Hi DEVS,
I'm working on using openwrt to authenticate against RADIUS or WPA-RADIUS. So far I can get openwrt configured correctly for that using the nas binary.
I tried to get tinyPEAP to work on openwrt, but I wasn't successfull. So I decided to take a look at FreeRADIUS. I have successfully built FreeRADIUS within buildroot using the makefile I wrote (see below).
Up until now I haven't had time to test it. I will start off trying EAP-TLS using the demo certs that come with freeradius. If others are willing to help out with the other EAP methods (e.g. PEAP) that would be great.
My makefile below packages the modules, radiusd and the democerts all seperately, so you can use only the parts you need. As soon as there are some success stories we could write up HOWTOs for setting the different environments up (most interesting will be what dependencies each method has).
Just drop my freeradius.mk file in BUILDROOT/make, add freeradius to the PACKAGES definition in the toplevel Makefile and run 'make packages'.
You end up with a bunch of ipks for freeradius in your packages directory.
Have fun! - Oh and watch out for that line in the code below starting with "$(FREERADIUS_IPK_DIR)/freeradiusd/usr/share/freeradius/dictionary" - that belongs to the line above it (the Board Software Linebreaks it since it's too long)
P.S. The sql module wouldn't build, so I removed it using the --without-sql option in configure.
Here's my freeradius.mk:
#############################################################
#
# freeradius (RADIUS authentication server)
#
#############################################################
FREERADIUS_SITE=ftp://ftp.freeradius.org/pub/radius
FREERADIUS_VER=1.0.1
FREERADIUS_SOURCE:=freeradius-$(FREERADIUS_VER).tar.gz
FREERADIUS_DIR:=$(BUILD_DIR)/freeradius-$(FREERADIUS_VER)
FREERADIUS_IPK_DIR:=$(FREERADIUS_DIR)-ipk
$(DL_DIR)/$(FREERADIUS_SOURCE):
$(WGET) -P $(DL_DIR) $(FREERADIUS_SITE)/$(FREERADIUS_SOURCE)
#freeradius-source: $(DL_DIR)/$(FREERADIUS_SOURCE)
$(FREERADIUS_DIR)/.unpacked: $(DL_DIR)/$(FREERADIUS_SOURCE)
zcat $(DL_DIR)/$(FREERADIUS_SOURCE) | tar -C $(BUILD_DIR) -xvf -
touch $(FREERADIUS_DIR)/.unpacked
$(FREERADIUS_DIR)/.configured: $(FREERADIUS_DIR)/.unpacked
(cd $(FREERADIUS_DIR); rm -rf config.cache;
$(TARGET_CONFIGURE_OPTS)
./configure
--target=$(GNU_TARGET_NAME)
--host=$(GNU_TARGET_NAME)
--build=$(GNU_HOST_NAME)
--prefix=/usr
--exec-prefix=/usr
--bindir=/usr/bin
--sbindir=/usr/sbin
--libexecdir=/usr/lib
--localstatedir=/var
--sysconfdir=/etc
--without-rlm_sql
);
touch $(FREERADIUS_DIR)/.configured
freeradius-build: $(FREERADIUS_DIR)/.configured
$(MAKE) CC=$(TARGET_CC) -C $(FREERADIUS_DIR)
for i in `find $(FREERADIUS_DIR)/src/modules/ -name .libs`; do $(STAGING_DIR)/bin/mipsel-linux-uclibc-strip $${i}/*.so; done
for i in `find $(FREERADIUS_DIR)/src/modules/ -name .libs`; do $(STAGING_DIR)/bin/mipsel-linux-uclibc-strip $${i}/*.a; done
$(STAGING_DIR)/bin/mipsel-linux-uclibc-strip $(FREERADIUS_DIR)/src/modules/rlm_eap/.libs/radeapclient
$(STAGING_DIR)/bin/mipsel-linux-uclibc-strip $(FREERADIUS_DIR)/src/main/.libs/radiusd
$(STAGING_DIR)/bin/mipsel-linux-uclibc-strip $(FREERADIUS_DIR)/src/lib/.libs/*.so
$(STAGING_DIR)/bin/mipsel-linux-uclibc-strip $(FREERADIUS_DIR)/src/lib/.libs/*.a
$(STAGING_DIR)/bin/mipsel-linux-uclibc-strip $(FREERADIUS_DIR)/libltdl/.libs/*.so
$(STAGING_DIR)/bin/mipsel-linux-uclibc-strip $(FREERADIUS_DIR)/libltdl/.libs/*.a
freeradius-package: freeradius-build
# Remove IPK directory from previous build
(if [ -d $(FREERADIUS_IPK_DIR) ]; then
rm -rf $(FREERADIUS_IPK_DIR);
fi);
# Build modules as seperate IPKs
(for i in `find $(FREERADIUS_DIR)/src/modules/ -name .libs`; do
MODULE_DIR_NAME=`echo $${i}|sed 's//.libs$$//'|sed 's/.*///'`;
MODULE_NAME=`echo $${i}|sed 's//.libs$$//'|sed 's/.*///'|sed 's/rlm_//'|sed 's/_/-/g'`;
mkdir -p $(FREERADIUS_IPK_DIR)/$${MODULE_DIR_NAME}/CONTROL;
echo "Package: freeradius-$${MODULE_NAME}" > $(FREERADIUS_IPK_DIR)/$${MODULE_DIR_NAME}/CONTROL/control;
echo "Version: $(FREERADIUS_VER)" >> $(FREERADIUS_IPK_DIR)/$${MODULE_DIR_NAME}/CONTROL/control;
echo "Architecture: mipsel" >> $(FREERADIUS_IPK_DIR)/$${MODULE_DIR_NAME}/CONTROL/control;
echo "Maintainer: Chris Martin <cmartin@opensimpad.org>" >> $(FREERADIUS_IPK_DIR)/$${MODULE_DIR_NAME}/CONTROL/control;
echo "Source: $(FREERADIUS_SITE)/$(FREERADIUS_SOURCE)" >> $(FREERADIUS_IPK_DIR)/$${MODULE_DIR_NAME}/CONTROL/control;
echo "Section: net" >> $(FREERADIUS_IPK_DIR)/$${MODULE_DIR_NAME}/CONTROL/control;
echo "Priority: optional" >> $(FREERADIUS_IPK_DIR)/$${MODULE_DIR_NAME}/CONTROL/control;
echo "Depends: freeradius" >> $(FREERADIUS_IPK_DIR)/$${MODULE_DIR_NAME}/CONTROL/control;
echo "Description: $${MODULE_DIR_NAME} module for FreeRADIUS Authentication Server" >> $(FREERADIUS_IPK_DIR)/$${MODULE_DIR_NAME}/CONTROL/control;
mkdir -p $(FREERADIUS_IPK_DIR)/$${MODULE_DIR_NAME}/usr/lib;
cp $${i}/* $(FREERADIUS_IPK_DIR)/$${MODULE_DIR_NAME}/usr/lib;
cd $(BUILD_DIR); $(IPKG_BUILD) $(FREERADIUS_IPK_DIR)/$${MODULE_DIR_NAME};
done);
# Build radiusd IPK
mkdir -p $(FREERADIUS_IPK_DIR)/freeradiusd/CONTROL
echo "Package: freeradius" > $(FREERADIUS_IPK_DIR)/freeradiusd/CONTROL/control
echo "Version: $(FREERADIUS_VER)" >> $(FREERADIUS_IPK_DIR)/freeradiusd/CONTROL/control
echo "Architecture: mipsel" >> $(FREERADIUS_IPK_DIR)/freeradiusd/CONTROL/control
echo "Maintainer: Chris Martin <cmartin@opensimpad.org>" >> $(FREERADIUS_IPK_DIR)/freeradiusd/CONTROL/control
echo "Source: $(FREERADIUS_SITE)/$(FREERADIUS_SOURCE)" >> $(FREERADIUS_IPK_DIR)/freeradiusd/CONTROL/control
echo "Section: net" >> $(FREERADIUS_IPK_DIR)/freeradiusd/CONTROL/control
echo "Priority: optional" >> $(FREERADIUS_IPK_DIR)/freeradiusd/CONTROL/control
echo "Depends: libpthread" >> $(FREERADIUS_IPK_DIR)/freeradiusd/CONTROL/control
echo "Description: FreeRADIUS Authentication Server" >> $(FREERADIUS_IPK_DIR)/freeradiusd/CONTROL/control
mkdir -p $(FREERADIUS_IPK_DIR)/freeradiusd/usr/sbin
cp $(FREERADIUS_DIR)/src/main/.libs/radiusd $(FREERADIUS_IPK_DIR)/freeradiusd/usr/sbin
mkdir -p $(FREERADIUS_IPK_DIR)/freeradiusd/etc/init.d
mkdir -p $(FREERADIUS_IPK_DIR)/freeradiusd/etc/raddb
mkdir -p $(FREERADIUS_IPK_DIR)/freeradiusd/usr/lib
mkdir -p $(FREERADIUS_IPK_DIR)/freeradiusd/usr/share/freeradius
cp -r $(FREERADIUS_DIR)/raddb/* $(FREERADIUS_IPK_DIR)/freeradiusd/etc/raddb
cat $(FREERADIUS_DIR)/raddb/radiusd.conf|sed 's/^logdir =/#logdir =/' > $(FREERADIUS_IPK_DIR)/freeradiusd/etc/raddb/radiusd.conf
cp -r $(FREERADIUS_DIR)/src/lib/.libs/* $(FREERADIUS_IPK_DIR)/freeradiusd/usr/lib
cp -r $(FREERADIUS_DIR)/libltdl/.libs/* $(FREERADIUS_IPK_DIR)/freeradiusd/usr/lib
rm -f $(FREERADIUS_IPK_DIR)/freeradiusd/etc/raddb/Makefile
rm -rf $(FREERADIUS_IPK_DIR)/freeradiusd/etc/raddb/CVS
rm -rf $(FREERADIUS_IPK_DIR)/freeradiusd/etc/raddb/certs
cp $(FREERADIUS_DIR)/scripts/rc.radiusd $(FREERADIUS_IPK_DIR)/freeradiusd/etc/init.d/S99radiusd
cat $(FREERADIUS_DIR)/share/dictionary|sed 's/^$$INCLUDE/#$$INCLUDE/g'|sed 's/#$$INCLUDE dictionary.cisco$$/$$INCLUDE dictionary.cisco/' > $(FREERADIUS_IPK_DIR)/freeradiusd/usr/share/freeradius/dictionary
cp $(FREERADIUS_DIR)/share/dictionary.cisco $(FREERADIUS_IPK_DIR)/freeradiusd/usr/share/freeradius
cd $(BUILD_DIR); $(IPKG_BUILD) $(FREERADIUS_IPK_DIR)/freeradiusd
# Build democerts IPK
mkdir -p $(FREERADIUS_IPK_DIR)/freeradius-democerts/CONTROL
echo "Package: freeradius-democerts" > $(FREERADIUS_IPK_DIR)/freeradius-democerts/CONTROL/control
echo "Version: $(FREERADIUS_VER)" >> $(FREERADIUS_IPK_DIR)/freeradius-democerts/CONTROL/control
echo "Architecture: mipsel" >> $(FREERADIUS_IPK_DIR)/freeradius-democerts/CONTROL/control
echo "Maintainer: Chris Martin <cmartin@opensimpad.org>" >> $(FREERADIUS_IPK_DIR)/freeradius-democerts/CONTROL/control
echo "Source: $(FREERADIUS_SITE)/$(FREERADIUS_SOURCE)" >> $(FREERADIUS_IPK_DIR)/freeradius-democerts/CONTROL/control
echo "Section: net" >> $(FREERADIUS_IPK_DIR)/freeradius-democerts/CONTROL/control
echo "Priority: optional" >> $(FREERADIUS_IPK_DIR)/freeradius-democerts/CONTROL/control
echo "Depends: freeradius" >> $(FREERADIUS_IPK_DIR)/freeradius-democerts/CONTROL/control
echo "Description: Demo certs for FreeRADIUS Authentication Server" >> $(FREERADIUS_IPK_DIR)/freeradius-democerts/CONTROL/control
mkdir -p $(FREERADIUS_IPK_DIR)/freeradius-democerts/etc/raddb/certs/demoCA
cp -r $(FREERADIUS_DIR)/raddb/certs/* $(FREERADIUS_IPK_DIR)/freeradius-democerts/etc/raddb/certs
rm -rf $(FREERADIUS_IPK_DIR)/freeradius-democerts/etc/raddb/certs/CVS
rm -rf $(FREERADIUS_IPK_DIR)/freeradius-democerts/etc/raddb/certs/demoCA/CVS
cd $(BUILD_DIR); $(IPKG_BUILD) $(FREERADIUS_IPK_DIR)/freeradius-democerts
freeradius-clean:
$(MAKE) -C $(FREERADIUS_DIR) clean
freeradius-dirclean:
rm -rf $(FREERADIUS_DIR)
freeradius-ipk: uclibc freeradius-package