• entries
  • comments
  • views




   54 members have voted

  1. 1. where do ya fit in?

    • White hat
    • Black Hat
    • Gray Hat
    • I don't wear any fukking hats.

Please sign in or register to vote in this poll.

K.I.S.D... for "Keep It Simple, Dumbass"I don't know much about RADIUS as a protocol, and I don't know much about the FreeRADIUS app. I have used Microsoft's bizarro-RADIUS implementation called "Internet Authentication Service"... through which I managed to set up what I think is EAP-TLS on a domain, used for wireless and VPN authentication. I more or less clickey-clicked my way through, and couldn't re-explain to anyone else at this point how I managed to do it. (I hope it doesn't break!)Anyway, as with most things in the *nix world, FreeRADIUS uses various configuration files to keep track of the program options. I found a web-based GUI utility, called Dialup Admin, that is apparently the "official" GUI for FreeRADIUS (never mind that it hasn't been updated in the last few years). I thought it would help ease my transition into the wonderful world of AAA/RADIUS if I installed this utility. You know, just until I figured out the configuration files.So... I had to enable httpd on OpenBSD. This is basically a tweaked version of Apache that, among other things, runs in a chroot setting. The devs of Dialup Admin have the program configured in such a way that is designed to have its main directory "somewhere" in the filesystem, and use soft links to get between /var/www and wherever you put the rest. Works fine in theory, except that chroot breaks the hell out of that setup. Spent some time trying to move files back and forth and change the references... then just went ahead and dropped the whole thing into the /var/www directory (which, you know, includes the config files with passwords and stuff).After several hours of frustration, I finally just scrapped the whole Dialup Admin program. Time spent trying to get all the files to point to each other while not spitting config files out into the browser was time I *wasn't* learning about RADIUS.Tried to add complexity to the overall setup, cost me some time without getting me any closer to a working environment.Next on the list... FreeRADIUS has support for using MySQL to keep track of the data and configuration. Not being one to just use the default setup originally, I proceeded to install MySQL on the OpenBSD box, then set up the necessary configuration for FreeRADIUS. Now... MySQL runs from the command line by default, and it can be a bit goofy to use if you're like me and haven't done command line MySQL syntax for the last few years. I was able to add a new user and grant access to the database, but I hate having to type SQL queries out by hand to see what all is going on, or to have to insert new data (then I have to read through the shema and data dictionary, and wonder what each field means). phpMyAdmin is (yet again) a web-based GUI for MySQL that basically removes the command-line mystique and actually lets you get into your data.So... since I already had httpd running, I decided I'd set up phpMyAdmin and use that for MySQL administration. Initial setup seemed to go okay, right up until I got to the main login screen. I tried logging in as both root and the freeradius user, and in each case received an odd error about the socket not being configured correctly. Spent another couple hours clickey-clicking about Teh Interweb, looking for some possible solutions (again, OpenBSD's uber-secure setup causes some different stuff to happen in different places). Tried changing the phpMyAdmin configuration to hard-code the user/pass into the config file, but that didn't work out either. Decided to abandon phpMyAdmin, again having spent some time trying to solve problems not directly related to the task at hand.Now it turns out that the config files for FreeRADIUS aren't really that difficult to understand... if you go about them the right way. The default/sample files that come with the program are chock-full of all sorts of special conditions and various options that might make sense if I were rolling my own ISP or telco, but not so much for a basic setup like I'm trying. My firewall box (running pfSense) has a working FreeRADIUS implementation on it, which I use for VPN authentication into my home LAN. I took a quick look at the config files for that install, and they are much easier to understand.Thus, I was able to get the OpenBSD FreeRADIUS config files looking the way I needed them to.I was now at the point where I was ready to use the radtest app to verify that FreeRADIUS would return an approval if I provided a valid user/pass combo. Of course, everything I tried (even double and triple checking the spelling, IP addresses, shared secrets) was failing. So... spent some more time poking around for yet another answer.Turns out that if MySQL is configured, then FreeRADIUS pays no attention to the config files. I hadn't eliminated the database yet, and MySQL was still running on the server. Thus, it was looking at an empty database for config info, instead of my carefully crafted text files. Shut down MySQL, removed all references to it in FreeRADIUS, and BAM -- got the approval note straight away from radtest.So basically, I spent several hours fiddling with a modified web server, various GUIs that didn't work right, and some MySQL tomfoolery in order to try and make my life easier... instead of just spending a bit of time *looking* at what I needed which, as it turned out, wasn't as complex as I thought it was.That's what being lazy got me. Lots and lots of extra work with no additional payoff. :)Then I spent a while writing up this blog entry, instead of actually working on the setup some more. Hm... I'll have to blog about that, too.When I get the chance.


1 Comment

In reply to the guy asking about compra seguidores reais instagram, comprar 10k seguidores instagram barato, ganhar seguidores reais no instagram de graça, melhor site para comprar seguidores no instagram brasileiro, I highly recommend this useful compra de seguidores instagram advice on top of comprar seguidores reais instagram seguro, seguidores instagram gratis e rapido, comprar seguidores reais instagram paypal, seguidores reais instagram teste gratis, ganhar seguidores reais gratis no instagram, como comprar seguidores no instagram barato, seguidores instagram gratis app, comprar seguidores reais e brasileiros instagram, look at this helpful compra de seguidores instagram blog as well as teste gratis para comprar seguidores no instagram, comprar seguidores de instagram gratis, seguidores instagram juliette, como conseguir seguidores reales en instagram 2020, ocultar seguidores instagram 2021, seguidores instagram app gratis, top seguidores instagram 2021, seguidores reais brasileiros instagram grátis, try this newest ganhar seguidores no instagram brasileiros info for porque cuando camino me duele la espalda, ganhar seguidores reais gratis, comprar seguidores instagram funciona, app para verificar seguidores reais no instagram, comprar seguidores instagram seguro, comprar seguidores reais instagram teste gratis, cómo surtir una tienda de abarrotes, como.comprar seguidores, not forgetting this helpful seguidores do instagram tips and don't forget seguidores reais teste gratis, seguidores instagram grátis 2020, seguidores instagram gratis 2020, comprar seguidores reais instagram brasil, como conseguir seguidores reales en instagram, seguidores instagram gratis sin contraseña, melhor site para comprar seguidores reais brasileiros, melhor site para comprar seguidores no instagram 2020, as well this newest compra de seguidores instagram blog for comprar seguidores no instagram funciona, como ganhar seguidores reais no instagram de graça, comprar seguidores reais instagram barato, como ganhar seguidores reais gratis, seguidores reais e brasileiros instagram, como.comprar seguidores, comprar seguidores para instagram baratos, seguidores reais instagram comprar, See More Fasttip#23[/url] 68ed1f0


Share this comment

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now