Tags: dhcp3-server

05/30/11

  12:03:00 am, by The Dreamer   , 1362 words  
Categories: Software, Computer, Networking, WiFi, Ubuntu

Freeradius & DHCP Failover

Link: http://deployingradius.com/

So, ever since I looked at adding Mac Address Access Controls to my Airport Extreme...on top of WPA2 Personal, and the fact that my DHCP server only does reserved IPs, security. I used to do Mac Address Access Controls on my previous routers, but it was an easier interface to work with on those. And, I didn't realize how the Time Access worked on the Airport Extreme, the default allow all the time rule at the top tripped me up. So, I thought if I wanted it, I would need a RADIUS server...and I didn't know if I wanted to do that....yet.

But, after I woke one morning and couldn't seem to account for why there seemed to be so much data streaming through my Cox connection...there had been strange spikes in the past, but always figured it was something updating itself while I wasn't home (like iTunes and my podcast subscriptions). But, this one morning...there was no corresponding activity from any of my computers, and I didn't see anything obvious with my TiVos/ReplayTVs. Though I could've just missed it.

So, I fixed the Timed Access control and put my current devices in. With a note that I should really look into installing RADIUS somewhere, so that it would be easier to maintain the list than the airport utility. I would lose being able to find the MAC address of some new wireless device that doesn't have the MAC address stamped on it....for addition to my DHCP server.

Later during the setup in: Another Airport comes to Lunatic Haven I had wiped out the settings....and didn't feel like putting it back in again. Which made it more urgent (in my mind) to get RADIUS working.

So, I went online and searched and searched and searched...on how to do this. I had looked before, and wasn't all that successful. There's no simple how-to apparently. But, I found bits and pieces around, and decided to just go for it.

First, I installed freeradius on my Ubuntu server 'box'.

sudo apt-get install freeradius

It starts right away, now to make it work. And, debug it. Well, most of the examples were for older freeRADIUS versions, so things weren't where it said, or command line switches were different, or it didn't work. I did find some examples of MAC address authorization, but they involved 'Auth-Type := Local' in the /etc/freeradius/users file. But, the clients.conf part seemed right. I strongly considered just doing 'Auth-Type := Accept'...but I wanted to figure this mess out.

client 192.168.1.1 {
        secret = testing123
        shortname = airport
        nastype = other
}

So kept searching and searching....eventually, I found fragments on site called "Deploying RADIUS: Practices and Principles". It confirmed that I was basically on the right track, I just needed to figure out what to put in the users file to make it go from Auth-Reject to Auth-Accept.

Well, the example for MAC Address entry for users I had found was:

001122-334455  Auth-Type := Local,  User-Password == "testing123"

At first I was pointing my Airport Extreme at it and watching the debug output, and watching everything stop working now and then. But, eventually I used 'radtest' to test my freeRADIUS configuration. And, eventually, I found that what I needed was:

001122-334455  Cleartext-Password := "testing123"

And, all was good. I pointed my main Airport Extreme to it, and it everything adjusted and worked. I then pointed the new Airport Extreme at it and things continued to work.

Yay! :cool:

Pages: 1· 2

Now instead of subjecting some poor random forum to a long rambling thought, I will try to consolidate those things into this blog where they can be more easily ignored profess to be collected thoughts from my mind.

Latest Poopli Updaters -- http://lkc.me/poop

bloglovin

There are 20 years 3 months 25 days 2 hours 37 minutes and 57 seconds until the end of time.
And, it has been 4 years 9 months 2 days 11 hours 24 minutes and 59 seconds since The Doctor saved us all from the end of the World!

Search

September 2017
Mon Tue Wed Thu Fri Sat Sun
 << <   > >>
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  
Google

Linkblog

  XML Feeds

Who's Online?

  • Guest Users: 0
This seal is issued to lawrencechen.net by StopTheHacker Inc.
Open-Source CMS

hosted by
Green Web Hosting! This site hosted by DreamHost.

monitored by
Monitored by eXternalTest
SiteUptime Web Site Monitoring Service
website uptime