On 11/10/10 17:35, Klistvud wrote:
Dne, 11. 10. 2010 17:44:51 je Jennie Kingsland napisal(a):There must be a way when directly at the server to cancel the radius and get logged in? As I've mentioned CTRL C doesn't work.
It should. Works For Me (tm). But as suggested, bring up a second screen and kill it from there.
No, you use -X to sort out problems. In particular, nobody will lift a finger to help with a freeradius problem unless you do start it in debug mode and publish the output along with your enquiry. It's not a trivial program. But use debug in a spare terminal. I've been making two ssh connections, and leaving one running the -X option.Also I guess I shouldn't be using radius -X in my startup script, to prevent this problem is there something else I should be using? I tried using radius -x (the small x) and I hit enter and then no process for radius starts so I'm a bit confused.
I wouldn't have thought you'd normally use any flag at startup. Configuration should already be in place in the appropriate files.
As a rule, services in Debian are configured by the install scripts. If you installed radius from official repositories, it should "just work". Why are you trying to run it via a hand-made "startup-script"? Are you positive you're not complicating things unnecessarily? I apologize if my ramblings make no sense, but I've never used radius in my life.
Freeradius is a bit of a nuisance. I'm sure there's an excellent reason for this, but although Debian packages both freeradius and openssl, it refuses to package freeradius with openssl support. So if you want most of the EAP authentications, you have to compile it yourself, leaving you to sort out details like startup.
I can't actually help with that, as I'm still using -X mode with manual startup, as I'm taking some time discovering what 'support for 802.1x' in a Cisco brochure actually means. At the moment, it seems to mean 'after a reboot, rip out all the wireless security stuff and re-enter it' if you actually want the thing to talk to a Radius server.
Oh, and the freeradius certificate-building script doesn't work for client certificates, so if you want EAP-TLS you have to scratch around for a modified script.
-- Joe