Topic: radius

[frank3427]

I would like to know if anyone is using the radius server on SME7?

[gordonr]

I would like to know if anyone is using the radius server on SME7?

It is being used for PPTP authentication.

[william_syd]

Can it be used outside of SME7 ?

Say to authenticate users for Openfiler ?

[gordonr]

Can it be used outside of SME7 ?

Say to authenticate users for Openfiler ?

It's the freeradius package from CentOS. You'll need to work out the configuration magic required, and if we need to change the base configuration to help, please raise a bug. Thanks.

[slords]

The framework is already in place for radius.  In order to use it please define the client host in hostnames and addresses.

Once you have done this then you need to define the shared radius key for that host.  You can do this with the following command:

db hosts setprop {full hostname} RadiusKey {random string of characters}
signal-event remoteaccess-update

ex.

db hosts setprop wireless.mydomain.com RadiusKey abcdefg123456789
signal-event remoteaccess-update

After this I'd go to the device defined by wireless.mydomain.com and point to the internal interface ip for the server and enter the same key.

I've successfully implemented 802.1x (WPA) for many different access points this way.  Auth parameters are for PEAP-MSCHAP2.  Any defined user with a valid password should be allowed to authenticate.

[pepe]

The framework is already in place for radius.  In order to use it please define the client host in hostnames and addresses.

Eh.. could you be more specific, please ? Where do we find this ?
Tnx.[/quote]

[william_syd]

Where do we find this ?
Tnx.

[/quote]

In the server manager I would say.

[dean-za]

Shad

I tried what you said but I cant see the radiusd server is even running. If I netstat -an | grep tcp I do not seee any service running on port 1812 or 1813. A nmap scan from a seperate machine yields the same results.  I even tried this

config set radiusd service access public status enabled TCPPorts 1812,1813
signal-event remoteaccess-update

the radius.conf file says to bind to * and port = 0 which should mean that it uses all interfaces and read the port numbers from /etc/sevices. All of this seems correct and yet no service running. Any ideas on where to look ?

Thanks
Dean

[JonB]

dean-za

Code: [Select]

config set radiusd service access public status enabled TCPPorts 1812,1813

SME7 does not yet implement opening multiple comma seperated ports using TCPPorts. You will need to open the ports individually using TCPPort.

This function and opening a range of ports TCPPort xxxx:xxxx will not be available till SME7.1.


Jon

[tartjagger]

I've successfully implemented 802.1x (WPA) for many different access points this way.  Auth parameters are for PEAP-MSCHAP2.  Any defined user with a valid password should be allowed to authenticate.

I followed the instructions given and it worked a treat using WEP encryption. It was necessary to set the Access point authentication to 'open' which threw me for a while.

[Franco]

What would the advantage be? I have Radius authenticating the MAC address access, but not the WPA keys. Do the keys get rotated from time to time?

[dean-za]

but the service should still be available to the local network , how else can i check why i cant see any service running on those ports ?

Dean

[JonB]

dean-za,

I think you will find that the firewall is not set to allow local access.

do

Code: [Select]

config setprop radiusd access private TCPPort 1812
config set radius-acct service status enabled access private TCPPort 1813
signal-event remoteaccess-update

Code: [Select]

iptables -L

should show the ports open.

Jon

[brit-dub]

Hi all

I'm was looking to set up a freeradius server for use with http://www.locustworld.com/ but after reading this on the forum I'm given the idea I might be able to use sme server 7, or can I ?

or am I barking up the wrong tree ? any advice would me most welcome.

Just one other thing does the dialupadmin web interface work ? or can it be got working ?

TIA  

Brit

[Franco]

The framework is already in place for radius.  In order to use it please define the client host in hostnames and addresses.

Once you have done this then you need to define the shared radius key for that host.  You can do this with the following command:

db hosts setprop {full hostname} RadiusKey {random string of characters}
signal-event remoteaccess-update

ex.

db hosts setprop wireless.mydomain.com RadiusKey abcdefg123456789
signal-event remoteaccess-update

After this I'd go to the device defined by wireless.mydomain.com and point to the internal interface ip for the server and enter the same key.

I've successfully implemented 802.1x (WPA) for many different access points this way.  Auth parameters are for PEAP-MSCHAP2.  Any defined user with a valid password should be allowed to authenticate.

This example shows how to add a client to the database and eventually to the /etc/raddb/clients.conf
Now how are you implementing the rest, such as users and MAC?

Thanks,