'Re: LDAP, FreeRadius, Ruckus / Zone Director'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: LDAP, FreeRadius, Ruckus / Zone Director
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2020-06-24 0:01:39
Message-ID: 95E18338-D39E-4570-9219-2069919E8B54 () deployingradius ! com
[Download RAW message or body]

On Jun 23, 2020, at 4:57 PM, Steve Sheldon <steve.sheldon@invenshure.com> wrote:
> 
> First Post Here.  Hope everyone is doing well during this season of life we are all \
> in.  I have been struggling with a validation Auth issue from Ruckus wifi for a \
> long time.  I have poured through so many docs, trying to get this to work.

  Most third-party docs are just terrible.

> My Setup:  LDAP (jumpcloud), FreeRADIUS Version 3.0.16, Ubuntu (18.04), Ruckus \
> (Zonedirector 1200 - 10.4.0.0 build 70)

  Hmm... jumpcloud.  The people that keep posting blog entries about how terrible \
FreeRADIUS is.  And that everyone should switch to their cloud hosted RADIUS \
server... based on FreeRADIUS.

  Talk about biting the hand that feeds you.  :(

> Group in LDAP users are members of:  Wifiusers
> 
> 
> What works:
> 
> 1.  ldapsearch -H ldaps://ldap.jumpcloud.com:636 -x -b \
> "ou=Users,o=orgid,dc=jumpcloud,dc=com" -D \
> "uid=binduser,ou=Users,o=orgid,dc=jumpcloud,dc=com" -W \
> "(objectClass=inetOrgPerson)"

  That's good.  You should be able to use those parameters in the mods-enabled/ldap \
configuration.

  If you look at the latest versions of the server, that file has explicit \
documentation on how to map ldapsearch parameters to mods-enabled/ldap config, and \
vice versa.  That helps a lot.

> 2.  radtest username userpassword 127.0.0.1 -1 testing123 - "Received \
> Access-Accept"

  Reading the output of "radtest" is usually useless.  You really need to run \
"radiusd -X" as suggested, oh... everywhere.

> 3.  ZoneDirector - Test Authentication/Accounting Servers Settings - enter in \
> username/userpassword - " Success! The user will be assigned a role of "Default"."

  And... what does "radiusd -X" say?

> What does't Work:
> 
> 1.  From a computer accessing the configured wifi that has been setup to use my \
> Authentication/Accounting Server.

  What is the computer doing?

  Answer: read "radiusd -X" to see.

  http://wiki.freeradius.org/list-help

  This is extensively documented.

> Help:
> 
> 1.  Would anyone be willing to share their "sites-available/default" settings or \
> any other settings he or she used to get Ruckus Auth to work?

  The default configuration works.  You should be able to do only *minimal* changes \
to get 802.1X / EAP to work.  There is no "share a working config".  Just configure \
the LDAP module for your LDAP server.  Enable the ldap module.  Drop in certificates \
for EAP.  It *will* work.

  And read the documentation for what to post to the list.  Honestly, it really \
helps.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic