Hey,
I've managed to get RADIUS working under clearOS 7, it appears that the configuration files auto-generated on the system are for freeradius2 but clearOS 7 uses freeradius 3.
So because the app vas remvoed from the market you have to install the package from cli
Enable the ldap directory in your web interface and configure the clients (WiFi -AP whatever)
After that go to /etc/raddb/mods-available/ and edit the ldap file.
This is the template
Just copy the server, identity and password strings from the old config, and properly configure the baseDN for the searches.
After that just restart the radius server with
And you're good to go.
Hopefully this will help someone.
I've managed to get RADIUS working under clearOS 7, it appears that the configuration files auto-generated on the system are for freeradius2 but clearOS 7 uses freeradius 3.
So because the app vas remvoed from the market you have to install the package from cli
yum install app-radiusEnable the ldap directory in your web interface and configure the clients (WiFi -AP whatever)
After that go to /etc/raddb/mods-available/ and edit the ldap file.
This is the template
ldap {
server = "localhost"
port = 389
identity = "cn=manager,ou=Internal,dc=DOMAIN,dc=NAME"
password = yourpassword
basedn = "dc=DOMAIN,dc=NAME"
user {
base_dn = "ou=Users,ou=Accounts,dc=DOMAIN,dc=NAME"
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
}
update {
control:Password-With-Header += 'clearSHAPassword'
control:NT-Password := 'clearMicrosoftNTPassword'
}
group {
base_dn = "ou=Groups,ou=Accounts,dc=DOMAIN,dc=NAME"
filter = '(objectClass=posixGroup)'
membership_attribute = 'memberOf'
}
options {
chase_referrals = yes
rebind = yes
use_referral_credentials = no
res_timeout = 10
srv_timelimit = 3
idle = 60
probes = 3
interval = 3
ldap_debug = 0x0028
}
tls {
}
pool {
start = ${thread[pool].start_servers}
min = ${thread[pool].min_spare_servers}
max = ${thread[pool].max_servers}
spare = ${thread[pool].max_spare_servers}
uses = 0
retry_delay = 30
lifetime = 0
idle_timeout = 60
connect_timeout = 3.0
}
}Just copy the server, identity and password strings from the old config, and properly configure the baseDN for the searches.
After that just restart the radius server with
systemctl restart radiusdAnd you're good to go.
Hopefully this will help someone.
Share this post:
Responses (5)
-
Accepted Answer
For those wanting to try out the package in testing and can provide me with feedback, please test the package by running:
yum --enablerepo=clearos-updates-testing upgrade app-radius
You should be getting version 2.2.0-2.v7
Let me know so we can generally release this and then put it back in the marketplace. -
Accepted Answer
Updates to the bug report for app-freeradius is in. Expect a patch in the next couple of days to soon to hit updates-testing and for the following bug report to be closed. Thanks for the patience.
https://tracker.clearos.com/view.php?id=6101 -
Accepted Answer
Hi Ales,
<strike>Could you be more specific with "Just copy the server, identity and password strings from the old config, and properly configure the baseDN for the searches." ??
I copied your code to my /etc/raddb/mods-available/ldap, but when I test radius by running radiusd -X -xxx, radius stops with error.</strike>
I need to configure radius with MySQL, do you have any working configuration ???
Thanks in advance. -
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »