NEW Package: freeRADIUS 2.x
-
The attributes in my documentation are only to show which attributes are needed for this to work. If the NAS does not support these attributes than bandwidth limit will not work. But Captive Portal can do this.
What you have to do is:
Go to:
SERVICES => CAPTIVE PORTAL
scroll down and enable "Per-user bandwidth restriction"
leave bothe fields empty (so all users have unlimited bandwidth).Go to:
SERVICES => FreeRADIUS => USERS
there you create all users you want. For the one user you want to limit its bandwidth scroll down to:
"Maximum Download Bandwidth" and "Maximum Upload Bandwidth".
There you have to enter the bandwidth limit for the user.
Important: You have to enter "BIT per second"….8Bit = 1Byte and 1024Byte = 1KilobyteAfter you have changed bandwidth limits for a user AND this user is connected while you changed the settings than the will not take effect. So make sure that you disconnect the user after you made changes so that the user needs to reconnect.
PS: Not sure if it works 100% because there seems to be a bug in CP and/or ipfw which counts sometimes different. For example when using "Amount of traffic" then if in real 1MB passes CP than CP sends back 6MB to the RADIUS server.
So do some tests and try to find out how it works.
-
I've done all you saied ant got this with radtest:
$ radtest test test 172.16.0.1:1812 0 ldskfjldskdfjslkf4
Sending Access-Request of id 16 to 172.16.0.1 port 1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 172.16.0.1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 172.16.0.1 port 1812, id=16, length=44
WISPr-Bandwidth-Max-Up = 81920
WISPr-Bandwidth-Max-Down = 819200is that OK?
-
I've done all you saied ant got this with radtest:
$ radtest test test 172.16.0.1:1812 0 ldskfjldskdfjslkf4
Sending Access-Request of id 16 to 172.16.0.1 port 1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 172.16.0.1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 172.16.0.1 port 1812, id=16, length=44
WISPr-Bandwidth-Max-Up = 81920
WISPr-Bandwidth-Max-Down = 819200is that OK?
Yes it is.
-
Updates pkg v1.5.7:
-
Added: checks for CA, certs when using EAP-TLS
-
Added: ability to export certs in .p12 format which can be used on windows systems when using EAP-TLS
-
Fixed: a bug when NAS shortname contains whitespace(s)
-
I will update FreeRADIUS 2.x package documentation: How-to for EAP-TLS (LAN), EAP-PEAP (LAN), match common name, match issuer
-
-
Hi Nachtfalke,
I've received a patch from freeradius maintainer to compile it with heimdal instead of krb5.
I'll test compiling it but as usual I need help on testing.
:)
-
Hi Nachtfalke,
I've received a patch from freeradius mainteinet to compile it with heimdal instead of krb5.
I'll test compiling it but as usual I need help on testing.
:)
Of course I'll do that :)
But help me - I forgot it - what will heimdal improve/change instead of using kerberos ? ???
-
what will heimdal improve/change instead of using kerberos ? ???
Some pages ago, to get kerberos working, we need to force heimdal(A popular BSD-licensed implementation of Kerberos 5) package install.
-
The issue about VM is not woking with CP. I think I had found a solution here.
In the past, VM is running a Debian and I assigned the IP in manual.
allow-hotplug eth0 iface eth0 inet static address 192.168.1.25 netmask 255.255.255.0 gateway 192.168.1.1Today, I tired to let Debian get the IP from PF's DHCP and then add its MAC to pass list.
auto lo eth0 iface lo inet loopback iface eth0 inet dhcpThen it works. Both the host and VM can access the Internet without any trouble.
I will do some further testing later and post the result here.
;) -
Thanky for feedback and nice to hear that :D
But we both thought that it probably would be a problem of VMware/interfaces and not directly CP and/or freeradius2. -
Updates pkg v1.5.8:
-
Added: option to disable weak EAP types for authentication
-
Added: some checks if it is really neccessary to create new DH and random file
-
Fixed: description in EAP
-
-
I double checked that the CP is now working with VM and host. :)
There is only one condition : use pass-through MAC in CP
If I tried the RADIUS MAC authentication (MAC as username;share secret as password), it will not work..
It's not a big trouble for me because I just wanna to add a few MACs to pass list, and I don't need to manage them with FreeRadius.
Furthermore I did some other basic testing, they all seems to be no problem.
I created the test user in FreeRadius, it's woking properly.
I created the Vouchers in CP and it will work, FreeRadius will also log it. Great.
(note: I found if I need to use Vouchers , I must disable 'Reauthenticate connected users every minute'. Otherwise the client will have to input the code every minute)I will go online this hotspot soon and give a feed here.
Great thanks for your help and the package~
-
Hi,
can´t update to latest package:
Checking for package installation... Downloading http://e-sac.siteseguro.ws/packages/8/All/freeradius-2.1.12.tbz ... could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/i386/packages-8.1-release/All/freeradius-2.1.12.tbz. of freeradius-2.1.12 failed!Regards, Valle
-
Hi,
can´t update to latest package:
Checking for package installation... Downloading http://e-sac.siteseguro.ws/packages/8/All/freeradius-2.1.12.tbz ... could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/i386/packages-8.1-release/All/freeradius-2.1.12.tbz. of freeradius-2.1.12 failed!Regards, Valle
I'll contact my administrator marcelloc that he should fix his server problem :P
-
Hi,
can´t update to latest package:
Checking for package installation... Downloading http://e-sac.siteseguro.ws/packages/8/All/freeradius-2.1.12.tbz ... could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/i386/packages-8.1-release/All/freeradius-2.1.12.tbz. of freeradius-2.1.12 failed!Regards, Valle
The same problem goes for me…
I hope that improves as soon as possible -
Sorry guys,
Just contacted my provider, they are fixing it right now.
-
working again. Thanx!
-
Why do you use your own site to host things marcelloc?
-
ermal,
Freeradius2 conflicts with current compiled version available on files.pfsense.org.
We are also testing many different package compilations until whe find a final solution to publish on files.pfsense.org.(asterisk, dansguardian, subversion,…)
Also there are some missing libs to get cyrus-sasl working to(You helped me diagnosing it on postfix thread).But, if I can have a folder on files.pfsense.org I can publish these packages there ;D
-
okay, I'm finally happier :)
I've got working freeradius + winbindd + ntlm_auth with Active Directory with MSCHAP v2now I will remove from samba package as much as I can and then I would like to share my work with you.
I hope you will guide me if I should give you files or somehow make package etc. -
This may have already been answered but how would I change the cipher list to "HIGH" under TLS? I understand I can disable weaker ciphers but will this effectively set the cipher list to high?
