Nethserver-freeradius integration module

Andy_Wismer · April 18, 2021, 5:08pm

Agreed, that most people find certificate handling complicated…
The same is also valid for IT itself…

Personally, I find that OPNsense does a good job of managing it’s certificates and what it presents where…
No need for an “App” to do this simple job!

My 2 cents
Andy

fausp · April 18, 2021, 5:23pm

I am looking for a universal way/tool/mehod to deal with certs in windows and linux environments…

danb35 · April 18, 2021, 5:27pm

What do you mean by “deal with”? And what kind of certs? Are you wanting to run a local certificate authority? If so, that looks like one tool that would do the job. Step-CA is another. But do you need a local CA at all?

fausp · April 18, 2021, 5:59pm

Forgive me my ignorance, I am not sure atm if I need it really…

fausp · April 19, 2021, 3:49pm

Found another interesting Software for certificate lifecycle management - Dogtag

This one can maybe run under Nethserver?

fausp · April 19, 2021, 10:00pm

Dogtag Setup - User Guide

kellerman · August 16, 2024, 3:11pm

The migration to NS8 also has to be done for my server and freeradius is a requirement.
My plan is to install freeradius under base system the same way, which is possible without a doubt.

@Andy_Wismer Can anyone tell me:

is ntlm_auth tool still available inside the Samba’s Nethserver container?
is LDAP bind possible inside the container (like it was in Nethserver 7)?

Andy_Wismer · August 16, 2024, 4:06pm

Hi @kellerman

I’ll need to verify when at home.
AFAIK: Yes, but I need to test it myself.

My 2 cents
Andy

kellerman · August 19, 2024, 4:39pm

LDAP binds work. I did the migration of the DC and ldap still works the old way.
Ntlm_auth is also still there. Radius integration should work! Only now the command should be executed trough runagent.

I have many other things to fix after migration, so yeah, I will try this, but not quite now.

kellerman · August 23, 2024, 12:21pm

Update.
So far I have good success with configuring freeradius. The configuration looks good.

EDIT:
Disabled certificate verification for freeradius and it started talking. I will document everything when I am finished.

kellerman · August 26, 2024, 9:10am

I have configured 3 authentication methods that are commonly used. And that I use.

PEAP MSCHAPv2 via ntlm_auth
EAP TLS
PAP authentication via LDAP bind

They all now work just like before.

One problem I encountered is - when running radiusd manually, if works flawlessly. But when it is run as systemd service, then
runagent -m samba1 podman exec samba-dc ntml_auth
exits with 1. Both ways it runs as root. Any ideas?

jjmmbb · April 15, 2025, 6:41pm

Is it possible to get it working on NS8?

mrmarkuz · April 16, 2025, 9:24am

I think it’s possible, I gave it a try but it didn’t start correctly. I used this image: https://hub.docker.com/r/freeradius/freeradius-server/

Maybe I need to use an own image or another one…to be continued…