Scribd Logo
Carica

Benvenuto in Scribd!

  • Installation of Freeradius

    Caricato da

    mac004
    124 visualizzazioni7 pagine
    Edit the /etc / freeradius / users file and add the lines for an only user restart the service $: sudo service freeradius restart to test it, run the command Sending Access-Request of id 61 to 192.168.0 port 1812 3 - CONFIGURATION CISCO IOS Use the following ios commands to configure Cisco IOS Client to authenticate with Radius Server (192.168.0.254)

    Descrizione originale:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    DOCX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Edit the /etc / freeradius / users file and add the lines for an only user restart the service $: sudo service freeradius restart to test it, run the command Sending Access-Request of id 61 to 192.168.0 port 1812 3 - CONFIGURATION CISCO IOS Use the following ios commands to configure Cisco IOS Client to authenticate with Radius Server (192.168.0.254)

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    124 visualizzazioni7 pagine

    Installation of Freeradius

    Caricato da

    mac004
    Edit the /etc / freeradius / users file and add the lines for an only user restart the service $: sudo service freeradius restart to test it, run the command Sending Access-Request of id 61 to 192.168.0 port 1812 3 - CONFIGURATION CISCO IOS Use the following ios commands to configure Cisco IOS Client to authenticate with Radius Server (192.168.0.254)

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 7

    INSTALLATION OF FREERADIUS

    from terminal prompt:

    $: sudo apt-get install freeradius

    2 BASE CONFIGURATION OF FREERADIUS


    We need to edit just few files for our environment, as first think modify the line localhost with our client, in the file clients.conf

    $: sudo nano /etc/freeradius/clients.conf


    and modify the localhost

    client 192.168.0.1 {

    secret

    = radiuspassword

    shortname

    = 192.168.0.1

    nastype

    = cisco

    Now is the time to add the parameters about users Radius, to make that edit the file users:

    $: sudo nano /etc/freeradius/users


    add the lines for an only user

    user1

    Cleartext-password == "supersecret"

    Service-Type = NAS-Prompt-User,

    Cisco-AVPair = "shell:priv-lvl=15"

    reboot the service

    $: sudo service freeradius restart


    to test it, run the command

    $: radtest user1 supersecret 192.168.0.1 1812 radiuspassword


    if you receive that:

    Sending Access-Request of id 61 to 192.168.0.1 port 1812

    User-Name = "user1"

    User-Password = "supersecret"

    NAS-IP-Address = 127.0.1.1

    NAS-Port = 1812

    rad_recv: Access-Reject packet from host 192.168.0.1 port 1812, id=61, length=20

    3 CONFIGURATION CISCO IOS


    Use the following ios commands to configure Cisco IOS Client (192.168.0.1) to authenticate with Radius Server (192.168.0.254):

    R1(conf)# aaa new-model R1(conf)# aaa group server radius RadiusGrp R1(config-sg-radius)# server-private 192.168.0.254 auth-port 1812 acct-port 1813 key radiuspassword R1(config-sg-radius)# exit R1(config)# aaa authentication login default group RadiusGrp R1(config)# aaa authorization exec default group RadiusGrp R1(config)# aaa accounting exec default start-stop group RadiusGrp R1(config)# aaa accounting system default start-stop group RadiusGrp

    R1(conf)# line vty 0 5 R1(conf-line)# transport input telnet ssh R1(conf-line)# login authentication default R1(conf-line)# exit

    4 HARD CONFIGURATION OF FREERADIUS


    If we want add another user but this time with the privilege level 3. Edit the /etc/freeradius/users file:

    $: sudo nano /etc/freeradius/users


    and add the lines

    user2

    Cleartext-Password := "testing"

    Service-Type = NAS-Prompt-User,

    Cisco-AVPair = "shell:priv-lvl=3"

    restart Freeradius

    $: sudo /etc/init.d/freeradius restart


    now go to path /var/log/freeradius/radacct/ directory and check the log of each device(s) that you have added inside the clients.conf file. Now if we decided that also user2 can view the runningconfiguration from Router prompt the above command:

    R1(config)# privilege exec all level 3 show running-config


    from user2

    R1# show running-config view full


    Allow user user2, to run the configure terminal command as well as the interface related commands:

    from user1

    R1(config)# privilege exec level 3 configure terminal

    R1(config)# privilege configure all level 3 interface


    cya to the next 1. Njoy !

    HOW TO INSTALL AND CONFIGURE FREERADIUS IN UBUNTU 12.04LTS SERVER EDITION PART 2
    Standard

    | Posted on March 9, 2013 by Riccardo Magrini

    After weve installed and made a base configuration, now we will see how to use MySQL as way of authentication with Radius for our users.

    1 INSTALLATION PACKAGES

    from terminal prompt

    $: sudo apt-getinstall mysql-server freeradius-mysql

    2 BASE CONFIGURATION OF MYSQL


    now weve to create the db and give the authorization to it

    $: mysql -u root -p mysql> create database radius; mysql> create user 'freeradius'@'localhost' identified by 'radius'; mysql> grant all on radius.* to 'freeradius'@'localhost' identified by 'radius'; mysql> flush privileges; mysql> exit;
    then always from terminal, goto the path /etc/freeradius/sql/mysql and

    $: cd /etc/freeradius/sql/mysql $: mysql -u freeradius -p radius < schema.sql $: mysql -u freeradius -p radius < nas.sql
    nas.sql is file that will contain the list of network devices will access to the Radius server. The installation is done well see the configuration of it.

    3 CONFIGURATION RADIUS
    go to the path /etc/freeradius/site-available

    $: cd /etc/freeradius/sites-available $: sudo nano default


    uncomment the following lines: in authorize section uncomment sql in session section uncomment sql in post-auth section uncomment sql in acounting section uncomment

    sql

    then

    $: cd /etc/freeradius $: sudo nano sql.conf


    modify the line with the above parameters login = "freeradius" password = "radius"

    we can left the rest of the lines as default. Uncomment readclients = yes

    then

    $: cd /etc/freeradius $: sudo nano radiusd.conf


    uncomment port = 1812

    uncomment $INCLUDE sql.conf

    as last step

    $: cd /etc/freeradius $: sudo cp clients.conf client.conf.old $: sudo rm clients.conf $: sudo touch clients.conf


    restart the service

    $: sudo service freeradius restart

    4 CONFIGURATION MYSQL FOR USERS


    now we ll add the user to our db

    $: mysql -u freeradius -p
    and insert the device in nas table

    mysql> use radius; mysql> insert into nas (nasname,shortname,secret,description) values ('192.168.0.1','radius','password','server radius');
    the insert the user and pwd in radcheck

    mysql> insert into radcheck (username,attribute,op,value) values ('ric','CleartextPassword',':=','password');

    5 TEST RADIUS
    if all steps are done right run the command

    $: radtest ric password 192.168.0.1 32233 radiuspassword


    if we need to make a change remember to reload the service.

    cya to the next 1. Njoy !

    Potrebbero piacerti anche