[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: Help in moving FR1.x to 3.x EAP-TLS setup.
From: Alan DeKok <aland () deployingradius ! com>
Date: 2019-05-30 1:59:19
Message-ID: 115E378F-EEC9-4D67-AFEE-7631474FC096 () deployingradius ! com
[Download RAW message or body]
On May 29, 2019, at 6:44 PM, Gregory Sloop <gregs@sloop.net> wrote:
> AD> If you use eapol_test as described in that page, it's simple to
> AD> add client configurations for EAP-TLS. In v3, sample
> AD> configuration for eapol_test are in src/tests/eap*.conf
>
> I don't see any of that ^^^ in Ubuntu.
The source code *is* available on github, and via "tar" files from the main web \
site.
> I'm puzzled. Perhaps FR3 from sources is way different than FR3 in Ubuntu 18.04 - \
> but I'm pretty sure you'll need an eap[.conf] cofigured in the /mods-available and \
> linked in the /mods-enabled directory to make this work.
Yes. But the default configuration does that.
> Thus, you can't just create a CA/Cert/Key and EAP-TLS 'just works' as per \
> http://deployingradius.com/documents/configuration/eap.html - at least not with \
> Ubuntu.
Maybe Ubuntu broke the default configuration, but I doubt it.
> I'm fine with having to configure eap, but at least on Ubuntu it won't work unless \
> you configure EAP and put a link [or the actual config] in
> /etc/freeradius/3.0/mods-enabled.
That link should be added in the default configuration.
> Probably I'll try to work up a how-to for Ubuntu 18.04 - since the \
> WPA-Enterprise/Radius howto on the wiki is at least 10 years old, and doesn't \
> reflect the realities of 2.x or 3.x, or anything newer than Windows XP.
The examples on the Wiki are from 3.0. They work. The main issue is that Debian \
systems recently switched the config file from /etc/freeradius to \
/etc/freeradius/3.0. But that's really the only change.
> I stand a few of these up, perhaps every 10 years or the like - so I'm never going \
> to become a FR guru. Having something modestly straight-forward, without having to \
> wade through a bunch of documentation would be helpful.
Again, the default configuration works. Read the configuration files, the \
comments, and it will be pretty straightforward.
What doesn't work is copying config files from v2 to v3. That's just impossible \
across major version upgrades.
What will work is following my guide, at least for TTLS and PEAP. What will work \
is using the eapol_test configs from the source tree.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic