b97
CHAP-Password = 0xb6fe48120b0aed82ffdb4d782f3b51cd6a
There is no User-Password in the packet, so using '==' for comarison
will never result in a
but it still works with '==', why?
You didn't post debug logs showing it working. I suspect it doesn't.
OK. Logs are here. User typed 'Jan Nowak' in Identity field, but in my
database there is UserName='jnovak'.
This log was generated when I have '==' in radcheck table.
There are 9
Edit the source to FreeRADIUS to make it do what you want, or use a
real access point.
Thanks for answer!
Can anyone instruct me which AP (that cost not more than $100) works fine
with WPA2/AES and PEAP? There is about 5-15 users per AP in our network.
Norbert Grochal
-
List info
Hi!
My users don't use windows xp "zero configuration"
service for wifi. They use Ralink Configurator with profiles.
Auth EAP/PEAP.
Sometimes after reboot AP or 'unhibernate' Windows
XP freeradius logs packets with no User-Name attribute:
rad_recv: Access-Request packet from host
Hi,
I try to secure wireless network with freeradius (on linux PC).
Access Points on rtl8186, WPA2(mixed), clients cards edimax on ralink rt2500
and ralink rt2400, PEAP.
Firmware on AP: (newest versions) Planet 4035, Planet wrt414, Edimax
ew-7206, Edimax ew-7209, OvisLink Airlive...
Problems
Oh no, with these queries:
authorize_check_query = SELECT id, UserName, Attribute, Value, op
\
FROM ${authcheck_table} \
WHERE id = 74 \
ORDER BY id
authorize_reply_query = SELECT id, UserName, Attribute, Value, op
\
FROM
In 'Ralink Wireless Utility' -'802.1x
Setting'
I canchoose 'PEAP' andfoll 3 fields
(with my example values):
1. Identyty = myidentyty
2. Login = mylogin
3. Password = mypass
(I set protocol as EAP-MSCHAP v2)
in freeradius users file I can write:
myloginAuth-Type = EAP, User-Password :=
Is it possible to force peap to require client's certificates?
I can use PEAP, I can use TLS, but I want to join them together. I know that
in PEAP certificates are optional not obligatory, how to make it obligatory?
Norbert
-
List info/subscribe/unsubscribe? See
Hi!Is it possible to use verification of Calling-Station-Id in
EAP/PEAP ?My users file:foo Auth-Type := EAP, User-Password ==
"mypass", Calling-Station-Id == "0123456789ab"and I have an
error: rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session
established. Decoding tunneled attributes.
16 matches
Mail list logo