+ Post New Thread
Results 1 to 11 of 11
Wireless Networks Thread, FreeRadius/Wireless & Active directory in Technical; Has anyone got a good guide to setting freeradius up to secure a wireless network. Russ...
  1. #1

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,915
    Thank Post
    708
    Thanked 549 Times in 364 Posts
    Blog Entries
    3
    Rep Power
    204

    FreeRadius/Wireless & Active directory

    Has anyone got a good guide to setting freeradius up to secure a wireless network.

    Russ

  2. #2

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,400
    Thank Post
    636
    Thanked 961 Times in 661 Posts
    Blog Entries
    2
    Rep Power
    319

  3. #3

    Join Date
    Oct 2008
    Location
    Hedge End, Southampton
    Posts
    56
    Thank Post
    1
    Thanked 10 Times in 10 Posts
    Rep Power
    13
    The guides posted above are good - implemented the same setup here over the summer. The configuration is fairly simple, just be careful which distribution you use (if you're using packages).

    The Debian FreeRADIUS packages are (quietly) compiled without SSL support (due to licensing) so EAP will never work with them (that was a frustrating half week). After Debian I moved over to Fedora 9, only to find that the packaged version of winbind was incompatible, so had to compile an older version to get it running.

  4. #4

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    Im wanting to use freeradius on ubuntu to authenticate our wireless clients from AD. All the wireless devices MAC addresses are listed as users in AD, and the wireless controller uses these usernames to authenticate in AD. At the moment we use IAS on 2003 and it seems to be playing up, so I want to try it out on ubuntu. The actual encryption of the Wifi is already taken care of.

    Never dabbled with connecting linux to AD so a comeplete newbie on that part, so any step by step guides for what im looking for or a point in the right direction would be great.. cheers!

  5. #5

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    all our linux experts gone AWOL? :P

  6. #6

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    737
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    36
    @Russ

    Not on free radius, but we made a guide for Windows 2003 IAS (MS Radius server for CC3) could porbably give you ideas.

    http://www.edugeek.net/forums/networ...as-server.html

    Ash.

  7. #7
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,419
    Thank Post
    507
    Thanked 282 Times in 258 Posts
    Rep Power
    81
    eBox or Zentyal as it's now commonly called is good

  8. #8

    Join Date
    Oct 2008
    Location
    Hedge End, Southampton
    Posts
    56
    Thank Post
    1
    Thanked 10 Times in 10 Posts
    Rep Power
    13
    Quote Originally Posted by RabbieBurns View Post
    Im wanting to use freeradius on ubuntu to authenticate our wireless clients from AD. All the wireless devices MAC addresses are listed as users in AD, and the wireless controller uses these usernames to authenticate in AD. At the moment we use IAS on 2003 and it seems to be playing up, so I want to try it out on ubuntu. The actual encryption of the Wifi is already taken care of.

    Never dabbled with connecting linux to AD so a comeplete newbie on that part, so any step by step guides for what im looking for or a point in the right direction would be great.. cheers!
    I struggled to figure out why this 2 year old thread had come back to life, then struggled more to figure out what you're trying to do

    Are you trying to authenticate by username/password AND MAC address as I'm just about to roll out (more or less) that exactly configuration, so could probably help you..

  9. #9

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    James, The wireless MAC addresses exist in AD as user accounts. They all have a password set, which is the same password. This password is also entered onto the Wifi Controller. The controller sends the MAC address as the username, and said password, to RADIUS, which checks it in AD, which then uses accept or reject to allow it onto the network.

  10. #10

    Join Date
    Oct 2008
    Location
    Hedge End, Southampton
    Posts
    56
    Thank Post
    1
    Thanked 10 Times in 10 Posts
    Rep Power
    13
    Ah I see - interesting configuration. Good news is that it should be fairly simple to achieve what you're after as it's a fairly standard configuration for authenticating against AD, just without the extra encryption you usually do that the same time.

    You should be able to make a start by following the guide here (as posted up thread): FreeRADIUS Active Directory Integration HOWTO - FreeRADIUS Wiki

    But don't worry about configuring EAP, just do the bit to get ntlm_auth working to check the user accounts.

    If you can get ntlm_auth working then you should be pretty much there, as an added bonus you can test with radtest rather that eapol_test as you don't have to worry about the EAP/SSL negotiation.

    If you get stuck post up some freeradius debug output and someone can try and diagnose what is going wrong:
    Code:
    /usr/sbin/radiusd -X | tee /tmp/radius.out

  11. #11

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    thanks for your reply james.

    Ive got all that done, and having some problems with it..

    Ive got a thread going on the freeradius mailling list at the moment if you would like to take a look and see if theres anything you could add/comment about?

    FreeRadius - User - mschap with ntlm_auth and Active Directory

    cheers

SHARE:
+ Post New Thread

Similar Threads

  1. Active Directory
    By Neville in forum Windows
    Replies: 6
    Last Post: 25th June 2008, 03:24 PM
  2. Exporting From Active Directory
    By tri_94 in forum Learning Network Manager
    Replies: 13
    Last Post: 24th April 2008, 03:42 PM
  3. Replies: 7
    Last Post: 31st January 2008, 12:17 PM
  4. active directory all messed up
    By alonebfg in forum Windows
    Replies: 2
    Last Post: 7th January 2008, 08:25 PM
  5. Wireless bridgeing and Active directory replication
    By HodgeHi in forum Wireless Networks
    Replies: 5
    Last Post: 7th February 2007, 12:12 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •