Re: I had the same issue… here is what worked for me.

Home Page Forums Network Management RADIUS 802.1x and Captive Portal Problem adding Radius Autorized Clien Re: I had the same issue… here is what worked for me.

#52807

So I also had this issue with trying to modify, add, remove any authorized client after I added the first client.

After attempting to use the PostBoot script to overwrite the config file from a file I had edited, it never would take any of my modifications. The reason why is because all of the authorized client info is stored in a local LDAP DB and the config file is dynamically recreated every time the server starts.

So there are two options: Directly mod the LDAP DB, or insert your changes into the dynamically recreated config file.

I am not familiar with LDAP and am plenty comfortable with shell scripts so I opted to inject my changes in the dynamic config file.

The config file (/etc/raddb/clients.conf -> /tmp/radiusclient.conf) is created in the script /root/kerbynet.cgi/scripts/radius_start. So you need to edit that file and inject your own config section. I did all of this via ssh, but you could do it from the console. I imagine this file is loaded from the cdrom image after each boot (I never checked), so first I created a directory in the Database (your configuration for all of your ZS settings).

mkdir /Database/mods

Then I copied the /root/kerbynet.cgi/scripts/radius_start file into my new directory.

cp /root/kerbynet.cgi/scripts/radius_start /Database/mods

I then edited the file in vim. The important bit is below as before and after my edits.

Before


...
$SCRIPTS/rendertemplate radiusd.conf
cat >/tmp/radiusclient.conf <<EOF
client 127.0.0.1 {
secret = ZeroShell
shortname = localhost
nastype = other
}
EOF
...

After


...
$SCRIPTS/rendertemplate radiusd.conf
cat >/tmp/radiusclient.conf <<EOF
client 127.0.0.1 {
secret = ZeroShell
shortname = localhost
nastype = other
}
client main-subnet {
secret = mySuperSecret
shortname = main-subnet
nastype = other
ipaddr = 192168.1.0
netmask = 24
}
EOF
...

Finally to make this all work through reboots I added a PostBoot script to delete the original script, replace it with my modified script, and restart the server.

Here is my PostBoot script to change the radius_start script and restart the server:

#Change Radius client config

rm /root/kerbynet.cgi/scripts/radius_start
cp /Database/mods/radius_start /root/kerbynet.cgi/scripts/radius_start
/etc/init.d/radius restart

Hope this helps.

Tuck