[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Help in moving FR1.x to 3.x EAP-TLS setup.
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2019-05-30 1:59:19
Message-ID: 115E378F-EEC9-4D67-AFEE-7631474FC096 () deployingradius ! com
[Download RAW message or body]

On May 29, 2019, at 6:44 PM, Gregory Sloop <gregs@sloop.net> wrote:
> AD>   If you use eapol_test as described in that page, it's simple to
> AD> add client configurations for EAP-TLS.  In v3, sample
> AD> configuration for eapol_test are in src/tests/eap*.conf
> 
> I don't see any of that ^^^ in Ubuntu.

  The source code *is* available on github, and via "tar" files from the main web \
site.

> I'm puzzled. Perhaps FR3 from sources is way different than FR3 in Ubuntu 18.04 - \
> but I'm pretty sure you'll need an eap[.conf] cofigured in the /mods-available and \
> linked in the /mods-enabled directory to make this work.

  Yes.  But the default configuration does that.

> Thus, you can't just create a CA/Cert/Key and EAP-TLS 'just works' as per \
> http://deployingradius.com/documents/configuration/eap.html - at least not with \
> Ubuntu.

  Maybe Ubuntu broke the default configuration, but I doubt it.

> I'm fine with having to configure eap, but at least on Ubuntu it won't work unless \
>                 you configure EAP and put a link [or the actual config] in 
> /etc/freeradius/3.0/mods-enabled. 

  That link should be added in the default configuration. 

> Probably I'll try to work up a how-to for Ubuntu 18.04 - since the \
> WPA-Enterprise/Radius howto on the wiki is at least 10 years old, and doesn't \
> reflect the realities of 2.x or 3.x, or anything newer than Windows XP. 

  The examples on the Wiki are from 3.0.  They work.  The main issue is that Debian \
systems recently switched the config file from /etc/freeradius to \
/etc/freeradius/3.0.  But that's really the only change.

> I stand a few of these up, perhaps every 10 years or the like - so I'm never going \
> to become a FR guru. Having something modestly straight-forward, without having to \
> wade through a bunch of documentation would be helpful.

  Again, the default configuration works.  Read the configuration files, the \
comments, and it will be pretty straightforward.

  What doesn't work is copying config files from v2 to v3.  That's just impossible \
across major version upgrades.

  What will work is following my guide, at least for TTLS and PEAP.  What will work \
is using the eapol_test configs from the source tree.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]