FreeRADIUS 3.x package coming - BETA for TESTING
-
No dir /usr/local/share/examples
[2.4.0-BETA][root@pfSense.ramos]/root: cp -RP /usr/local/share/examples/freeradius/raddb /usr/local/etc/raddb cp: /usr/local/share/examples/freeradius/raddb: No such file or directoryI Will do a new installation pFsense 2.4 last and FreeRADIUS 3.x and see if this persist. i hope do this tomorrow.
-
@mais_um:
I Will do a new installation pFsense 2.4 last and FreeRADIUS 3.x and see if this persist. i hope do this tomorrow.
New installation. 2.4.0-BETA (amd64) built on Sun Jun 11 20:20:15 CDT 2017. Add FreeRadius3 package, create certs, see if /usr/local/share/examples exist (yes!!!). Configuring FreeRadius3: add interface, chose certs and all done. FreeRadius is UP. I don't test with my home wifi, i will.
-
I can for sure fire up a clean install of pfsense as well. Will then move my radius eap-tls auth to it, etc. Might take me a few days to get too though.
-
I pushed 0.3.2 now which has some fixes to make sure the raddb directory is a fresh copy from examples even if there were older files around, since the package expects it that way and it will re-create any necessary files itself.
-
Great when I get home tonight will give it a test run. Wife is out tonight so will have some play time ;)
-
View files tab:
- eap.conf, sql.conf and ldap doesn't exist even save respective configs. Creating manually and tray to save config same thing.
This is a fresh install.
-
@mais_um:
View files tab:
- eap.conf, sql.conf and ldap doesn't exist even save respective configs. Creating manually and tray to save config same thing.
This is a fresh install.
Those changed location and I haven't updated that page yet. It'll get there eventually.
-
@mais_um:
View files tab:
- eap.conf, sql.conf and ldap doesn't exist even save respective configs. Creating manually and tray to save config same thing.
This is a fresh install.
Those changed location and I haven't updated that page yet. It'll get there eventually.
I just pushed a fix for this, should be up in the next round of snaps, package version 0.3.4
-
Figured out the missing examples issue, the dir /usr/local/share/examples was in the obsolete files list so the snapshot upgrade process was blowing away the FreeRADIUS files after the upgrade boot finished. I didn't hit this since I wasn't upgrading my local test system while I was working on the package. Once I did, it showed up.
I pushed a fix for the next snapshot but you will need to do one of the following:
- Remove the FreeRADIUS package and then install the package again (NOT reinstall!) without upgrading to get the example files back and a stock raddb setup
or - After the next snapshot upgrade, remove the FreeRADIUS package and then install the package again (NOT reinstall!)
From this point on it should be OK for future upgrades so long as you remove and install it again before trying to use it. You have to remove the package so that freeradius3 (the binary package) will be removed and then put back on when it's installed, that way it gets the examples directory back.
- Remove the FreeRADIUS package and then install the package again (NOT reinstall!) without upgrading to get the example files back and a stock raddb setup
-
Ok so if I am on freerad 2, and I uninstall it. Then install freerad 3 I should be good?
After I upgrade to the latest snap.. And have rebooted and on the current snap.. Uninstall freerad 2, then install freedrad 3..
-
Ok so if I am on freerad 2, and I uninstall it. Then install freerad 3 I should be good?
After I upgrade to the latest snap.. And have rebooted and on the current snap.. Uninstall freerad 2, then install freedrad 3..
Yeah that's fine. Bigger problem is having 3 already and then upgrading and keeping 3, you won't get the examples back unless you remove and the install freeradius3 again.
Removing 2 and adding 3 without a snapshot upgrade involved afterward should be OK at any time.
-
Ok looks good! I uninstalled 2 and installed 3 (0.3.4) running on my 2.4 snap dated Mon Jun 12 09:21:37 CDT 2017
My eap-tls clients are authing just fine.. Have not time to try changing anything.. And have not upgraded pfsense snap or rebooted it yet, anything like that - but looks like its workable for eap-tls for sure.
-
Great!
I'm still fighting the counter module(s), but other tests have been positive so far. I still expect some trouble from corner cases that aren't so commonly used.
-
Thanks you all for your work on freeRadius 3. It's really appreciated.
-
Thanks you all for your work on freeRadius 3. It's really appreciated.
You're welcome! It's been a lot of work but ultimately everything is better off.
-
0.4.1 is coming with a few fixes:
- Fixed mOTP
- Fixed PEAP
- Fixed MAC auth
Also confirmed that both time and data counters work, trouble I had was due to not having the correct config setup. Matching everything against the docs I found a setting I had missed. Once that was set, both counter styles worked well.
-
With 0.4.1, PEAP is working with unifi AP and Android 7.0.1 device.
-
This is great news! I'm glad FreeRADIUS 3 support is well on its way.
Any chance we can get some sort of "Advanced" tab in the webGUI to override the webGUI settings in the config files? In particular, I'd like to set up different certificates for PEAP and EAP-TLS (as described here). That sort of thing could plausibly be configured in the webGUI itself, but I recognize it may be of niche interest.
-
This is great news! I'm glad FreeRADIUS 3 support is well on its way.
Any chance we can get some sort of "Advanced" tab in the webGUI to override the webGUI settings in the config files? In particular, I'd like to set up different certificates for PEAP and EAP-TLS (as described here). That sort of thing could plausibly be configured in the webGUI itself, but I recognize it may be of niche interest.
Not currently on my to-do list.
I do need to add some extra cert options as I plan on allowing MySQL+TLS and PostgreSQL+TLS so maybe I'll make separate TLS sections for EAP TLS/TTLS/PEAP while I'm at it.
-
I think I might have found a bug.
/usr/local/etc/raddb/users
"tosh" Cleartext-Password := "asdadadada", Simultaneous-Use := "1"
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = "3";Shouldn't that end with a comma?
EDIT: or end-of-line?
