Nethserver-freeradius package available for testing

testing
freeradius
v6
module
v7

(Alessio Fattorini) #21

@areguera do you have any news for @gerald_FS ?


(Alain Reguera Delgado) #22

Hi @gerald_FS and @alefattorini,

There are three main challenges here to face:

  1. The user database we use in Nethserver (either SAMBA or LDAP) stores passwords encrypted. In order for RADIUS server to perform any validation against an encrypted database the credentials must come to it in clear-text (e.g., the RADIUS clients must provide a method to send credentials in clear text, over an encrypted channel of course). In order to see some advance in this direction it is necessary to simulate an infrastructure with RADIUS clients supporting such methods (e.g., EAP-TTSL + PAP) also considering doing the validation against a common authentication layer like PAM instead of SAMBA or LDAP independently. Nanostation, the devices I used in the tests, don’t support PAP.

  2. Another issue related to user database integration is the relation between MAC addresses and users in it. There is no way to establish such relation if we use the user database and the host MAC address reservation features separately one another. It would be necessary to redesign the plugin interface entirely to provide such relation. That really would be version 1.0 of the nethserver-freeradius plugin. Such integration was my first attempt but was frustrated because the lack of a RADIUS client with such ability of sending clear text passwords (through an encrypted channel). So the plugin is in the way it is now.

  3. Appropriate conditions to carry on the effort. Presently I am in the process of settle down in a new country and this process is demanding most of my energies.

Saying goodbye to this effort? Of course not. It is a good one :slight_smile:


(André Wismer) #23

Hi

Late to this party too, but great work!

Wishing a good settling down in your new country / home !

Best Regards from Switzerland!

Andy


(Gerald) #24

Hello,

a year later … are there any new possibilities?

that the radius server can / may access the backend of Samba4 or LDAP?

greetings
Gerald


(Stéphane de Labrusse) #25

sadly the answer is no, the creator of the rpm @areguera is not so much active yet


(Alessio Fattorini) #26

Looks like Alan was here just a few days ago.
I guess no time after is the last trip in Uruguay :-8


(Gerald) #27

Hello experts and fellow campaigners!

After yes with the topic somehow nothing goes I have browsed something in the net and found the following post:

https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory

Would that be an approach that connects FreeRadius to SAMBA on the way?
This is only a luxury problem for me, but it would be nice :slight_smile:

Many greetings
Gerald