FreeRADIUS 3.x package coming - BETA for TESTING
-
View files tab:
- eap.conf, sql.conf and ldap doesn't exist even save respective configs. Creating manually and tray to save config same thing.
This is a fresh install.
-
@mais_um:
View files tab:
- eap.conf, sql.conf and ldap doesn't exist even save respective configs. Creating manually and tray to save config same thing.
This is a fresh install.
Those changed location and I haven't updated that page yet. It'll get there eventually.
-
@mais_um:
View files tab:
- eap.conf, sql.conf and ldap doesn't exist even save respective configs. Creating manually and tray to save config same thing.
This is a fresh install.
Those changed location and I haven't updated that page yet. It'll get there eventually.
I just pushed a fix for this, should be up in the next round of snaps, package version 0.3.4
-
Figured out the missing examples issue, the dir /usr/local/share/examples was in the obsolete files list so the snapshot upgrade process was blowing away the FreeRADIUS files after the upgrade boot finished. I didn't hit this since I wasn't upgrading my local test system while I was working on the package. Once I did, it showed up.
I pushed a fix for the next snapshot but you will need to do one of the following:
- Remove the FreeRADIUS package and then install the package again (NOT reinstall!) without upgrading to get the example files back and a stock raddb setup
or - After the next snapshot upgrade, remove the FreeRADIUS package and then install the package again (NOT reinstall!)
From this point on it should be OK for future upgrades so long as you remove and install it again before trying to use it. You have to remove the package so that freeradius3 (the binary package) will be removed and then put back on when it's installed, that way it gets the examples directory back.
- Remove the FreeRADIUS package and then install the package again (NOT reinstall!) without upgrading to get the example files back and a stock raddb setup
-
Ok so if I am on freerad 2, and I uninstall it. Then install freerad 3 I should be good?
After I upgrade to the latest snap.. And have rebooted and on the current snap.. Uninstall freerad 2, then install freedrad 3..
-
Ok so if I am on freerad 2, and I uninstall it. Then install freerad 3 I should be good?
After I upgrade to the latest snap.. And have rebooted and on the current snap.. Uninstall freerad 2, then install freedrad 3..
Yeah that's fine. Bigger problem is having 3 already and then upgrading and keeping 3, you won't get the examples back unless you remove and the install freeradius3 again.
Removing 2 and adding 3 without a snapshot upgrade involved afterward should be OK at any time.
-
Ok looks good! I uninstalled 2 and installed 3 (0.3.4) running on my 2.4 snap dated Mon Jun 12 09:21:37 CDT 2017
My eap-tls clients are authing just fine.. Have not time to try changing anything.. And have not upgraded pfsense snap or rebooted it yet, anything like that - but looks like its workable for eap-tls for sure.
-
Great!
I'm still fighting the counter module(s), but other tests have been positive so far. I still expect some trouble from corner cases that aren't so commonly used.
-
Thanks you all for your work on freeRadius 3. It's really appreciated.
-
Thanks you all for your work on freeRadius 3. It's really appreciated.
You're welcome! It's been a lot of work but ultimately everything is better off.
-
0.4.1 is coming with a few fixes:
- Fixed mOTP
- Fixed PEAP
- Fixed MAC auth
Also confirmed that both time and data counters work, trouble I had was due to not having the correct config setup. Matching everything against the docs I found a setting I had missed. Once that was set, both counter styles worked well.
-
With 0.4.1, PEAP is working with unifi AP and Android 7.0.1 device.
-
This is great news! I'm glad FreeRADIUS 3 support is well on its way.
Any chance we can get some sort of "Advanced" tab in the webGUI to override the webGUI settings in the config files? In particular, I'd like to set up different certificates for PEAP and EAP-TLS (as described here). That sort of thing could plausibly be configured in the webGUI itself, but I recognize it may be of niche interest.
-
This is great news! I'm glad FreeRADIUS 3 support is well on its way.
Any chance we can get some sort of "Advanced" tab in the webGUI to override the webGUI settings in the config files? In particular, I'd like to set up different certificates for PEAP and EAP-TLS (as described here). That sort of thing could plausibly be configured in the webGUI itself, but I recognize it may be of niche interest.
Not currently on my to-do list.
I do need to add some extra cert options as I plan on allowing MySQL+TLS and PostgreSQL+TLS so maybe I'll make separate TLS sections for EAP TLS/TTLS/PEAP while I'm at it.
-
I think I might have found a bug.
/usr/local/etc/raddb/users
"tosh" Cleartext-Password := "asdadadada", Simultaneous-Use := "1"
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = "3";Shouldn't that end with a comma?
EDIT: or end-of-line?
-
another:
"isola" Cleartext-Password := "12345678", Simultaneous-Use := "2"
Session-Timeout := 3600
,
blablabla -
How did those look in FreeRADIUS 2.x?
What specific settings are in place for those users in the GUI? -
I have vlan assigned by radius.
In 2.x it was like this:
"tosh" Cleartext-Password := "asdadadada", Simultaneous-Use := "1"
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = "3"I have it working by editing /usr/local/etc/raddb/users by hand and correcting those errors above. Removed the ; and
Session-Timeout := 3600,Restarted the service in GUI without saving and voilá. It worked.
EDIT: I use unifi APs and controller and have it configured so users get vlan assigned by the radius.
-
OK I think I got those formatting issues fixed, whenever 0.5.1 shows up give it a shot.
-
Thanks jimp. It's working now.
