Has anyone tried ClearOS?

Discussion in 'Software Stuff' started by Patrick, Apr 12, 2016.

  1. Patrick

    Patrick Administrator
    Staff Member

    Joined:
    Dec 21, 2010
    Messages:
    11,612
    Likes Received:
    4,565
    With the "small" issue I had with the FreeRADIUS server, I am looking to build an authentication server for the STH lab. At some point soon we are going to need to support more than 2-3 users.

    I really want an admin GUI (e.g. something I can make edits from my phone if needed). I also want to have RADIUS as it is supported by just about everything we have in the lab.

    I tried daloRadius but that went... poorly. The base installation has a ton of steps and it fails for me on some step every time. Likely user error but it is to the point I want to try something else.

    I saw ClearOS and it looks really interesting. It seems like they want to make a Windows Server alternative based on Linux. I just downloaded community edition and want to give it a shot tomorrow. Has anyone tried ClearOS recently? Is it worth the time?
     
    #1
  2. TechIsCool

    TechIsCool Active Member

    Joined:
    Feb 8, 2012
    Messages:
    263
    Likes Received:
    117
    Just radius auth no linux SSO? Just curious.

    I know we use FreeIPA for Authentication and I think you can integrate it into FreeRadius
     
    #2
  3. Patrick

    Patrick Administrator
    Staff Member

    Joined:
    Dec 21, 2010
    Messages:
    11,612
    Likes Received:
    4,565
    @TechIsCool I may try that. I tried ClearOS this evening. 10 minutes in and I think I am done with the experiment.
     
    #3
    pgh5278 and capn_pineapple like this.
  4. capn_pineapple

    capn_pineapple Active Member

    Joined:
    Aug 28, 2013
    Messages:
    356
    Likes Received:
    80
    Sounds like a stunningly positive review @Patrick </sarcasm>

    I looked it a while back and decided to stick with my SophosUTM9 installation. Take a look at FreeRadius.
    I also believe you're using pfSense for your firewalls so FreeRadius plugs into that quite nicely. I think there were some behind the scenes improvements for it in 2.3 too.
     
    #4
  5. Jon Massey

    Jon Massey Active Member

    Joined:
    Nov 11, 2015
    Messages:
    340
    Likes Received:
    82
    Yes, but back when it was called ClarkConnect and I was running it on a PIII 700MHz, so my memories might be a bit rusty!
     
    #5
  6. Patrick

    Patrick Administrator
    Staff Member

    Joined:
    Dec 21, 2010
    Messages:
    11,612
    Likes Received:
    4,565
    Now that I have it working :)

    That is actually what I am strongly considering now. Using pfSense as my FreeRadius server.
     
    #6
  7. TuxDude

    TuxDude Well-Known Member

    Joined:
    Sep 17, 2011
    Messages:
    615
    Likes Received:
    336
    I used ClarkConnect for quite a few years, and some of the earlier ClearOS versions as well though not the current version - I've replaced every ClarkConnect/ClearOS box I ever setup with a pfSense one by now though. IMHO they're too focused on being the center of a small Windows shop for a few versions now.
     
    #7
    mason736 likes this.
  8. Patrick

    Patrick Administrator
    Staff Member

    Joined:
    Dec 21, 2010
    Messages:
    11,612
    Likes Received:
    4,565
    Yea and there are really odd things that I saw with it. One is that the web UI is really slow. It is installed on 6x E5-2699 V3 cores and the web UI is slow (mind you I can download from the data center at just under a 100Mbit/s rate.

    The main feature I wanted, the directory server they like to highlight the app (right side) but there are simple things missing, like, what port number is the directory server listening on? How do I change that? I have a bind password but no bind user name option.
    upload_2016-4-13_8-45-24.png
     
    #8
  9. TuxDude

    TuxDude Well-Known Member

    Joined:
    Sep 17, 2011
    Messages:
    615
    Likes Received:
    336
    I haven't spent a ton of time with it yet - but I've started using FreeIPA for a directory and have been happy with it so far.
     
    #9
  10. Patrick

    Patrick Administrator
    Staff Member

    Joined:
    Dec 21, 2010
    Messages:
    11,612
    Likes Received:
    4,565
    What I am trying to solve for:

    Have the ability for folks to get into the STH lab. Either to do reviews/ guides or as a subscription (subsidized by budgets at work hopefully).

    So they need:
    1. VPN access - user gets authenticated - likely in pfSense
    2. Access to IPMI for reboots/ OS installs - IPMI generally supports LDAP and RADIUS
    3. (Hopefully) a switch setup that puts folks on their own private VLAN based on 1.
    4. Potentially access to Linux desktops with the same credentials
    5. Killer is if there was a provisioning tool available that could wipe machines after someone stops using it.

    It started out easy enough to do for William, myself and a few others, but if it scales, I need to get this setup properly. Frankly, very little time to do it on my end.
     
    #10
  11. canta

    canta Well-Known Member

    Joined:
    Nov 26, 2014
    Messages:
    1,018
    Likes Received:
    189
    was this clarkconnect?
    I remember "green" theme on clarkconnect...
     
    #11
  12. apnar

    apnar Member

    Joined:
    Mar 5, 2011
    Messages:
    105
    Likes Received:
    17
    For auth component I'll third FreeIPA. You'll get LDAP and Kerberos (as well as DNS, NTP, cert management, OTP) out of the box. Reasonably easy to add RADIUS with FreeRADIUS tied to it. Gives you a decent web gui but also everything can be done command line. Works well for Single Sign-On on Linux boxes and can even tie in windows boxes using pGina.
     
    #12
  13. JustinH

    JustinH Active Member

    Joined:
    Jan 21, 2015
    Messages:
    123
    Likes Received:
    71
    For point 5, have a look at ManageIQ. It's say it's still a bit rough around the edges, but the automation stuff in it is geared for this type of scenario.
     
    #13
  14. MvL

    MvL Member

    Joined:
    Jan 7, 2011
    Messages:
    33
    Likes Received:
    0
    So you mis a couple of drivers for virtualization? If you want I can pass on what your problems are. I run ClearOS on KVM (unRAID) at the moment but I do not experience a slow webui.

    There is documentation on the site of ClearOS. Maybe it helps to solve your problem with the directory server.

    ClearOS 7 User Guide

    Directory Server
     
    #14
  15. fractal

    fractal Active Member

    Joined:
    Jun 7, 2016
    Messages:
    309
    Likes Received:
    67
    Necro, necro. Ok, @Patrick what did you settle on?

    I just upgraded the firmware on my Archer C7 since the factory version didn't like my daughters iPad and had to reconfigure it and though to my self ... self, is there a better place to store logon credentials? And, since the AP supports Radius authentication, I started looking into it.

    I too tried daloRadius, the .ovf version. I had to edit the .ovf file to get it to load into vmware but the idea of using a package that hasn't been maintained in 5 yrs scared me almost as much as its UI.

    I found the package for freeRadius in pfSense and it looks a bit cleaner. Though, I am not sure how I feel about running a real SQL to a USB stick. Fortunately I had a pfSense box on a thin client box acting as my NTP box for my garmin GPS.

    So, in short, what did you decide? I am leaning towards dropping pfSense on a VM to do nothing other than Radius if I can figure out how to back it up.
     
    #15
  16. Patrick

    Patrick Administrator
    Staff Member

    Joined:
    Dec 21, 2010
    Messages:
    11,612
    Likes Received:
    4,565
    I was surprised that pfSense was the best option at the time.
     
    #16
  17. dswartz

    dswartz Active Member

    Joined:
    Jul 14, 2011
    Messages:
    379
    Likes Received:
    28
    I used pfsense for several years. Currently using sophos UTM (free home version up to 50 IP addresses...)
     
    #17
  18. dswartz

    dswartz Active Member

    Joined:
    Jul 14, 2011
    Messages:
    379
    Likes Received:
    28
    I used clearos way back when it was clarkconnect. I always felt like it was too heavy-weight, and the GUI seemed clunky to me...
     
    #18
  19. Nnyan

    Nnyan Active Member

    Joined:
    Mar 5, 2012
    Messages:
    114
    Likes Received:
    25
    I also tried it during the clarkconnect days, I don't have any notes from that time so I can't remember why it didn't "stick". Simplewall looks pretty cool but it seems dead (chat doesn't work and no one responds to emails). Depending on where/how you download it from their website you can get a -0.0.1 or a -1.1.1 version. Didn't want to waste my time with something that isn't being developed.
     
    #19
Similar Threads: anyone tried
Forum Title Date
Software Stuff Anyone decent at GNU Plot? May 23, 2018
Software Stuff OpenSSL 1.1 final - does anyone know what is going on? Jun 22, 2016
Software Stuff Anyone know the manufacturer of this firewall/ filter? Jun 15, 2016
Software Stuff Anyone experience with PrimoCache for MSSQL-Database or Exchange acceleration ? Apr 19, 2016
Software Stuff Cluster node resurrection - has anyone seen this? Nov 17, 2015

Share This Page