@areguera do you have any news for @gerald_FS ?
Hi @gerald_FS and @alefattorini,
There are three main challenges here to face:
-
The user database we use in Nethserver (either SAMBA or LDAP) stores passwords encrypted. In order for RADIUS server to perform any validation against an encrypted database the credentials must come to it in clear-text (e.g., the RADIUS clients must provide a method to send credentials in clear text, over an encrypted channel of course). In order to see some advance in this direction it is necessary to simulate an infrastructure with RADIUS clients supporting such methods (e.g., EAP-TTSL + PAP) also considering doing the validation against a common authentication layer like PAM instead of SAMBA or LDAP independently. Nanostation, the devices I used in the tests, donât support PAP.
-
Another issue related to user database integration is the relation between MAC addresses and users in it. There is no way to establish such relation if we use the user database and the host MAC address reservation features separately one another. It would be necessary to redesign the plugin interface entirely to provide such relation. That really would be version 1.0 of the nethserver-freeradius plugin. Such integration was my first attempt but was frustrated because the lack of a RADIUS client with such ability of sending clear text passwords (through an encrypted channel). So the plugin is in the way it is now.
-
Appropriate conditions to carry on the effort. Presently I am in the process of settle down in a new country and this process is demanding most of my energies.
Saying goodbye to this effort? Of course not. It is a good one
Hi
Late to this party too, but great work!
Wishing a good settling down in your new country / home !
Best Regards from Switzerland!
Andy
Hello,
a year later ⊠are there any new possibilities?
that the radius server can / may access the backend of Samba4 or LDAP?
greetings
Gerald
sadly the answer is no, the creator of the rpm @areguera is not so much active yet
Looks like Alan was here just a few days ago.
I guess no time after is the last trip in Uruguay :-8
Hello experts and fellow campaigners!
After yes with the topic somehow nothing goes I have browsed something in the net and found the following post:
https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory
Would that be an approach that connects FreeRadius to SAMBA on the way?
This is only a luxury problem for me, but it would be nice
Many greetings
Gerald
A new package will be welcome ^^
Hello anything New about free radius ?
- https://freeradius.org/
- https://freeradius.org/releases/
- https://github.com/FreeRADIUS/freeradius-server
- https://github.com/FreeRADIUS/freeradius-server/releases
Current version is from 2017:
It is like me, a littel bit Old
I cloned the repository of @areguera and corrected two bugs I saw during the template expansion, I have not tested more than the installation.
For those who need/want to play and report what it could be done with it
Only NS7
Nice!
If it was in a community organization, better to update it
Speaking only for me, I am not interested to push rpm/code outside of my repository
Hi - ist the modul still available for Nethserver? Would be good to have Freeradius on my Nethserver. Thx.
The module still is in the @stephdl repo, but hasnât been touched for 1,5 years. I guess it could use an updateâŠ
thanks. Is there any other recommended way or package to install Freeradius on Nethserver with AD/ ldap connection?
The module initially only supported device based authentication. IFAIK account based authentication (Samba 4 / LDAP) was never added to the module.
I think it would be best to start with an installation howto with account based authentication enabled.
If you are willing to try installing it (on a test machine) and document the process, I am sure the rest of the community will chip in with testing and fine tuning the install howto.
When we have a fool-proof install howto, we can try creating a complete module / rpm for easy install.
Here is a more indept post about our community ânew-featureâ process:
@gmue, What do you think?
Hi @robb
AFAIK or recall, one of the major issues for a usable FreeRadius implementation - WLan comes to mind - is the issue with the outdated PEAP-MSCHAP2 protocoll. This could be considered as the logical bridge, spanning the gap between AD and RadiusâŠ
In times of SME-Server / WinXP it worked well on Macs and Windows notebooks, also Linux.
I think it doesnât even work on Win10 out of the box anymore, but Iâm not sure about this.
It would be great if this could work, Iâll be glad to test, having some current Wlan hardware lying around unusedâŠ
My 2 cents
Andy