Has anyone got a good guide to setting freeradius up to secure a wireless network.
The guides posted above are good - implemented the same setup here over the summer. The configuration is fairly simple, just be careful which distribution you use (if you're using packages).
The Debian FreeRADIUS packages are (quietly) compiled without SSL support (due to licensing) so EAP will never work with them (that was a frustrating half week). After Debian I moved over to Fedora 9, only to find that the packaged version of winbind was incompatible, so had to compile an older version to get it running.
Im wanting to use freeradius on ubuntu to authenticate our wireless clients from AD. All the wireless devices MAC addresses are listed as users in AD, and the wireless controller uses these usernames to authenticate in AD. At the moment we use IAS on 2003 and it seems to be playing up, so I want to try it out on ubuntu. The actual encryption of the Wifi is already taken care of.
Never dabbled with connecting linux to AD so a comeplete newbie on that part, so any step by step guides for what im looking for or a point in the right direction would be great.. cheers!
all our linux experts gone AWOL? :P
eBox or Zentyal as it's now commonly called is good
Are you trying to authenticate by username/password AND MAC address as I'm just about to roll out (more or less) that exactly configuration, so could probably help you..
James, The wireless MAC addresses exist in AD as user accounts. They all have a password set, which is the same password. This password is also entered onto the Wifi Controller. The controller sends the MAC address as the username, and said password, to RADIUS, which checks it in AD, which then uses accept or reject to allow it onto the network.
Ah I see - interesting configuration. Good news is that it should be fairly simple to achieve what you're after as it's a fairly standard configuration for authenticating against AD, just without the extra encryption you usually do that the same time.
You should be able to make a start by following the guide here (as posted up thread): FreeRADIUS Active Directory Integration HOWTO - FreeRADIUS Wiki
But don't worry about configuring EAP, just do the bit to get ntlm_auth working to check the user accounts.
If you can get ntlm_auth working then you should be pretty much there, as an added bonus you can test with radtest rather that eapol_test as you don't have to worry about the EAP/SSL negotiation.
If you get stuck post up some freeradius debug output and someone can try and diagnose what is going wrong:Code:/usr/sbin/radiusd -X | tee /tmp/radius.out
thanks for your reply james.
Ive got all that done, and having some problems with it..
Ive got a thread going on the freeradius mailling list at the moment if you would like to take a look and see if theres anything you could add/comment about?
FreeRadius - User - mschap with ntlm_auth and Active Directory
There are currently 1 users browsing this thread. (0 members and 1 guests)