Forum Replies Created
Any chance of a FreeRADIUS update? Version 2.02 is available now.February 22, 2008 at 3:45 am in reply to: Generate cert besed on Certifificate Signing Request #46174
This pdf is a detailed tutorial on how to get your ZeroShell running as a RADIUS Server.February 13, 2008 at 1:39 pm in reply to: Linux QOS is not efficient enough for VoIP over shared WANs #46160
I’ve never seen a router with RADIUS capabilities. Until i tried ZeroShell. 🙄
I used to use the above before I setup Zeroshell as my RADIUS Server. Its a wireless router with a built-in PEAP Server. Worked very well, and was easy to set up.
Understood Fulvio, thanks for the quick reply.December 12, 2007 at 10:36 am in reply to: Auth. against local realm different from EXAMPLE.COM #46053
Rochajoel was kind enough to explain to you that what you need to do is create a new database and this will give you a new realm. This would require you either install Zeroshell to a HD, USB Drive or to a Compact Flash card. What device are you using to run Zeroshell?
Read the FAQ on storage configuration and devices
If you do have a storage device and need a tutorial for creating a database, then just read the first 6 pages of the below tutorial.
I hate to be so elementary but are you trying to connect to Zeroshell at https://192.168.0.75 through a PC that is on the same subnet? The PC you’re running would have to manually be configured with an IP in the 192.168.0.0/24 subnet in order to reach the Zeroshell box and allow you to login.
Yes, it does work with EAP-TTLS [MSCHAPv2], but not EAP-TTLS [EAP-MSCHAPv2], which is strange because PEAP works with EAP-MSCHAPv2 as an inner authentication protocol (EAP-PEAP [EAP-MSCHAPv2]
If interference is that bad, try changing the channel on your access point. You stated in your first post you tried different access points with the same result, so I wouldnt be so quick to blame the quality of the AP. Try changing the channel and see if maybe a higher gain antenna will override this interference.
I live in NYC and I can clearly see 25 APs from my apartment with Netstumbler. Setting my AP to channel 1 makes my connection very unstable although channel 11 for me is rock solid.
Since you switched back to PEAP Joar, are your Vista clients retaining the user credentials between reboots then?
No Paul, using TTLS you dont have to use a client side certificate, it is basically very similar to PEAP, server cert only.
I’m not using ZeroShell in a business environment Paul, just a small home network in the big bad city, with several mobile clients for the extended family. I’d like to see your guide updated with the details to use TTLS as an auth protocol in Windows Vista using SecureW2.
Vista supports PEAP but when used, it doesnt cache the user credentials reliably and requires the user to re-enter the credentials at each login. Using SecureW2 and TTLS avoids this problem.
If you read this post:
You’ll see my post about halfway down with the link to your guide and a link to a university site that explains how to setup SecureW2. You could add these instructions to your guide to help those with Vista clients and ZeroShell.
I get the following from my SysLog Server. If you notice the last line, which states successful authentication. I dont see that in your logs. Seems the station authenticates the server but when the server is supposed to authenticate the station, you’re not proceeding any further in the handshakes.
Sep-11-2007 11:54:01 PM Daemon.Info XX.XX.XX.XX UDP radiusd: rlm_eap_mschapv2: Issuing Challenge
Sep-11-2007 11:54:01 PM Daemon.Notice XX.XX.XX.XX UDP radiusd: Login OK: [UUUUUUU] (from client localhost port 0)
Sep-11-2007 11:54:01 PM Daemon.Notice XX.XX.XX.XX UDP radiusd: Login OK: [UUUUUUU] (from client PPPPP port NN cli MMMMMMMMMMMM)
Sep-11-2007 11:54:01 PM User.Notice XX.XX.XX.X UDP 802.1X: PEAP: “UUUUUUU” successfully authenticated on Access Point XX.XX.XX.XX
The certificates are passed first (I believe) which you are logging in ok, so I believe the problem must lie in the username/password. Too long, ascii chars? Just to be thorough try using a simple username, with a simple password with only letters and numbers.
I used your guide Paul to setup my own ZeroShell setup so excuse me if I’m being too elementary. Just trying to tease your brain, I’m sure you’ll figure it out.
Furthermore, that error you’re getting in version 5 just means you’re not using a client certificate as you would if you were using TLS as an auth protocol. Using TTLS or PEAP gives you this error but is perfectly normal and is just a note that there is no client cert. of which there is supposed to be none.
Personally using Beta6 with WPA2 Enterprise
Buffalo AP with DD-WRT Firmware
Vista and XP clients
Yep, working flawlessly.
Great job Fulvio!
Great news, I’ll keep you updated
Glad to hear it worked for you without issue.