FreeRadius in jail

[negcashflow]

I have been using FreeNas for quite sometime but haven't explored anything advanced. I just stumbled upon the jail concept and am wondering if it is possible to run FreeRadius on my FreeNas appliance. I didn't see a plugin for it but wondered if it could be done.

 

[dlavigne]

Freeradius is ported to FreeBSD so can be installed in a jail using the instructions in the Jails chapter of the guide for your version of FreeNAS. I've never done it so can't speak to how well or if it runs in a jail. If you give it a go, let us know if it works.

 

[GrumpyBear]

I've been wondering this too. I have next to no experience with FreeBSD but some experience with Linux.

So I'm giving it a go.

I'm loosely following this post to get a *AMP server installed.
I've installed PHPmyAdmin as well

I created a one-time snapshot at this point so when I realized I'm doomed I can get back to a safe place.

Next I am going to try following these instructions for getting my WiFi to use CERTs with WPA2-Enterprise but I'll first just likely point my Cisco switches to the FreeRADIUS for Authentication and Authorization as I understand that process much better. The instructions are for FreeRADIUS ver2 which is now deprecated and replaced with version 3 so I'll try that first.

 

[GrumpyBear]

A bit of a learning curve. Tried installing the port of FreeRADIUS3 as version 2 is deprecated. Eventually figured out that I had to "make config" to add MySQL support. Then the "make clean install" bombed saying it couldn't find some files in the port.

Gave up on version 3 and rolled back the snapshot and installed the FreeRADIUS2 port configured with MySQL support. That port installed OK and the daemon loaded in debug mode with no complaints so I'll go back over trying to configure the radiusd and MySQL and see if I can successfully AUTH tomorrow night

 

[GrumpyBear]

@dlavigne Success!

Installed port freeradius2 and after some bouncing around:

Code:

root@radserver:~ # radtest testuser password localhost 1812 testing123
Sending Access-Request of id 203 to 127.0.0.1 port 1812
        User-Name = "testuser"
        User-Password = "password"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 1812
        Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=203, length=20
root@radserver:~ #

I'm reverting back to the snapshot again and will detail the steps in another post here.