Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [freeradius]

FreeRADIUS is an open source RADIUS server

FreeRADIUS is an open source RADIUS (Remote Authentication Dial-In User Service) server. It implements AAA: Authentication, Authorization, and Accounting. It is very flexible and has many modules. It supports many backend databases such MySQL, PostgreSQL or Redis for retrieving/saving AAA data.

Official website.

261 questions
1
vote
1 answer

Is it ok to use PAP with TTLS on radius server?

We have deployed Radius server ( Freeradius 3.x ) and connected it to our LDAP database (ForgeRock OpenDJ). We have successfully configured EAP-TTLS with valid certificates and set it as default connection method. ( almost all other settings are…
pagep
  • 137
  • 1
  • 9
1
vote
1 answer

freeradius: assign IP from specific pool filtered by user

I'm new here. I have a freeradius 3 with sqlippool and LDAP authentication (with a "guest" file-configured user), all working fine. I have 2 sqlippools: -main_pool -guest_pool I want to do the following: if the user is "guest" then offer an IP from…
Pixel
  • 11
  • 4
1
vote
1 answer

Run FreeRADIUS on FIPS enabled Redhat server?

I'm attempting to install a FreeRADIUS server on a RHEL 6.9 VM. This VM is operating in FIPS mode. I'm running into the problem described in a Red Hat bug report found here. According to that bug report from March of 2015 the RADIUS protocol…
dutsnekcirf
  • 79
  • 1
  • 3
  • 14
1
vote
2 answers

FreeRADIUS with LDAP vs Kerberos

The following site discusses how to setup FreeRADIUS to authenticate against an LDAP backend (it goes through a tutorial showing how to expose NT hashed passwords in FreeIPA so that FreeRADIUS can read…
user3814483
  • 183
  • 9
1
vote
1 answer

cannot read clients from nas table in freeradius only from clients.conf

I have installed freeradius on Centos. The MySQL database is populated with some data for testing, and the freeradiusd.conf and sql.conf are configured. The RADIUS server is able to connect with the MySQL database, and I can authenticate users from…
ahmad charafdin
  • 11
  • 1
  • 6
1
vote
1 answer

Return additional attributes after FreeRADIUS authentication

I would like to return additional attributes in the response after successfully authenticating against radius. Consider the following: testuser Cleartext-Password := "testpassword" DEFAULT Unix-FTP-Shell = "Test" In…
Tuaris
  • 51
  • 2
  • 10
1
vote
1 answer

OpenVPN with Radius simultaneous connection

I'm trying to set-up OpenVPN server with radius authentication and accounting. Basics are working. Users can authenticate to OpenVPN server with their Radius accounts but there is a problem about simultaneous connection which i couldn't fix. Also I…
kenarsuleyman
  • 111
  • 5
1
vote
1 answer

Can't authenticate radius against active directory

I'm trying to use the LDAP module to authenticate radius clients against active directory, so I need to have it actually use LDAP as the authenticator. However, it seems User-Password isn't getting set. First of all, is User-Password supposed to be…
Dessa Simpson
  • 491
  • 7
  • 25
1
vote
1 answer

"Transport encryption required" when using transport encryption

I'm trying to set up a radius server to authenticate against LDAP, but I'm running into a weird issue: rlm_ldap (ldap): Bind with radiusd@[domain] to ldaps://localhost:636 failed: Strong(er) authentication required rlm_ldap (ldap): Server said:…
Dessa Simpson
  • 491
  • 7
  • 25
1
vote
2 answers

Why freeradius server says invalid Message-Authenticator which is generated from radtest?

I am learning how to use freeradius, the version is v2.1.12. When I run radtest, there is no response from server, I see server side debug message has the following: Received packet from 127.0.0.1 with invalid Message-Authenticator! (Shared secret…
my_question
  • 111
  • 1
  • 1
  • 3
1
vote
0 answers

Google authentication freeRadius server stop working

It is very funny issue. THe Free radius server has been up and running for almost one year, no any issue. All the sudden it stops working this week. I test the domain user from local: radtest jzwang@yyy.yyy.yy 'yyy11111' localhost 18120…
Zhujun Wang
  • 11
  • 1
1
vote
0 answers

Freeradius Proxy eap-mschapv2 auth to non-eap Radius server

I'm using strongswan 5.6.0 & Freeradius 3.0.13 on CentOS7 as vpn server - Strongswan send radius requests to freeradius - freeradius proxy all request to another Radius Server that not support EAP challenge All non-eap request from freeradius…
Pedram Masoumi
  • 11
  • 1
1
vote
1 answer

Separate users in two groups (staff and guests) in FreeRADIUS 3

I have a FreeRADIUS (3.0.15) server for WPA authentication (PEAP + MSCHAPv2) and everything works out of the box even though it feels like it would take a lifetime of study in an enclosed monastery to master every bit of the configuration. I have my…
jamarju
  • 113
  • 1
  • 3
1
vote
1 answer

What characters are allowed for the username and password in FreeRADIUS?

I am testing the WLAN functionalities of a device connecting to a RADIUS server. This RADIUS server is located on a Raspberry Pi with Raspbian Stretch and is using FreeRADIUS 3.0 and Hostapd. For EAP-PEAP MSCHAPv2 the device should be able to handle…
Jannis Kappertz
  • 47
  • 7
1
vote
1 answer

How do I force freeradius to check certificates validity?

I am trying to install a freeradius server on my debian 9 machine. I succeeded to install it with apt. I also succeeded to run it and accept user and password and reject the connection if you don't present a good user and password. But I need to…
arnaud
  • 11
  • 1
  • 4
1 2 3
17 18