Chance for RADIUS Server on the router itself!

[tomilius]

1) isn't there a simple way (no WEP, no certificates ) to setup a simple radius authentication based on username/password?

Nope. Not at all. We're lucky to have freeradius, but frankly none of it is simple. An actual radius server would cost a bundle though... Anyway, I got PEAP working once and had it use a samba list of users with NTLM authentication details. I installed the samba package, I think, in order to add samba users... The rest was just configuration, which shouldn't be too hard, as looking back it should be fairly simple compared to TLS and OpenSSL and all of that JUNK--I remember having a lot of problems with everything though, but I don't remember many details, sadly, and it may have just been my poor understanding of how any of it really worked coming into play and my poor luck at finding guides, though they do exist in the far realms of Google, even if they're not completely easy to find. I sort of ditched PEAP when I got to thinking that might make it a lot easier for people to guess/obtain my password, but with MAC address restrictions that shouldn't probably be that much of an issue, since somebody spoofing isn't likely anyway, and I don't believe brute forcing is easily possible with freeradius, but I wasn't sure/didn't think of that. Now that I DO think of it, I almost want to switch to PEAP... but nah. Everything is finally set up and working with TLS (actually, I just remembered--I stopped using wireless for everything but my Pocket PC, but it's working fine with TLS, despite the EXTREME DIFFICULTY--oh my GOSH--I had getting stuff converted to work with it and getting a certificate import utility, blah, that stuff took forever, wasn't actually that hard but tries one's patience). Yeah, so good luck with that.

2) is there any disconnection mechanism (an authenticated user is forced to get out after a time interval)? If yes, where can I find the radius attributes supported by wl500g?

That may be related to freeradius itself. You can set a WPA reauthentication interval, and use WPA... Then you could probably set up something with freeradius--as for radius attributes on the router, err, I doubt it. I'd Google that too.

Sorry I didn't exactly go out and fetch specific answers, but I'd like to stay away from actually manipulating the router (that much) now that it's actually working.

[herrisom]

Can anybody help me to intsall the module rlm_sql_mysql on wl500g router?

Thanks a lot.

[forevertheuni]

Pardon me if I'm blind..but noone posted a binary for freeradius right? I'm using 1.9.2.7-7c from oleg.I wanted to put a freeradius in my wl500g because my freeBSD is not working right(linux is ok) I need to search in a ldap db...I'll need to compile it for myself or is there any other way? Oh other thing...will I need external disk?(I'm using EAP-TTLS/EAP-TLS so I'm using certificates too)

[Oleg]

You've to use ipkg to install freeradius.

[forevertheuni]

but from source?or is there a package?

[mnlg]

Hello everyone, I'm sorry to bother you, but I have searched for some time and found no hints to solve my problem and I hope I can at least get pointed to the right place from some of you.

In short, my problem is that I would like to have freeradius fetch user/password information from my smbpasswd.

All of our domain users are registered on the smbpasswd file. I would like to use RADIUS to authenticate for other services, but I would prefer to use the same password repository, than setting up other user/password listings.

I can authenticate against /etc/passwd, but not against my smbpasswd. I have set up an entry for my smbpasswd in radiusd.conf.. but all my attempts are being rejected.

Before cluttering this forum with configuration snippets I would just like to know if what I am after is doable and if anyone has succeeded.

Thank you