On 01/22/2011 03:50 PM, David Coulson wrote:
I am trying to move my RADIUS environment from RHEL4 to RHEL6. All it
does is support WPA2-Enterprise authentication with access points.
RHEL4:
freeradius-1.0.1-3.RHEL4.5
RHEL6:
freeradius-2.1.9-3.el6.x86_64
My Netgear APs are setup pointing to my RHEL4 systems right now and it
works fine with this user config:
testuser User-Password := "temp1234"
Tunnel-Type = 13,
Tunnel-Medium-Type = 6,
Tunnel-Private-Group-ID = 100
This should really be:
testuser Cleartext-Password := "temp1234"
... reply attributes ---
...under 2.x
When I duplicate this user config on RHEL6 the AP behaves like it does
not receive any attributes and the user is dropped on the default VLAN.
As always, the FAQ entry for "it doesn't work" is instructive.
Specifically, examine the debug output of "radiusd -X" to see what's
going on. You can paste it here:
http://networkradius.com/freeradius.html
...or post it to the list if you can't figure it out.
Is there a specific process for migrating from 1.x to 2.x? I really did
not have a very elaborate configuration, so I was trying to just rebuild
it from scratch.
In all probability the issue is the new "inner-tunnel" virtual servers
that appeared in 2.x. In 2.x, the "inner" portion of the EAP tunnel goes
through a separate authentication pass to the outer, and the replies
from the inner are not, by default, copied back to the final outer reply
(which the AP sees).
Ensure that you have:
/etc/raddb/sites-enabled/inner-tunnel:
authorize {
...
files
...
}
/etc/raddb/eap.conf:
eap {
...
peap {
...
use_tunneled_reply = yes
...
}
...
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
