Hi all, I saw this howto: Setting Up A FreeRadius Based AAA Server With MySQL & Management With Daloradius . This howto however, is for Ubuntu. I'm looking for this howto but then for Debian 5.0. Could someone please explain to me what I need to do to make it work on Debian? Thanks!
Yes its shouldnt be a problem as ubuntu is based on the debian´s testing version, I think its SID these days. go ahead try it and cough up a nice howto . -- Ozzy
Getting stuck when wanting to issue this command: 'dpkg-buildpackage -rfakeroot', it returns errors. I tried apt-get install fakeroot, but that didnt solve it. Any ideas?
The first strange thing is, that my source package contains this: Which one do I need? If I choose freeradius-2.0.4+dfsg and I run vi debian/rules my for-loop looks also different: Is this the for-loop they talk about?
U need all of those packages. Check out the link that I had pasted (regarding compiling..some debian link I think. in reference i.e.). It´ll develop the concept. Cheers --- Ozzy
I continued compiling but again I get an error, but I am sure I have all the packages (using apt-get), also python-dev and ilbssl. With the howto at the end of the howto that I followed it returns the same errors... Edit: I also don't have an example scheme for MYSQL in the freeradius package...
Thanks for the information about the schemes, I imported the SQL one, but again, I ran into some problems. In my radiusd.conf, there is no authorize section and also no accounting section, so I just pasted them under the last section. When I start freeradius in debugmode, it returns the following: What can be done to solve this?
Falko: I am not sure if thats sarcasm or not but yes, of course u need freeradius-mysql package to be installed. but mysql module also needs to be activated from one of the configuration file. in /etc/raddb/radiusd.conf ( in debian its probably /etc/freeradius/radiusd.conf or freeradius.conf) u need to un-comment the sql directive. i.e $INCLUDE sql.conf so as to enable sql thingy. GHz: U running on MHz´s instead of GHzs. You seem to be confusing freeradius 1.7.X with freeradius 2.x. FR 2.X has slight bit of changes compared with 1.7.x. Follow the configurations setting from this tutorial while configuring the 2.X http://www.howtoforge.com/authentic...ckend-and-webbased-management-with-daloradius (Be mindful of the fact that in the centos 5.x packages, configurations are installed in /etc/raddb/.. folder while in debian based distros they go into /etc/freeradius/... ) mysql schema link is also in there. Let me know if it works & of course do cough up a nice howto about fr2 on debian. lets make some more money for falko. Cheers -- Ozzy
No, it was a serious question (I've never worked with freeradius before, but I was guessing that there's probably a freeradius-mysql package that is missing).
packages ! Oh okay. Anyway yes after compiling you do end up with quite a bit of packages . E.g. I have the following packages. U can guess what are they about/for. freeradius-2.0.5-1.i386.rpm freeradius-debuginfo-2.0.5-1.i386.rpm freeradius-devel-2.0.5-1.i386.rpm freeradius-dialupadmin-2.0.5-1.i386.rpm freeradius-dialupadmin-ldap-2.0.5-1.i386.rpm freeradius-dialupadmin-mysql-2.0.5-1.i386.rpm freeradius-dialupadmin-postgresql-2.0.5-1.i386.rpm freeradius-krb5-2.0.5-1.i386.rpm freeradius-ldap-2.0.5-1.i386.rpm freeradius-libs-2.0.5-1.i386.rpm freeradius-mysql-2.0.5-1.i386.rpm freeradius-perl-2.0.5-1.i386.rpm freeradius-postgresql-2.0.5-1.i386.rpm freeradius-python-2.0.5-1.i386.rpm freeradius-unixODBC-2.0.5-1.i386.rpm freeradius-utils-2.0.5-1.i386.rpm Cheers -- Ozzy
Just tried the ubuntu tutorial with ubuntu 9.04 server, but ubuntu also gets fr 2.X instead of 1.X. I just can't get it working. Does anybody else know a howto for this on Debian?
GHz kindly follow the advise given in above mentioned comments. (comment #12 i.e. http://www.howtoforge.com/forums/showpost.php?p=200251&postcount=12 ) Cheers -- Ozzy
Everything is compiled now, but when installing the deb files, I am getting some warnings: Code: radius:/tmp# dpkg -i libfreeradius2_2.0.4+dfsg-7_i386.deb Selecting previously deselected package libfreeradius2. (Reading database ... 26361 files and directories currently installed.) Unpacking libfreeradius2 (from libfreeradius2_2.0.4+dfsg-7_i386.deb) ... Setting up libfreeradius2 (2.0.4+dfsg-7) ... radius:/tmp# dpkg -i freeradius_2.0.4+dfsg-7_i386.deb (Reading database ... 26367 files and directories currently installed.) Preparing to replace freeradius 2.0.4+dfsg-7 (using freeradius_2.0.4+dfsg-7_i386.deb) ... Unpacking replacement freeradius ... Setting up freeradius (2.0.4+dfsg-7) ... stripping trailing / stripping trailing / stripping trailing / Starting FreeRADIUS daemon: freeradius failed! invoke-rc.d: initscript freeradius, action "start" failed. radius:/tmp# dpkg -i freeradius-mysql_2.0.4+dfsg-7_i386.deb (Reading database ... 26367 files and directories currently installed.) Preparing to replace freeradius-mysql 2.0.4+dfsg-7 (using freeradius-mysql_2.0.4+dfsg-7_i386.deb) ... Unpacking replacement freeradius-mysql ... Setting up freeradius-mysql (2.0.4+dfsg-7) ... Stopping FreeRADIUS daemon: freeradius/var/run/freeradius/freeradius.pid not found.... Starting FreeRADIUS daemon: freeradius failed! invoke-rc.d: initscript freeradius, action "force-reload" failed. dpkg: error processing freeradius-mysql (--install): subprocess post-installation script returned error exit status 1 Errors were encountered while processing: freeradius-mysql and Code: radius:/etc/init.d# freeradius start radius:/etc/init.d# freeradius -X FreeRADIUS Version 2.0.4, for host i486-pc-linux-gnu, built on Sep 18 2009 at 10:37:24 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including configuration file /etc/freeradius/snmp.conf including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/inner-tunnel including configuration file /etc/freeradius/sites-enabled/default including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 allow_core_dumps = no pidfile = "/var/run/freeradius/freeradius.pid" user = "freerad" group = "freerad" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes security { max_attributes = 200 reject_delay = 1 status_server = yes } } client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating exec exec { wait = yes input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating expr Module: Linked to module rlm_expiration Module: Instantiating expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server inner-tunnel { modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating chap Module: Linked to module rlm_mschap Module: Instantiating mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no } Module: Linked to module rlm_unix Module: Instantiating unix unix { radwtmp = "/var/log/freeradius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating eap eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = "/etc/freeradius/certs/server.pem" certificate_file = "/etc/freeradius/certs/server.pem" CA_file = "/etc/freeradius/certs/ca.pem" private_key_password = "whatever" dh_file = "/etc/freeradius/certs/dh" random_file = "/etc/freeradius/certs/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/etc/freeradius/certs/bootstrap" } rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory rlm_eap_tls: Error reading certificate file /etc/freeradius/certs/server.pem rlm_eap: Failed to initialize type tls /etc/freeradius/eap.conf[17]: Instantiation failed for module "eap" /etc/freeradius/sites-enabled/inner-tunnel[223]: Failed to find module "eap". /etc/freeradius/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section. } } Errors initializing modules What can be done to solve these errors?
TLS/SSL issues ? GHz have u compiled freeradius with openssl support/libraries ? btw also try running this compiled packaged with SSL support turned OFF (i.e. not certificates n stuff) i.e. to verify if its working fine WITHOUT ssl thing . Cheers -- Ozzy (apologize for late reply, I was on vacation)
Today I started from scratch, but when starting freeradius in debugmode, by running 'freeradius -X', I get these errors: I have compiled freeradius with ssl support. Any ideas? Oh, and how o I run it without openssl support (suggested above)?