Server Fault
Server Fault

Questions tagged [freeradius]

FreeRADIUS is an open source RADIUS server

FreeRADIUS is an open source RADIUS (Remote Authentication Dial-In User Service) server. It implements AAA: Authentication, Authorization, and Accounting. It is very flexible and has many modules. It supports many backend databases such MySQL, PostgreSQL or Redis for retrieving/saving AAA data.

Official website.

296 questions
15
votes
3 answers

MacOS clients sporadically disconnect from WPA Enterprise wireless network

We have a small office with ~20 people, each using a MacBook, and optionally connecting with a mobile phone too. Previously we used usual Wi-Fi with a shared key, but recently I reconfigured it to WPA Enterprise, where all users received their own…
Vlad Nikiforov
  • 483
9
votes
1 answer

Configuring WPA2-Enterprise with Freeradius

I'm trying to set up an authenticated wifi network with Freeradius. I've managed to get things working using self-signed certs etc. The problem is Windows clients need to uncheck the "Automatically use my windows logon name and password [etc.]"…
Vincent O.
  • 91
6
votes
1 answer

SSH fallback to local account if Radius server isn't available

I've edited my /etc/pam.d/sshd for Radius authentication; I added this line: auth required pam_radius_auth.so Also, I've commented out the line: @include common-auth Now SSH authentication using Radius is OK if the Radius server is UP but if the…
John
  • 85
6
votes
2 answers

Centos 7. Freeradius fails to start on boot due to priority

I was messing around with FreeRADIUS and MySQL (MariaDB) and it seems FreeRADIUS service can't start properly on startup. But it starts fine using root user or in debug mode (radiusd -X) and works just fine! Debug mode shows no errors. systemctl…
Alex
  • 517
6
votes
1 answer

Need help understanding PAM directives

I have the following directives in my /etc/pam.d/sshd file on a RHEL5 box and I'm a bit confused. These directives are there to make LDAP+RADIUS+OTP work. What I'm trying to do is tell pam not to check users UID < 499 for LDAP+RADIUS+OTP and also to…
Sidd
  • 103
  • 1
  • 9
5
votes
2 answers

2FA via freeRADIUS, ignoring password

I've been tasked with setting up freeRADIUS to prompt a user for their second authentication factor (eg. Google Authenticator OTP) BUT without first checking the user's password. I'm coming into this completely blind, with no prior RADIUS…
Jeedee
  • 121
5
votes
2 answers

Why freeradius server says invalid Message-Authenticator which is generated from radtest?

I am learning how to use freeradius, the version is v2.1.12. When I run radtest, there is no response from server, I see server side debug message has the following: Received packet from 127.0.0.1 with invalid Message-Authenticator! (Shared secret…
my_question
  • 151
5
votes
1 answer

Multiple Valid Certificates in Windows 7 breaking Wired 802.1x Deployment

I have a Wired 802.1x deployment using TLS machine authentication on Windows 7 (built-in 802.1x supplicant) with the necessary certs (FreeRadius v2.2.3 generated on Linux). Cisco C2960 POE switch is being used. On Windows 7: The Root CA exists in…
Jude_Quintana
  • 51
5
votes
2 answers

FreeRADIUS2 and LDAP Authentication

I am currently running a CentOS 5.5 box with FreeRADIUS2 on it. I have the simple authentication turned on right now (username and pass is set via /etc/raddb/users). I want to have FreeRADIUS authenticate users via my current OpenLDAP server. Can…
arukaen
  • 73
4
votes
1 answer

FreeRADIUS using Active Directory integration broken without any traces

I've a FreeBSD 10.0 server running FreeRADIUS 3 and things got broken without any apparent reason. I'm using Winbind from Samba4 to authenticate with ntlm_auth. I've done some debug to solve the problem, but I was unable to find where is the…
Vinícius Ferrão
  • 5,870
4
votes
1 answer

Configuring rlm_rest module in FreeRadius

using FreeRADIUS I need to authenticate RADIUS users against a web backend and have been attempting to use the rlm_rest module to do it. See here. In my site configuration I have something like this: authorize { rest } and in the authentication…
freb
  • 143
  • 1
  • 9
4
votes
1 answer

How many user/supplicant certificates are needed for WPA2 enterprise on a small network?

I am running WPA2 enterprise for wireless access and I followed the instructions in /etc/raddb/certs/README and the freeRadius site howto. I also read the instructions in the privacywonk site. The question is, the FreeRadius instructions and the…
Sonny
  • 183
4
votes
1 answer

Reload Freeradius clients without restart the service

Is there a way to reload the Freeradius clients configuration without restarting the service? I'm using: Ubuntu Server 12 Freeradius 2.1.10 MySQL v5.5.20 (I'm storing the clients in the "nas" table)
PachinSV
  • 203
4
votes
1 answer

Configure Freeradius to check a connecting user against multiple LDAP groups

I'm setting up a Cisco ASA as a client vpn server. The appliance is relying on freeradius to authenticate the users. Freeradius has in turn been configured to query OpenLDAP. The modules/ldap file has been configured to check the groups ownership…
spidernik84
  • 329
4
votes
5 answers

802.1x PEAP GPO that trusts self-signed CA certificate

I am working on a Freeradius backed 802.1.x authentication infrastructure for our wireless clients. I am using a rather generic Freeradius configuration with EAP-PEAP. Our clients are predominantly Windows XP SP3 machines but a few Windows 7 32 and…
user62491
1
2 3
19 20