› Forums › Network Management › RADIUS 802.1x and Captive Portal › Problem adding Radius Autorized Clien
- This topic is empty.
-
AuthorPosts
-
July 30, 2013 at 2:07 pm #43700
ewoutdenheijer
MemberHi,
I’m trying to add an authorizes client to the Radius server. When i try this the webinterface makes me wait forever and nothing happens. Kerbynet uses 100% cpu until i kill the process.
I’ve switched on Kerbynet logging but noting is logged, just the following:
[Jul 30 16:00,41] example.com
[Jul 30 16:01,17] example.com
[Jul 30 16:01,41] example.com
[Jul 30 16:02,17] example.com
[Jul 30 16:02,41] example.com
[Jul 30 16:03,17] example.com
[Jul 30 16:03,41] example.com
[Jul 30 16:04,17] example.com
[Jul 30 16:04,33] example.com
[Jul 30 16:04,41] example.comDoes anyone have any idea whats going on?
Thanks you your ideas!
September 21, 2013 at 8:00 pm #52807tuckwilliamson
MemberSo I also had this issue with trying to modify, add, remove any authorized client after I added the first client.
After attempting to use the PostBoot script to overwrite the config file from a file I had edited, it never would take any of my modifications. The reason why is because all of the authorized client info is stored in a local LDAP DB and the config file is dynamically recreated every time the server starts.
So there are two options: Directly mod the LDAP DB, or insert your changes into the dynamically recreated config file.
I am not familiar with LDAP and am plenty comfortable with shell scripts so I opted to inject my changes in the dynamic config file.
The config file (/etc/raddb/clients.conf -> /tmp/radiusclient.conf) is created in the script /root/kerbynet.cgi/scripts/radius_start. So you need to edit that file and inject your own config section. I did all of this via ssh, but you could do it from the console. I imagine this file is loaded from the cdrom image after each boot (I never checked), so first I created a directory in the Database (your configuration for all of your ZS settings).
mkdir /Database/mods
Then I copied the /root/kerbynet.cgi/scripts/radius_start file into my new directory.
cp /root/kerbynet.cgi/scripts/radius_start /Database/mods
I then edited the file in vim. The important bit is below as before and after my edits.
Before
...
$SCRIPTS/rendertemplate radiusd.conf
cat >/tmp/radiusclient.conf <<EOF
client 127.0.0.1 {
secret = ZeroShell
shortname = localhost
nastype = other
}
EOF
...
After
...
$SCRIPTS/rendertemplate radiusd.conf
cat >/tmp/radiusclient.conf <<EOF
client 127.0.0.1 {
secret = ZeroShell
shortname = localhost
nastype = other
}
client main-subnet {
secret = mySuperSecret
shortname = main-subnet
nastype = other
ipaddr = 192168.1.0
netmask = 24
}
EOF
...
Finally to make this all work through reboots I added a PostBoot script to delete the original script, replace it with my modified script, and restart the server.
Here is my PostBoot script to change the radius_start script and restart the server:
#Change Radius client config
rm /root/kerbynet.cgi/scripts/radius_start
cp /Database/mods/radius_start /root/kerbynet.cgi/scripts/radius_start
/etc/init.d/radius restart
Hope this helps.
Tuck
October 1, 2013 at 2:25 pm #52808ewoutdenheijer
MemberHi Tuck,
It works great! Thanks!
To bad the entries don’t show up in the gui, but it work and that’s important 🙂
-
AuthorPosts
- You must be logged in to reply to this topic.