Tags: freeradius

07/17/11

  03:13:02 pm, by The Dreamer   , 817 words  
Categories: Software, Networking, WiFi

The Airport Express Tangent

Being that it is really hot today, I didn't feel like going out and figured I could tackle some of the many projects that I've been putting off.

Before I started, I happened to look at cacti...not sure why I had at first, but I went off and looked at the Airport graphs. Nothing has associated yet with my Airport Express, is there something wrong...with it or the clients?

Wondered if it was the use of manual versus automatic channel selection....perhaps it doesn't see the Airport Express as a strong choice, though sitting right next to it...it should've dominated.

But, I tried automatic to see what channels it would jump to. I was kind of surprised that the Airport Extreme jumped from 1 to 10. First in that I thought 1 was the best, and second I expected it to pick one of 1, 6, 11. Though when I was running the Belkin APs, I was running them on 2 and 10.....there is one other AP somewhere in the condo that is using channel 10. And, oddly...same SSID as I was using, except all lower-case (instead of capitalized). But, I've since turned off the Belkin APs...so I don't care anymore?

I then configured the Airport Express to automatic...and it jumped from channel 11 to 1. Okay then....let's see how that works.

Full story »

05/30/11

  12:03:00 am, by The Dreamer   , 1362 words  
Categories: Software, Computer, Networking, WiFi, Ubuntu

Freeradius & DHCP Failover

Link: http://deployingradius.com/

So, ever since I looked at adding Mac Address Access Controls to my Airport Extreme...on top of WPA2 Personal, and the fact that my DHCP server only does reserved IPs, security. I used to do Mac Address Access Controls on my previous routers, but it was an easier interface to work with on those. And, I didn't realize how the Time Access worked on the Airport Extreme, the default allow all the time rule at the top tripped me up. So, I thought if I wanted it, I would need a RADIUS server...and I didn't know if I wanted to do that....yet.

But, after I woke one morning and couldn't seem to account for why there seemed to be so much data streaming through my Cox connection...there had been strange spikes in the past, but always figured it was something updating itself while I wasn't home (like iTunes and my podcast subscriptions). But, this one morning...there was no corresponding activity from any of my computers, and I didn't see anything obvious with my TiVos/ReplayTVs. Though I could've just missed it.

So, I fixed the Timed Access control and put my current devices in. With a note that I should really look into installing RADIUS somewhere, so that it would be easier to maintain the list than the airport utility. I would lose being able to find the MAC address of some new wireless device that doesn't have the MAC address stamped on it....for addition to my DHCP server.

Later during the setup in: Another Airport comes to Lunatic Haven I had wiped out the settings....and didn't feel like putting it back in again. Which made it more urgent (in my mind) to get RADIUS working.

So, I went online and searched and searched and searched...on how to do this. I had looked before, and wasn't all that successful. There's no simple how-to apparently. But, I found bits and pieces around, and decided to just go for it.

First, I installed freeradius on my Ubuntu server 'box'.

sudo apt-get install freeradius

It starts right away, now to make it work. And, debug it. Well, most of the examples were for older freeRADIUS versions, so things weren't where it said, or command line switches were different, or it didn't work. I did find some examples of MAC address authorization, but they involved 'Auth-Type := Local' in the /etc/freeradius/users file. But, the clients.conf part seemed right. I strongly considered just doing 'Auth-Type := Accept'...but I wanted to figure this mess out.

client 192.168.1.1 {
        secret = testing123
        shortname = airport
        nastype = other
}

So kept searching and searching....eventually, I found fragments on site called "Deploying RADIUS: Practices and Principles". It confirmed that I was basically on the right track, I just needed to figure out what to put in the users file to make it go from Auth-Reject to Auth-Accept.

Well, the example for MAC Address entry for users I had found was:

001122-334455  Auth-Type := Local,  User-Password == "testing123"

At first I was pointing my Airport Extreme at it and watching the debug output, and watching everything stop working now and then. But, eventually I used 'radtest' to test my freeRADIUS configuration. And, eventually, I found that what I needed was:

001122-334455  Cleartext-Password := "testing123"

And, all was good. I pointed my main Airport Extreme to it, and it everything adjusted and worked. I then pointed the new Airport Extreme at it and things continued to work.

Yay! :cool:

Pages: 1· 2

Now instead of subjecting some poor random forum to a long rambling thought, I will try to consolidate those things into this blog where they can be more easily ignored profess to be collected thoughts from my mind.

Latest Poopli Updaters -- http://lkc.me/poop

bloglovin

There are 20 years 3 months 23 days 12 hours 40 minutes and 57 seconds until the end of time.
And, it has been 4 years 9 months 4 days 1 hour 21 minutes and 59 seconds since The Doctor saved us all from the end of the World!

Search

September 2017
Mon Tue Wed Thu Fri Sat Sun
 << <   > >>
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  
Google

Linkblog

  XML Feeds

Who's Online?

  • Guest Users: 1
This seal is issued to lawrencechen.net by StopTheHacker Inc.
RWD CMS

hosted by
Green Web Hosting! This site hosted by DreamHost.

monitored by
Monitored by eXternalTest
SiteUptime Web Site Monitoring Service
website uptime