From 4e4368e2505b7fbb38655ae22c6910a7bc430b2d Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Sat, 12 Mar 2011 14:50:46 +1100 Subject: [PATCH] HEADS UP: move dictionary file to $prefix/etc/raddb/dictionary instead of $prefix/share/freeradius/dictionary on advice from Alan DeKok --- README | 45 +++++++++++++++++++++++++++++++++++++++++++-- util_radius.h | 2 +- 2 files changed, 44 insertions(+), 3 deletions(-) diff --git a/README b/README index c02d8ce..e9fa860 100644 --- a/README +++ b/README @@ -23,8 +23,49 @@ the EAP mechanisms. A sample configuration file is in this directory. Make sure your RADIUS library is configured to talk to the server of your choice: see the example radsec.conf in this directory. -On the RADIUS server side, you need to install dictionary.ukerna and -include it from the main dictionary file. +On the RADIUS server side, you need to install dictionary.ukerna to +$prefix/etc/raddb and include it from the main dictionary file, by +adding: + + $INCLUDE dictionary.ukerna + +to $prefix/etc/raddb/dictionary. Make sure these files are world- +readable; they weren't in my installation. + +Edit $prefix/etc/raddb/users to add your test user and password: + + bob@PROJECT-MOONSHOT.ORG Cleartext-Password := secret + +Add an entry for your acceptor to $prefix/etc/raddb/clients.conf: + + client somehost { + ipaddr = 127.0.0.1 + secret = testing123 + require_message_authenticator = yes + } + +Edit $prefix/etc/raddb/eap.conf and set: + + eap { +... + default_eap_type = ttls +... + tls { + certdir = ... + cadir = ... + private_key_file = ... + certificate_file = ... + } + ttls { + default_eap_type = mschapv2 + copy_request_to_tunnel = no + use_tunneled_reply = no + virtual_server = "inner-tunnel" + } +... + } + +to enable EAP-TTLS. If you want the acceptor be able to identify the user, the RADIUS server needs to echo back the EAP username from the inner tunnel; diff --git a/util_radius.h b/util_radius.h index cc54f9d..eaec68e 100644 --- a/util_radius.h +++ b/util_radius.h @@ -149,7 +149,7 @@ gssEapRadiusMapError(OM_uint32 *minor, struct rs_error *err); #define RS_CONFIG_FILE SYSCONFDIR "/radsec.conf" -#define RS_DICT_FILE DATAROOTDIR "/freeradius/dictionary" +#define RS_DICT_FILE SYSCONFDIR "/raddb/dictionary" #define VENDORPEC_MS 311 /* RFC 2548 */ -- 2.1.4