[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: LDAP, FreeRadius, Ruckus / Zone Director
From: Alan DeKok <aland () deployingradius ! com>
Date: 2020-06-24 0:01:39
Message-ID: 95E18338-D39E-4570-9219-2069919E8B54 () deployingradius ! com
[Download RAW message or body]
On Jun 23, 2020, at 4:57 PM, Steve Sheldon <steve.sheldon@invenshure.com> wrote:
>
> First Post Here. Hope everyone is doing well during this season of life we are all \
> in. I have been struggling with a validation Auth issue from Ruckus wifi for a \
> long time. I have poured through so many docs, trying to get this to work.
Most third-party docs are just terrible.
> My Setup: LDAP (jumpcloud), FreeRADIUS Version 3.0.16, Ubuntu (18.04), Ruckus \
> (Zonedirector 1200 - 10.4.0.0 build 70)
Hmm... jumpcloud. The people that keep posting blog entries about how terrible \
FreeRADIUS is. And that everyone should switch to their cloud hosted RADIUS \
server... based on FreeRADIUS.
Talk about biting the hand that feeds you. :(
> Group in LDAP users are members of: Wifiusers
>
>
> What works:
>
> 1. ldapsearch -H ldaps://ldap.jumpcloud.com:636 -x -b \
> "ou=Users,o=orgid,dc=jumpcloud,dc=com" -D \
> "uid=binduser,ou=Users,o=orgid,dc=jumpcloud,dc=com" -W \
> "(objectClass=inetOrgPerson)"
That's good. You should be able to use those parameters in the mods-enabled/ldap \
configuration.
If you look at the latest versions of the server, that file has explicit \
documentation on how to map ldapsearch parameters to mods-enabled/ldap config, and \
vice versa. That helps a lot.
> 2. radtest username userpassword 127.0.0.1 -1 testing123 - "Received \
> Access-Accept"
Reading the output of "radtest" is usually useless. You really need to run \
"radiusd -X" as suggested, oh... everywhere.
> 3. ZoneDirector - Test Authentication/Accounting Servers Settings - enter in \
> username/userpassword - " Success! The user will be assigned a role of "Default"."
And... what does "radiusd -X" say?
> What does't Work:
>
> 1. From a computer accessing the configured wifi that has been setup to use my \
> Authentication/Accounting Server.
What is the computer doing?
Answer: read "radiusd -X" to see.
http://wiki.freeradius.org/list-help
This is extensively documented.
> Help:
>
> 1. Would anyone be willing to share their "sites-available/default" settings or \
> any other settings he or she used to get Ruckus Auth to work?
The default configuration works. You should be able to do only *minimal* changes \
to get 802.1X / EAP to work. There is no "share a working config". Just configure \
the LDAP module for your LDAP server. Enable the ldap module. Drop in certificates \
for EAP. It *will* work.
And read the documentation for what to post to the list. Honestly, it really \
helps.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic