Hi Ubence, Ubence Quevedo wrote: > Hi All, > > We have somewhat gotten the Packetfence ZEN 1.9.0 to work with wired > connections, but we are having some issues getting freeradius configured > to be usable for wireless connections. > > From the PF Admin manual [specifically Chapter 5], we’ve put all of the > configuration information in place for freeradius, however the service > fails to start. > > Here is the output from running radiusd -X: > [...] > > rlm_eap: No such sub-type for default EAP type peap > > radiusd.conf[10]: eap: Module instantiation failed. > > radiusd.conf[1945] Unknown module "eap". > > radiusd.conf[1892] Failed to parse authenticate section. > > Is there something we are missing in our radius config in order for it > to work properly?
Chapter 5 is split into two sections: MAC Authentication (open wi-fi) and 802.1x (WPA Enterprise). Have you followed the appropriate section? EAP is only required for 802.1X. If you don't plan to use it, comment the module from the authenticate and authorize section of radiusd.conf. > > Also, both Snort and Nessus look to be non-free products. Do we need to > purchase the full versions of both softwares in order to get full > functionality out of both? Adding to what Joel already replied: Snort is free and open source. Nessus *was* free and open source but isn't since a long time. You can use snort in a commercial environment without paying as long as you don't use their proprietary rules. The PacketFence installer fetches rules from emerging threats[1] because of this. For Nessus, you need to pay to use it in a corporate setting. We would be interested in being sponsored to port this functionality to another open source tool (nmap or OpenVAS?). > I ask because when I try to get Snort > working, the service fails to start properly even when I reference the > oinkmaster config that is included in PF. It might be missing some rules that are expected to be in place. Can you send us the exact error message (from /var/log/messages)? > When we tried to get Nessus > scanning working, it just seemed to hang on the initial client > registration portal. Nessus configuration is hard to get right on the first try. To troubleshoot it, the best is to request a scan on the CLI by hand: /usr/local/pf/bin/pfcmd schedule now <ip> where <ip> is the valid IP of a node in registration VLAN. Then either look at the console output or in /usr/local/pf/logs/packetfence.log Do not hesitate to ask further questions. Have a nice day! [1] http://www.emergingthreats.net/ -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
