Hi Johan, On Sat, Apr 14, 2012 at 12:06:54PM +0200, Johan Swetzén wrote: > I'm setting up wifi internet in my student dorm (90 people) and > thought wpa2 enterprise with FreeRADIUS (version 2.1.8 running > on Ubuntu) would be a good solution, together with the > incredibly stable Linksys WRT54GL and dd-wrt. There are a few > problems I cannot figure out though:
2.1.8 is pretty old. You should really run the latest 2.1.12, which fixes a number of bugs. It's easy to get running on debian/ubuntu, as the freeradius source comes with debian packaging stuff. See http://wiki.freeradius.org/Build#Building+Debian+packages However, what you're trying to do will work on 2.1.8. > 1. How to set up plain-text accounting. > I saw in the configuration that the log directory is set to > /var/log/freeradius/radacct so I created the directory and made > writable (777 to be sure) but alas, there are no logs. The default config creates this directory and writes logs to it. If you have broken the default config, then it won't work. My guess is a permissions problem, or you've fiddled with the config a lot and broken it, or the NAS is not sending accounting packets. You need to run freeradius as 'freeradius -X' and read the debug output to see what's happening. Look for the 'detail' lines. If you see no accounting packets arrive, work out what's broken on your NAS or network. > 2. How to get freeRADIUS to work with a DHCP server. > I'm not asking about the experimental built-in DHCP server, as > it seems very limited, but is it possible to somehow log the IP > addresses that each user is assigned? We need to know who was > using a certain IP address at a certain time. a) see the answer to question 1. b) The NAS should return the client's IP address in the *accounting* packets, which you aren't currently getting, so you won't see anything at the moment. The end-user's IP address, if sent, should be in the Framed-IP-Address attribute. Their MAC address should be in the accounting logs, and any auth logs, as the Calling-Station-Id attribute. > 3. How to connect using Windows. > It's dead simple to connect to the network with linux, mac and > smartphones but for Windows it seems impossible to find the > right combination of settings. I haven't googled this issue so > much, so maybe there's a simple answer. Also, it's a later > problem. If you're using Active Directory: http://wiki.freeradius.org/freeradius_active_directory_integration_howto If not, see the same page especially http://wiki.freeradius.org/freeradius_active_directory_integration_howto#Configuration+of+users and the MS-CHAP-Use-NTLM-Auth := 0 bit. In short, you need to use PEAP with MS-CHAPv2, or EAP-TLS (certificates/PKI), if you're using Windows <= 7. > P.S. I have attached the radiusd.conf file at the end. I haven't changed much > though. That file is essentially useless, it's the whole config that matters, and that's only a very small part. You need to send the debug output from 'freeradius -X' next time. Cheers Matthew -- Matthew Newton, Ph.D. <m...@le.ac.uk> Systems Architect (UNIX and Networks), Network Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ith...@le.ac.uk> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html