802.1X Port-Based Authentication HOWTO by Lars Strand (top rated ebook readers txt) π
The binaries are installed in /usr/local/bin and /usr/local/sbin. The configuration files are found under /usr/local/etc/raddb.
If something went wrong, check the INSTALL and README included with the source. The [http://www.freeradius.org/faq/] RADIUS FAQ also contains valuable information.
-----
3.2. Configuring FreeRADIUS
FreeRADIUS has a big and mighty configuration file. It's so big, it has been split into several smaller files that are just "included" into the main radius.conf file.
There is numerous ways of using and setting up FreeRADIUS to do what you want: i.e., fetch user information from LDAP, SQL, PDC, Kerberos, etc. In this document, user information from a plain text file, users, is used.
Tip The configuration
Read free book Β«802.1X Port-Based Authentication HOWTO by Lars Strand (top rated ebook readers txt) πΒ» - read online or download for free at americanlibrarybooks.com
- Author: Lars Strand
- Performer: -
Read book online Β«802.1X Port-Based Authentication HOWTO by Lars Strand (top rated ebook readers txt) πΒ». Author - Lars Strand
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "mschapv2" (3)
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
......
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users" (4)
......
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests. (5)
(1) Default EAP type is set to PEAP.
(2) RADIUS's TLS settings are initiated here. The certificate type,
location, and password are listet here.(3) Inside the PEAP tunnel, MS-CHAPv2 is used.
(4) The username/password information is found in the users file.
(5) RADIUS server started successfully. Waiting for incoming requests.
The radius server is now ready to process requests!
The most interesting output is included above. If you get any error
message instead of the last line, go over the configuration (above)
carefully.
Now the Supplicant is ready to get authenticated. Start Xsupplicant in
debug mode. Note that we'll see output produced by the two startup
scripts: startup.sh and startup2.sh.
# xsupplicant -c /usr/local/etc/1x/1x.conf -i eth0 -d 6
Starting /etc/1x/startup.sh
Finished /etc/1x/startup.sh
Starting /etc/1x/startup2.sh
Finished /etc/1x/startup2.sh
At the same time, the RADIUS server is producing a lot of output. Key
snippets are shown below:
......
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS (1)
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK (2)
rlm_eap_peap: Session established. Decoding tunneled attributes.
Comments (0)