hi,
>I'm setting up wifi internet in my student dorm (90 people) and thought wpa2 >enterprise with FreeRADIUS (version 2.1.8 running on Ubuntu) would be a good >solution, together with the >incredibly stable Linksys WRT54GL and dd-wrt. >There are a few problems I cannot figure out though: i'd advise that you run the latest version before doing anything else. >1. How to set up plain-text accounting. >I saw in the configuration that the log directory is set to >/var/log/freeradius/radacct so I created the directory and made writable (777 >to be sure) but alas, there are no logs. accounting required your NAS (your linksys boxes with dd-wrt) to actually send accounting packets. you should still get authentication logs in the /var/log/freeradius directory (when you dont run in debug mode!) >2. How to get freeRADIUS to work with a DHCP server. >I'm not asking about the experimental built-in DHCP server, as it seems very >limited, but is it possible to somehow log the IP addresses that each user is >assigned? We need to know >who was using a certain IP address at a certain >time. accounting will show IP addresss versus MAC address..... however, to use a DHCP server just ensure that the network that people are dropped onto after authorization/authentication has a DHCP listener on it to hand out addresses. your Linux box could have an interface on the client network and be handing out IP addresses via ISC DHCPD for example. you could always take the syslog of the DHCP server pumped across the net to syslogNG on your linux box too - with some local scripts you can tie things together like that too >3. How to connect using Windows. >It's dead simple to connect to the network with linux, mac and smartphones but >for Windows it seems impossible to find the right combination of settings. I >haven't googled this issue so >much, so maybe there's a simple answer. Also, >it's a later problem. ? just choose PEAP, ensure that you are NOT using the windows loging username/password (unless you have access to eg active directory). check the certificate, validate the CA... if you search for eg 'eduroam windows' you'll find hundreds of academic sites that use 802.1X with Windows - just look at their step by step instructions...and IGNORE those that say dont check the cert/CA (!) alan >P.S. I have attached the radiusd.conf file at the end. I haven't changed much >though. radiusd -X is the only thing of use on the ML - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
