Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [freeradius]

FreeRADIUS is an open source RADIUS server

FreeRADIUS is an open source RADIUS (Remote Authentication Dial-In User Service) server. It implements AAA: Authentication, Authorization, and Accounting. It is very flexible and has many modules. It supports many backend databases such MySQL, PostgreSQL or Redis for retrieving/saving AAA data.

Official website.

261 questions
15
votes
3 answers

MacOS clients sporadically disconnect from WPA Enterprise wireless network

We have a small office with ~20 people, each using a MacBook, and optionally connecting with a mobile phone too. Previously we used usual Wi-Fi with a shared key, but recently I reconfigured it to WPA Enterprise, where all users received their own…
Vlad Nikiforov
  • 441
  • 6
  • 15
9
votes
1 answer

Configuring WPA2-Enterprise with Freeradius

I'm trying to set up an authenticated wifi network with Freeradius. I've managed to get things working using self-signed certs etc. The problem is Windows clients need to uncheck the "Automatically use my windows logon name and password [etc.]"…
Vincent O.
  • 91
  • 2
6
votes
2 answers

Centos 7. Freeradius fails to start on boot due to priority

I was messing around with FreeRADIUS and MySQL (MariaDB) and it seems FreeRADIUS service can't start properly on startup. But it starts fine using root user or in debug mode (radiusd -X) and works just fine! Debug mode shows no errors. systemctl…
Alex
  • 516
  • 1
  • 7
  • 18
6
votes
1 answer

Need help understanding PAM directives

I have the following directives in my /etc/pam.d/sshd file on a RHEL5 box and I'm a bit confused. These directives are there to make LDAP+RADIUS+OTP work. What I'm trying to do is tell pam not to check users UID < 499 for LDAP+RADIUS+OTP and also to…
Sidd
  • 103
  • 1
  • 9
5
votes
2 answers

2FA via freeRADIUS, ignoring password

I've been tasked with setting up freeRADIUS to prompt a user for their second authentication factor (eg. Google Authenticator OTP) BUT without first checking the user's password. I'm coming into this completely blind, with no prior RADIUS…
Jeedee
  • 121
  • 1
  • 5
5
votes
1 answer

SSH fallback to local account if Radius server isn't available

I've edited my /etc/pam.d/sshd for Radius authentication; I added this line: auth required pam_radius_auth.so Also, I've commented out the line: @include common-auth Now SSH authentication using Radius is OK if the Radius server is UP but if the…
John
  • 75
  • 1
  • 5
5
votes
1 answer

Multiple Valid Certificates in Windows 7 breaking Wired 802.1x Deployment

I have a Wired 802.1x deployment using TLS machine authentication on Windows 7 (built-in 802.1x supplicant) with the necessary certs (FreeRadius v2.2.3 generated on Linux). Cisco C2960 POE switch is being used. On Windows 7: The Root CA exists in…
Jude_Quintana
  • 51
  • 4
5
votes
2 answers

FreeRADIUS2 and LDAP Authentication

I am currently running a CentOS 5.5 box with FreeRADIUS2 on it. I have the simple authentication turned on right now (username and pass is set via /etc/raddb/users). I want to have FreeRADIUS authenticate users via my current OpenLDAP server. Can…
arukaen
  • 73
  • 2
  • 4
4
votes
1 answer

FreeRADIUS using Active Directory integration broken without any traces

I've a FreeBSD 10.0 server running FreeRADIUS 3 and things got broken without any apparent reason. I'm using Winbind from Samba4 to authenticate with ntlm_auth. I've done some debug to solve the problem, but I was unable to find where is the…
Vinícius Ferrão
  • 5,400
  • 10
  • 52
  • 91
4
votes
1 answer

Configuring rlm_rest module in FreeRadius

using FreeRADIUS I need to authenticate RADIUS users against a web backend and have been attempting to use the rlm_rest module to do it. See here. In my site configuration I have something like this: authorize { rest } and in the authentication…
freb
  • 143
  • 1
  • 7
4
votes
1 answer

How many user/supplicant certificates are needed for WPA2 enterprise on a small network?

I am running WPA2 enterprise for wireless access and I followed the instructions in /etc/raddb/certs/README and the freeRadius site howto. I also read the instructions in the privacywonk site. The question is, the FreeRadius instructions and the…
Sonny
  • 183
  • 1
  • 8
4
votes
1 answer

Configure Freeradius to check a connecting user against multiple LDAP groups

I'm setting up a Cisco ASA as a client vpn server. The appliance is relying on freeradius to authenticate the users. Freeradius has in turn been configured to query OpenLDAP. The modules/ldap file has been configured to check the groups ownership…
spidernik84
  • 319
  • 1
  • 5
  • 12
4
votes
5 answers

802.1x PEAP GPO that trusts self-signed CA certificate

I am working on a Freeradius backed 802.1.x authentication infrastructure for our wireless clients. I am using a rather generic Freeradius configuration with EAP-PEAP. Our clients are predominantly Windows XP SP3 machines but a few Windows 7 32 and…
user62491
3
votes
2 answers

MSCHAPv2 authentication not working

I've been fighting with this for around a week now. I'm trying to get a RADIUS server to authenticate against our Samba-based Active Directory, but I can't get it to work. Because of our infrastructure, PAP will not work. Because AD does not offer a…
Dessa Simpson
  • 491
  • 7
  • 25
3
votes
2 answers

freeradius two factor without factor concatenation

I have a cisco router providing an SSL VPN server which is talking to freeradius, which in turn uses pam and two pam modules (sss & yubico) to provide two factor authentication for the VPN. All is good in the world and it does work, except that for…
Sirex
  • 5,447
  • 2
  • 32
  • 54
1
2 3
17 18