Skip to main content

Questions tagged [freeradius]

FreeRADIUS is an open source RADIUS server

Filter by
Sorted by
Tagged with
15 votes
3 answers
5k views

MacOS clients sporadically disconnect from WPA Enterprise wireless network

We have a small office with ~20 people, each using a MacBook, and optionally connecting with a mobile phone too. Previously we used usual Wi-Fi with a shared key, but recently I reconfigured it to WPA ...
Vlad Nikiforov's user avatar
9 votes
1 answer
2k views

Configuring WPA2-Enterprise with Freeradius

I'm trying to set up an authenticated wifi network with Freeradius. I've managed to get things working using self-signed certs etc. The problem is Windows clients need to uncheck the "Automatically ...
Vincent O.'s user avatar
6 votes
2 answers
29k views

Centos 7. Freeradius fails to start on boot due to priority

I was messing around with FreeRADIUS and MySQL (MariaDB) and it seems FreeRADIUS service can't start properly on startup. But it starts fine using root user or in debug mode (radiusd -X) and works ...
Alex's user avatar
  • 516
6 votes
1 answer
5k views

SSH fallback to local account if Radius server isn't available

I've edited my /etc/pam.d/sshd for Radius authentication; I added this line: auth required pam_radius_auth.so Also, I've commented out the line: @include common-auth Now SSH authentication using ...
John's user avatar
  • 85
6 votes
1 answer
2k views

Need help understanding PAM directives

I have the following directives in my /etc/pam.d/sshd file on a RHEL5 box and I'm a bit confused. These directives are there to make LDAP+RADIUS+OTP work. What I'm trying to do is tell pam not to ...
Sidd's user avatar
  • 103
5 votes
2 answers
5k views

FreeRADIUS2 and LDAP Authentication

I am currently running a CentOS 5.5 box with FreeRADIUS2 on it. I have the simple authentication turned on right now (username and pass is set via /etc/raddb/users). I want to have FreeRADIUS ...
arukaen's user avatar
  • 73
5 votes
2 answers
4k views

2FA via freeRADIUS, ignoring password

I've been tasked with setting up freeRADIUS to prompt a user for their second authentication factor (eg. Google Authenticator OTP) BUT without first checking the user's password. I'm coming into this ...
Jeedee's user avatar
  • 121
5 votes
2 answers
16k views

Why freeradius server says invalid Message-Authenticator which is generated from radtest?

I am learning how to use freeradius, the version is v2.1.12. When I run radtest, there is no response from server, I see server side debug message has the following: Received packet from 127.0.0.1 ...
my_question's user avatar
5 votes
1 answer
2k views

Multiple Valid Certificates in Windows 7 breaking Wired 802.1x Deployment

I have a Wired 802.1x deployment using TLS machine authentication on Windows 7 (built-in 802.1x supplicant) with the necessary certs (FreeRadius v2.2.3 generated on Linux). Cisco C2960 POE switch is ...
Jude_Quintana's user avatar
4 votes
1 answer
9k views

Configuring rlm_rest module in FreeRadius

using FreeRADIUS I need to authenticate RADIUS users against a web backend and have been attempting to use the rlm_rest module to do it. See here. In my site configuration I have something like this: ...
freb's user avatar
  • 143
4 votes
1 answer
21k views

Reload Freeradius clients without restart the service

Is there a way to reload the Freeradius clients configuration without restarting the service? I'm using: Ubuntu Server 12 Freeradius 2.1.10 MySQL v5.5.20 (I'm storing the clients in the "nas" table)
PachinSV's user avatar
  • 203
4 votes
1 answer
6k views

FreeRADIUS using Active Directory integration broken without any traces

I've a FreeBSD 10.0 server running FreeRADIUS 3 and things got broken without any apparent reason. I'm using Winbind from Samba4 to authenticate with ntlm_auth. I've done some debug to solve the ...
Vinícius Ferrão's user avatar
4 votes
1 answer
1k views

How many user/supplicant certificates are needed for WPA2 enterprise on a small network?

I am running WPA2 enterprise for wireless access and I followed the instructions in /etc/raddb/certs/README and the freeRadius site howto. I also read the instructions in the privacywonk site. The ...
Sonny's user avatar
  • 183
4 votes
1 answer
7k views

Configure Freeradius to check a connecting user against multiple LDAP groups

I'm setting up a Cisco ASA as a client vpn server. The appliance is relying on freeradius to authenticate the users. Freeradius has in turn been configured to query OpenLDAP. The modules/ldap file ...
spidernik84's user avatar
4 votes
5 answers
13k views

802.1x PEAP GPO that trusts self-signed CA certificate

I am working on a Freeradius backed 802.1.x authentication infrastructure for our wireless clients. I am using a rather generic Freeradius configuration with EAP-PEAP. Our clients are predominantly ...
user avatar
3 votes
2 answers
16k views

How to encrypt user password in Freeradius

I recently set up a freeradius server and would like to change the user password that is presently in cleartext to encrypted in the /etc/freeradius/3.0/users file. This is what it looks like on the ...
wallacex's user avatar
3 votes
2 answers
13k views

Freeradius authentication failed for unknown reason

I followed this instruction to force freeradius to use mysql database. and run freeradius in debug mod. but it rejects all authentication. mysql database : mysql> select * from radcheck; +----+--------...
Moein Hosseini's user avatar
3 votes
2 answers
9k views

MSCHAPv2 authentication not working

I've been fighting with this for around a week now. I'm trying to get a RADIUS server to authenticate against our Samba-based Active Directory, but I can't get it to work. Because of our ...
Dessa Simpson's user avatar
3 votes
2 answers
8k views

Freeradius: Assign Group to User based on Nas-IP-Address

I wonder if anyone can help me. The goal is to assign different users different ip address based on the AP they connect to. I cannot statically set this as users will travel and end up connecting ...
Rob's user avatar
  • 103
3 votes
1 answer
3k views

Debian build the freeradius package with unixodbc support

Here is what I am trying to achieve, we want to install freeradius using a Microsoft SQL backend. I read on the internet that we need to achieve this goal using the unixodbc driver. I am able to set ...
drivard's user avatar
  • 407
3 votes
2 answers
3k views

freeradius two factor without factor concatenation

I have a cisco router providing an SSL VPN server which is talking to freeradius, which in turn uses pam and two pam modules (sss & yubico) to provide two factor authentication for the VPN. All ...
Sirex's user avatar
  • 5,557
3 votes
1 answer
2k views

FreeRadius Server: RadGroupReply attribute for maximum connected users?

I have a FreeRadius server and I'd like to set a limitation for the number of users connected to a specific NAS. My current set up is that every user that connects to a certain NAS is added to the ...
Kix Panganiban's user avatar
3 votes
1 answer
6k views

Howto change the default radius logging path for accounting?

I have freeradius 2.1.12+dfsg-1.2 working and logging accounting packets to /var/log/freeradius/radacct/detail-20130401. However I need to tail the log and I want to ideally tail a single log file ...
hendry's user avatar
  • 677
3 votes
1 answer
6k views

Auth-Type :- Reject in RADIUS users file matches inner tunnel request but sends Access-Accept

I have WPA2 802.11x EAP authentication setup using FreeRADIUS 2.1.8 on Ubuntu 10.04.4 talking to OpenLDAP, and can successfully authenticate using PEAP/MSCHAPv2, TTLS/MSCHAPv2 and TTLS/PAP (both via ...
mgorven's user avatar
  • 31.1k
3 votes
2 answers
6k views

TLS from Radius for Wifi is rejected by Win7

We do have the following Setup at our company Synology RS812+ hosting LDAP, RADIUS, DNS (Version DSM 5.0-4458 Update 2) 2*Cisco Wifi APs WAP561 (Firmware 1.0.3.4) Cisco Router ISA500 (Firmware 1.2.19)...
pfried's user avatar
  • 83
2 votes
2 answers
6k views

Is there a list of FreeRADIUS specific attributes?

I am using FreeRADIUS 2.1.12 with PostgreSQL for user and client (nas) auth. I'm a bit new to this--I learned what RADIUS was when I was assigned to set this server up a couple of weeks ago--so pardon ...
vastlysuperiorman's user avatar
2 votes
1 answer
17k views

FreeRadius is not opening ports

I've just installed freeradius and start it with a /etc/init.d/ startup script. After I run netstat -nat I dont see that any process is listening on ports 1812 and 1813. I'm using Ubuntu 10.04 LTS ...
Boban P.'s user avatar
  • 735
2 votes
1 answer
9k views

Freeradius VLAN assignment with EAP-TLS and WiFi 802.1x

I'm using FreeRadius with a Ubitquiti WiFi AP with 802.1x auth using EAP-TLS (mutual client/server cert based auth). This is working well for static VLANs (i.e. specified on the AP). I'd like to ...
user397220's user avatar
2 votes
1 answer
5k views

Write hash password to LDAP when creating a new user

I am working on a project with a central user database system. One of the requirements of the system is that there should be only one set of users for all the application. FreeRADIUS and Samba are two ...
alibaba's user avatar
  • 427
2 votes
2 answers
2k views

Meraki's Accounting-Requests to RADIUS server

I'm running a RADIUS server with some Meraki APs, the process of Authentications is fine... But it seems that the Meraki Cloud Controller is just sending the authentication packets and not the ...
PachinSV's user avatar
  • 203
2 votes
1 answer
5k views

Adding compiled FreeRADIUS to systemd

Working on getting FreeRADIUS up and running and having issues adding to systemd. Running standalone via radiusd -X works expected and all of the custom configurations are intact. Using freetds ...
Arnydo's user avatar
  • 23
2 votes
2 answers
1k views

Should a server or a client be able to verify a client/server certificate - intermediate certificate chain with a known root ca?

I am trying to test the following setup: A RADIUS server works with the EAP-TLS protocol. The client and the server have the following certificates: Client Public Key: ...
Jannis Kappertz's user avatar
2 votes
1 answer
5k views

Debian Samba share Authentification with RADIUS server

I'm trying to configure Samba (apt-get install samba) to authenticate users using a RADIUS server and i cannot find anything useful. Is it possible ? I tought i could set Samba to use the PAM ...
Joshua's user avatar
  • 121
2 votes
1 answer
5k views

FreeRADIUS and Redis Module

I am wanting to use FreeRADIUS with REDIS for authorisation and accounting. I am running FreeRADIUS 3.0.3. I note the rlm_rediswho module, which appears to be used for caching recent accounting ...
mixja's user avatar
  • 197
2 votes
1 answer
19k views

Cannot log into my RADIUS protected wireless connection. Here's the LOG contents

As soon as someone tries to connect to my network, this appears in the log: Tue May 3 15:58:40 2011 : Error: TLS Alert read:fatal:unknown CA Tue May 3 15:58:40 2011 : Error: TLS_accept:failed ...
Only Bolivian Here's user avatar
2 votes
3 answers
6k views

FreeRadius return User Groups in Class field

I use strongSwan to authenticate against FreeRadius which it does but now I need FreeRadius to return the user's groups in the Class field so they can be checked by strongSwan [1]. I'm using winbind ...
Christian's user avatar
  • 806
2 votes
1 answer
7k views

smb fails to start on centos7 radius server

I have a working radius server that auths connections to a PDC AD server. I wanted to create another one so that I can fail over on the firewall when needed. I created a second server using the same ...
IRBiddlecombe's user avatar
2 votes
1 answer
13k views

FreeRadius + Active Directory + Google Authenticator

I have FreeRadius 3.0.13 installed on CentOS 7.3 which also has SSSD 1.14.0 which is being used to communicate with our Windows 2012 Domain controller. We are able to authenticate using AD via radius....
georgdl's user avatar
  • 21
2 votes
1 answer
11k views

How do I force freeradius to check certificates validity?

I am trying to install a freeradius server on my debian 9 machine. I succeeded to install it with apt. I also succeeded to run it and accept user and password and reject the connection if you don't ...
arnaud's user avatar
  • 31
2 votes
1 answer
1k views

FreeRadius can't get new openssl version

I just beginning with FreeRadius. I have installed FreeRadius 2.2.9 but when I try to debug with radiusd -X I got this error Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 ...
user3422401's user avatar
2 votes
1 answer
3k views

FreeRADIUS w/ MySQL backend. IP Pool

I have a pool of addresses (172.16.0.0/24) configured on my NAS (Cisco 2921 router) for my IPsec clients. I have various subnet mask length subnetworks used for different user groups. For example I ...
Alex's user avatar
  • 516
2 votes
1 answer
1k views

Allowing multiple IP addresses for a single VPN user

Currently for one of the company I am using ASA 5505 as an VPN server with freeradius (mysql module) as an authentication backend. User authenticatin is based on the group password, user password ...
golja's user avatar
  • 1,631
2 votes
1 answer
7k views

Accounting setup in freeradius with mikrotik and the "always" module

I have a freeradius setup that is being used to provide authentication for users on a wireless network. The access points are all Mikrotik hardware and the users are connected 24/7. We've been ...
hookenz's user avatar
  • 14.7k
2 votes
0 answers
433 views

OpenVPN auth with Freeradius fails with error message: Module is unknown

I have installed an OpenVPN server with Easy-RSA. I generated the certificate and signed it on my CA Server and copied it back to VPN server. I can establish the client-server connection via ...
Houman's user avatar
  • 1,675
2 votes
0 answers
208 views

How can I enforce cryptobinding on FreeRADIUS?

On NPS, there's a setting "Disconnect clients without cryptobinding", which should force clients to check the security of the comms which, if I understand correctly, will prevent attacks such as ...
Samthere's user avatar
  • 121
2 votes
0 answers
1k views

pfSense: config with daloRadius (freeRadius) to setup download quota limitation

I have pfsense and daloRadius(running freeRadius inside) up and running, I successfully configured radius parameters on pfSense and the NAS on daloRadius and they can talk to each other. I am able to ...
Xsmael's user avatar
  • 185
2 votes
1 answer
2k views

EAP-TLS: How to verify a p12 key with freeradius?

I installed a Radius server with a EAP-TLS only configuration. I have a client.p12 file that is supposed to contain both the root-CA and the client certificate. I added the p12 key https://...
None's user avatar
  • 182
2 votes
0 answers
902 views

Wired 802.1x on Windows 10 1803 isn't utilizing cache

So I’ve been trying to resolve 802.1x Wired authentication issues for quite some time now with limited success. The environment is based on Server 2012, Enterasys NAC using EAP-TLS1.2, with a ...
Joshua Scott's user avatar
2 votes
0 answers
1k views

FreeRADIUS with Let's Enrypt Certificate (trusted connection without provisioning?)

I have a FreeRADIUS server set up for PEAP/MSCHAPv2 connections with an SQL user backend. On that server, I have set up a Let's encrypt certificate for domain access.example.org. This certificate is ...
PiMaker's user avatar
  • 151
2 votes
2 answers
8k views

cannot read clients from nas table in freeradius only from clients.conf

I have installed freeradius on Centos. The MySQL database is populated with some data for testing, and the freeradiusd.conf and sql.conf are configured. The RADIUS server is able to connect with the ...
ahmad charafdin's user avatar

1
2 3 4 5 6