Problem adding Radius Autorized Clien

Home Page Forums Network Management RADIUS 802.1x and Captive Portal Problem adding Radius Autorized Clien

This topic contains 1 reply, has 0 voices, and was last updated by  ewoutdenheijer 5 years, 2 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #43700

    Hi,

    I’m trying to add an authorizes client to the Radius server. When i try this the webinterface makes me wait forever and nothing happens. Kerbynet uses 100% cpu until i kill the process.

    I’ve switched on Kerbynet logging but noting is logged, just the following:
    [Jul 30 16:00,41] example.com
    [Jul 30 16:01,17] example.com
    [Jul 30 16:01,41] example.com
    [Jul 30 16:02,17] example.com
    [Jul 30 16:02,41] example.com
    [Jul 30 16:03,17] example.com
    [Jul 30 16:03,41] example.com
    [Jul 30 16:04,17] example.com
    [Jul 30 16:04,33] example.com
    [Jul 30 16:04,41] example.com

    Does anyone have any idea whats going on?

    Thanks you your ideas!

    #52807

    So I also had this issue with trying to modify, add, remove any authorized client after I added the first client.

    After attempting to use the PostBoot script to overwrite the config file from a file I had edited, it never would take any of my modifications. The reason why is because all of the authorized client info is stored in a local LDAP DB and the config file is dynamically recreated every time the server starts.

    So there are two options: Directly mod the LDAP DB, or insert your changes into the dynamically recreated config file.

    I am not familiar with LDAP and am plenty comfortable with shell scripts so I opted to inject my changes in the dynamic config file.

    The config file (/etc/raddb/clients.conf -> /tmp/radiusclient.conf) is created in the script /root/kerbynet.cgi/scripts/radius_start. So you need to edit that file and inject your own config section. I did all of this via ssh, but you could do it from the console. I imagine this file is loaded from the cdrom image after each boot (I never checked), so first I created a directory in the Database (your configuration for all of your ZS settings).

    mkdir /Database/mods

    Then I copied the /root/kerbynet.cgi/scripts/radius_start file into my new directory.

    cp /root/kerbynet.cgi/scripts/radius_start /Database/mods

    I then edited the file in vim. The important bit is below as before and after my edits.

    Before


    ...
    $SCRIPTS/rendertemplate radiusd.conf
    cat >/tmp/radiusclient.conf <<EOF
    client 127.0.0.1 {
    secret = ZeroShell
    shortname = localhost
    nastype = other
    }
    EOF
    ...

    After


    ...
    $SCRIPTS/rendertemplate radiusd.conf
    cat >/tmp/radiusclient.conf <<EOF
    client 127.0.0.1 {
    secret = ZeroShell
    shortname = localhost
    nastype = other
    }
    client main-subnet {
    secret = mySuperSecret
    shortname = main-subnet
    nastype = other
    ipaddr = 192168.1.0
    netmask = 24
    }
    EOF
    ...

    Finally to make this all work through reboots I added a PostBoot script to delete the original script, replace it with my modified script, and restart the server.

    Here is my PostBoot script to change the radius_start script and restart the server:

    #Change Radius client config

    rm /root/kerbynet.cgi/scripts/radius_start
    cp /Database/mods/radius_start /root/kerbynet.cgi/scripts/radius_start
    /etc/init.d/radius restart

    Hope this helps.

    Tuck

    #52808

    Hi Tuck,

    It works great! Thanks!

    To bad the entries don’t show up in the gui, but it work and that’s important 🙂

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.