Questions tagged [freeradius]
FreeRADIUS is an open source RADIUS server
288
questions
15
votes
3
answers
5k
views
MacOS clients sporadically disconnect from WPA Enterprise wireless network
We have a small office with ~20 people, each using a MacBook, and optionally connecting with a mobile phone too. Previously we used usual Wi-Fi with a shared key, but recently I reconfigured it to WPA ...
9
votes
1
answer
2k
views
Configuring WPA2-Enterprise with Freeradius
I'm trying to set up an authenticated wifi network with Freeradius. I've managed to get things working using self-signed certs etc.
The problem is Windows clients need to uncheck the "Automatically ...
6
votes
2
answers
29k
views
Centos 7. Freeradius fails to start on boot due to priority
I was messing around with FreeRADIUS and MySQL (MariaDB) and it seems FreeRADIUS service can't start properly on startup. But it starts fine using root user or in debug mode (radiusd -X) and works ...
6
votes
1
answer
5k
views
SSH fallback to local account if Radius server isn't available
I've edited my /etc/pam.d/sshd for Radius authentication; I added this line:
auth required pam_radius_auth.so
Also, I've commented out the line:
@include common-auth
Now SSH authentication using ...
6
votes
1
answer
2k
views
Need help understanding PAM directives
I have the following directives in my /etc/pam.d/sshd file on a RHEL5 box and I'm a bit confused. These directives are there to make LDAP+RADIUS+OTP work. What I'm trying to do is tell pam not to ...
5
votes
2
answers
5k
views
FreeRADIUS2 and LDAP Authentication
I am currently running a CentOS 5.5 box with FreeRADIUS2 on it. I have the simple authentication turned on right now (username and pass is set via /etc/raddb/users). I want to have FreeRADIUS ...
5
votes
2
answers
4k
views
2FA via freeRADIUS, ignoring password
I've been tasked with setting up freeRADIUS to prompt a user for their second authentication factor (eg. Google Authenticator OTP) BUT without first checking the user's password.
I'm coming into this ...
5
votes
2
answers
16k
views
Why freeradius server says invalid Message-Authenticator which is generated from radtest?
I am learning how to use freeradius, the version is v2.1.12. When I run radtest, there is no response from server, I see server side debug message has the following:
Received packet from 127.0.0.1 ...
5
votes
1
answer
2k
views
Multiple Valid Certificates in Windows 7 breaking Wired 802.1x Deployment
I have a Wired 802.1x deployment using TLS machine authentication on Windows 7 (built-in 802.1x supplicant) with the necessary certs (FreeRadius v2.2.3 generated on Linux). Cisco C2960 POE switch is ...
4
votes
1
answer
9k
views
Configuring rlm_rest module in FreeRadius
using FreeRADIUS I need to authenticate RADIUS users against a web backend and have been attempting to use the rlm_rest module to do it. See here.
In my site configuration I have something like this:
...
4
votes
1
answer
21k
views
Reload Freeradius clients without restart the service
Is there a way to reload the Freeradius clients configuration without restarting the service? I'm using:
Ubuntu Server 12
Freeradius 2.1.10
MySQL v5.5.20 (I'm storing the clients in the "nas" table)
4
votes
1
answer
6k
views
FreeRADIUS using Active Directory integration broken without any traces
I've a FreeBSD 10.0 server running FreeRADIUS 3 and things got broken without any apparent reason.
I'm using Winbind from Samba4 to authenticate with ntlm_auth. I've done some debug to solve the ...
4
votes
1
answer
1k
views
How many user/supplicant certificates are needed for WPA2 enterprise on a small network?
I am running WPA2 enterprise for wireless access and I followed the instructions in /etc/raddb/certs/README and the freeRadius site howto. I also read the instructions in the privacywonk site.
The ...
4
votes
1
answer
7k
views
Configure Freeradius to check a connecting user against multiple LDAP groups
I'm setting up a Cisco ASA as a client vpn server.
The appliance is relying on freeradius to authenticate the users. Freeradius has in turn been configured to query OpenLDAP.
The modules/ldap file ...
4
votes
5
answers
13k
views
802.1x PEAP GPO that trusts self-signed CA certificate
I am working on a Freeradius backed 802.1.x authentication infrastructure for our wireless clients. I am using a rather generic Freeradius configuration with EAP-PEAP. Our clients are predominantly ...
3
votes
2
answers
16k
views
How to encrypt user password in Freeradius
I recently set up a freeradius server and would like to change the user password that is presently in cleartext to encrypted in the /etc/freeradius/3.0/users file.
This is what it looks like on the ...
3
votes
2
answers
13k
views
Freeradius authentication failed for unknown reason
I followed this instruction to force freeradius to use mysql database.
and run freeradius in debug mod.
but it rejects all authentication.
mysql database :
mysql> select * from radcheck;
+----+--------...
3
votes
2
answers
9k
views
MSCHAPv2 authentication not working
I've been fighting with this for around a week now. I'm trying to get a RADIUS server to authenticate against our Samba-based Active Directory, but I can't get it to work. Because of our ...
3
votes
2
answers
8k
views
Freeradius: Assign Group to User based on Nas-IP-Address
I wonder if anyone can help me.
The goal is to assign different users different ip address based on the AP they connect to. I cannot statically set this as users will travel and end up connecting ...
3
votes
1
answer
3k
views
Debian build the freeradius package with unixodbc support
Here is what I am trying to achieve, we want to install freeradius using a Microsoft SQL backend. I read on the internet that we need to achieve this goal using the unixodbc driver.
I am able to set ...
3
votes
2
answers
3k
views
freeradius two factor without factor concatenation
I have a cisco router providing an SSL VPN server which is talking to freeradius, which in turn uses pam and two pam modules (sss & yubico) to provide two factor authentication for the VPN.
All ...
3
votes
1
answer
2k
views
FreeRadius Server: RadGroupReply attribute for maximum connected users?
I have a FreeRadius server and I'd like to set a limitation for the number of users connected to a specific NAS. My current set up is that every user that connects to a certain NAS is added to the ...
3
votes
1
answer
6k
views
Howto change the default radius logging path for accounting?
I have freeradius 2.1.12+dfsg-1.2 working and logging accounting packets to /var/log/freeradius/radacct/detail-20130401.
However I need to tail the log and I want to ideally tail a single log file ...
3
votes
1
answer
6k
views
Auth-Type :- Reject in RADIUS users file matches inner tunnel request but sends Access-Accept
I have WPA2 802.11x EAP authentication setup using FreeRADIUS 2.1.8 on Ubuntu 10.04.4 talking to OpenLDAP, and can successfully authenticate using PEAP/MSCHAPv2, TTLS/MSCHAPv2 and TTLS/PAP (both via ...
3
votes
2
answers
6k
views
TLS from Radius for Wifi is rejected by Win7
We do have the following Setup at our company
Synology RS812+ hosting LDAP, RADIUS, DNS (Version DSM 5.0-4458 Update 2)
2*Cisco Wifi APs WAP561 (Firmware 1.0.3.4)
Cisco Router ISA500 (Firmware 1.2.19)...
2
votes
2
answers
6k
views
Is there a list of FreeRADIUS specific attributes?
I am using FreeRADIUS 2.1.12 with PostgreSQL for user and client (nas) auth. I'm a bit new to this--I learned what RADIUS was when I was assigned to set this server up a couple of weeks ago--so pardon ...
2
votes
1
answer
17k
views
FreeRadius is not opening ports
I've just installed freeradius and start it with a /etc/init.d/ startup script. After I run netstat -nat I dont see that any process is listening on ports 1812 and 1813. I'm using Ubuntu 10.04 LTS ...
2
votes
1
answer
9k
views
Freeradius VLAN assignment with EAP-TLS and WiFi 802.1x
I'm using FreeRadius with a Ubitquiti WiFi AP with 802.1x auth using EAP-TLS (mutual client/server cert based auth). This is working well for static VLANs (i.e. specified on the AP).
I'd like to ...
2
votes
1
answer
5k
views
Write hash password to LDAP when creating a new user
I am working on a project with a central user database system. One of the requirements of the system is that there should be only one set of users for all the application.
FreeRADIUS and Samba are two ...
2
votes
2
answers
2k
views
Meraki's Accounting-Requests to RADIUS server
I'm running a RADIUS server with some Meraki APs, the process of Authentications is fine... But it seems that the Meraki Cloud Controller is just sending the authentication packets and not the ...
2
votes
1
answer
5k
views
Adding compiled FreeRADIUS to systemd
Working on getting FreeRADIUS up and running and having issues adding to systemd.
Running standalone via radiusd -X works expected and all of the custom configurations are intact. Using freetds ...
2
votes
2
answers
1k
views
Should a server or a client be able to verify a client/server certificate - intermediate certificate chain with a known root ca?
I am trying to test the following setup:
A RADIUS server works with the EAP-TLS protocol. The client and the server have the following certificates:
Client
Public Key: ...
2
votes
1
answer
5k
views
Debian Samba share Authentification with RADIUS server
I'm trying to configure Samba (apt-get install samba) to authenticate users using a RADIUS server and i cannot find anything useful. Is it possible ?
I tought i could set Samba to use the PAM ...
2
votes
1
answer
5k
views
FreeRADIUS and Redis Module
I am wanting to use FreeRADIUS with REDIS for authorisation and accounting. I am running FreeRADIUS 3.0.3.
I note the rlm_rediswho module, which appears to be used for caching recent accounting ...
2
votes
1
answer
19k
views
Cannot log into my RADIUS protected wireless connection. Here's the LOG contents
As soon as someone tries to connect to my network, this appears in the log:
Tue May 3 15:58:40 2011 : Error: TLS Alert read:fatal:unknown CA
Tue May 3 15:58:40 2011 : Error: TLS_accept:failed ...
2
votes
3
answers
6k
views
FreeRadius return User Groups in Class field
I use strongSwan to authenticate against FreeRadius which it does but now I need FreeRadius to return the user's groups in the Class field so they can be checked by strongSwan [1].
I'm using winbind ...
2
votes
1
answer
7k
views
smb fails to start on centos7 radius server
I have a working radius server that auths connections to a PDC AD server. I wanted to create another one so that I can fail over on the firewall when needed. I created a second server using the same ...
2
votes
1
answer
13k
views
FreeRadius + Active Directory + Google Authenticator
I have FreeRadius 3.0.13 installed on CentOS 7.3 which also has SSSD 1.14.0 which is being used to communicate with our Windows 2012 Domain controller. We are able to authenticate using AD via radius....
2
votes
1
answer
11k
views
How do I force freeradius to check certificates validity?
I am trying to install a freeradius server on my debian 9 machine. I succeeded to install it with apt. I also succeeded to run it and accept user and password and reject the connection if you don't ...
2
votes
1
answer
1k
views
FreeRadius can't get new openssl version
I just beginning with FreeRadius. I have installed FreeRadius 2.2.9 but when I try to debug with radiusd -X I got this error
Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013
...
2
votes
1
answer
3k
views
FreeRADIUS w/ MySQL backend. IP Pool
I have a pool of addresses (172.16.0.0/24) configured on my NAS (Cisco 2921 router) for my IPsec clients.
I have various subnet mask length subnetworks used for different user groups. For example I ...
2
votes
1
answer
1k
views
Allowing multiple IP addresses for a single VPN user
Currently for one of the company I am using ASA 5505 as an VPN server with freeradius (mysql module) as an authentication backend.
User authenticatin is based on the group password, user password ...
2
votes
1
answer
7k
views
Accounting setup in freeradius with mikrotik and the "always" module
I have a freeradius setup that is being used to provide authentication for users on a
wireless network.
The access points are all Mikrotik hardware and the users are connected 24/7.
We've been ...
2
votes
0
answers
433
views
OpenVPN auth with Freeradius fails with error message: Module is unknown
I have installed an OpenVPN server with Easy-RSA. I generated the certificate and signed it on my CA Server and copied it back to VPN server. I can establish the client-server connection via ...
2
votes
0
answers
208
views
How can I enforce cryptobinding on FreeRADIUS?
On NPS, there's a setting "Disconnect clients without cryptobinding", which should force clients to check the security of the comms which, if I understand correctly, will prevent attacks such as ...
2
votes
0
answers
1k
views
pfSense: config with daloRadius (freeRadius) to setup download quota limitation
I have pfsense and daloRadius(running freeRadius inside) up and running, I successfully configured radius parameters on pfSense and the NAS on daloRadius and they can talk to each other.
I am able to ...
2
votes
1
answer
2k
views
EAP-TLS: How to verify a p12 key with freeradius?
I installed a Radius server with a EAP-TLS only configuration.
I have a client.p12 file that is supposed to contain both the root-CA and the client certificate.
I added the p12 key
https://...
2
votes
0
answers
902
views
Wired 802.1x on Windows 10 1803 isn't utilizing cache
So I’ve been trying to resolve 802.1x Wired authentication issues for quite some time now with limited success. The environment is based on Server 2012, Enterasys NAC using EAP-TLS1.2, with a ...
2
votes
0
answers
1k
views
FreeRADIUS with Let's Enrypt Certificate (trusted connection without provisioning?)
I have a FreeRADIUS server set up for PEAP/MSCHAPv2 connections with an SQL user backend. On that server, I have set up a Let's encrypt certificate for domain access.example.org. This certificate is ...
2
votes
2
answers
8k
views
cannot read clients from nas table in freeradius only from clients.conf
I have installed freeradius on Centos.
The MySQL database is populated with some data for testing, and the freeradiusd.conf and sql.conf are configured.
The RADIUS server is able to connect with the ...