NEW Package: freeRADIUS 2.x
-
@msi:
marcelloc: Yeah, makes sense for Heimdal, I'll see what is default on FreeBSD, haven't precisely checked back.
Take a look on heimdal ports package description
A popular BSD-licensed implementation of Kerberos 5
Maintained by: Joerg.Pulz@frm2.tum.de
Also listed in: ipv6
Requires: autoconf-2.68, autoconf-wrapper-20101119, gettext-0.18.1.1, libiconv-1.13.1_2, libtool-2.4.2, m4-1.4.16,1, perl-5.12.4_4, pkg-config-0.25_1 -
I have shortened and rewritten what I took out of the FreeRADIUS beginners guide and put that in a Google doc to check if I am on the wrong way. This is a very much WiP and also a temporary place:
https://docs.google.com/document/d/1i536CfITm478tAddzoxSLrjl9KcEqGGA-F_LG9Iwy6A/edit
With ntlm_auth it's possible to add a AD group requirement haven't tried that yet.I'd also agree with marcelloc that it's not the best idea to pull in Samba automatically by freeradius since it's only needed when ntlm_auth comes into the game.
P.S: Nifty idea I came across - any plans to support virtual servers on pfSense with freeradius instead of default sites-enabled/default?
-
Nachtfalke,
I'ts on the same repo as freeradius2.
I'm not sure if it is a good option to install it automatically.
Whe can think about on installing packages as gui options are selected.Yeah - better not by default. I will do it probably like I did with the bash package for mOTP. Will only be installed when enabled.
I installed the samba package from your server on pfsense.
Tried to start samba (didn't change anything on config):[2.0.1-RELEASE][admin@pfsense.localdomain]/root(5): /usr/local/etc/rc.d/samba onestart Removing stale Samba tdb files: done Starting winbindd. /libexec/ld-elf.so.1: Shared object "libgssapi.so.2" not found, required by "winbindd" /usr/local/etc/rc.d/samba: WARNING: failed to start winbindd [2.0.1-RELEASE][admin@pfsense.localdomain]/root(6):
PS: I think this tutorial will do the job:
http://deployingradius.com/documents/configuration/active_directory.html@msi
Virtual servers: If you do the job :)
I thought about that in the past but I didn't find a way to put this all into a GUI. Probably someone with more experience on php and conding at all would do a better job. But I am not the guy for that ;) -
[2.0.1-RELEASE][admin@pfsense.localdomain]/root(5): /usr/local/etc/rc.d/samba onestart
Removing stale Samba tdb files: done
Starting winbindd.
/libexec/ld-elf.so.1: Shared object "libgssapi.so.2" not found, required by "winbindd"
/usr/local/etc/rc.d/samba: WARNING: failed to start winbindd
[2.0.1-RELEASE][admin@pfsense.localdomain]/root(6):well,
maybe a cyrus-sasl-2.1.25_1,openldap-sasl-client-2.4.26, or heimdal dependence.I guess heimdal or cyrrus.
-
Hi,
Does someone know if this package was compiled with DHCP option?Thanks
-
Does someone know if this package was compiled with DHCP option?
I can't see this option on package make config.
-
It is experimental and as far as I know you didn't compile experimental options.
http://freeradius.org/features/dhcp.html -
I can't see this option on package make config.
Now I can see it as experimental option ;)
-
Thank you for this information!
-
Updates pkg v1.6.6_3:
- Fixes: accounting scripts and small updates on the documentation. More infos in this thread:
http://forum.pfsense.org/index.php/topic,48404.0.html
Known bugs:
-
When using "stop/start accounting on CP then "Amount of Time/Amount of Traffic" isn't working correctly.
http://redmine.pfsense.org/issues/2164 -
When using CP + RADIUS + Vouchers and "reauthenticate every minute" is enabled then CP sends the voucher as username to RADIUS. This causes RADIUS to disconnect the "user/voucher" because of an unknown/wrong "username".
http://redmine.pfsense.org/issues/2155 -
When stop/start accounting on CP is enabled than the syslog shows many "wrong order" or "Login found bot no logout detected". This seems to not affect the usage of RADIUS but it is not 100% correct.
http://redmine.pfsense.org/issues/2143
- Fixes: accounting scripts and small updates on the documentation. More infos in this thread:
-
Hi,
I want to do some test with DHCP on freeradius, I have a virtual machine where freeradius has DHCP enabled. I wanted to know if there is a way I can tell your package on installation to fetch my package file (from my server) and all dependencies will be treated as normal (from your server).Thanks
-
Hi,
I want to do some test with DHCP on freeradius, I have a virtual machine where freeradius has DHCP enabled. I wanted to know if there is a way I can tell your package on installation to fetch my package file (from my server) and all dependencies will be treated as normal (from your server).Thanks
No. what you can do is install freeradius2 package and then at console/ssh replace freeradius2 with your build using pkg_delete and pkg_add -r
-
Thank you, this worked.
-
Thank you, this worked.
You can also report what features you enabled and how it improved your setup.
-
Thank you, this worked.
You can also report what features you enabled and how it improved your setup.
And which files you need to configure so we can think about building a GUI for that if possible :-)
-
Is there a timeline for when this package will be updated to work with 2.1-DEVELOPMENT? Unfortunately, I need 2.1 for a client's system since their NIC isn't supported in 2.0.1 (RealTek 8111e), and I'm trying to get FreeRADIUS working so I can use WPA2-Enterprise. Thanks!
-
Is there a timeline for when this package will be updated to work with 2.1-DEVELOPMENT? Unfortunately, I need 2.1 for a client's system since their NIC isn't supported in 2.0.1 (RealTek 8111e), and I'm trying to get FreeRADIUS working so I can use WPA2-Enterprise. Thanks!
after installing gui, did you tried to install binaries on console?
these posts maybe usefull for amd64 installs
http://forum.pfsense.org/index.php/topic,43675.msg231974.html#msg231974
http://forum.pfsense.org/index.php/topic,43675.msg232046.html#msg232046
http://forum.pfsense.org/index.php/topic,43675.msg232220.html#msg232220
http://forum.pfsense.org/index.php/topic,43675.msg232064.html#msg232064 -
It's an i386 install, because the graphics chipset (Intel Atom D2700) doesn't work properly in FreeBSD AMD64 (heck, it doesn't TOTALLY work properly in i386 there are missing characters, and amazingly, it doesn't even work in Windows 7 64-bit - there are no drivers from Intel).
Sorry if I missed this but I'm not seeing it, if you still think it'd help, how would I go about reinstalling from the terminal then?
-
Sorry if I missed this but I'm not seeing it, if you still think it'd help, how would I go about reinstalling from the terminal then?
Maybe the package has installed missing libs, put as whe do not have .pbi package for freeradius2, you need to enable ssh/go to console and type
pkg_add -r http://e-sac.siteseguro.ws/packages/8/All/freeradius-2.1.12.tbz
pkg_add -r http://e-sac.siteseguro.ws/packages/8/All/openldap-sasl-client-2.4.26.tbz -
Thank you! I'll try it out ASAP. Will this work through a firmware upgrade from the GUI or will it need to be re-done every time a new snapshot is loaded?