Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
https://freeradius.org/releases/
To install:
1) sudo apt-get install freeradius
To verify if it is installed:
2) freeradius -v
To view files:
sudo ls -l /etc/freeradius/3.0/
To edit:
sudo emacs -nw 3.0/radiusd.conf
Configuration is done in this file and other associated files in the dir.
=======================================================================
When the server has been installed on a new machine, the first step is to start it
in debugging mode, as user root:
root@linuxdesktop:~# freeradius -X
output:
-------
Ready to process requests
The above output means that the server is installed and configured properly.
INITIAL TESTS:
================
ADDING USERS:
3) Start the server in debugging mode (freeradius -X), and run radtest from another
terminal window:
If you see the "Access-Accept" message, the following authentication methods now
work for the testing user:
FURTHER SET UP
===============
1) ADDING CLIENTS:
When we discuss clients, we mean clients of the RADIUS server, e.g. wireless access
point, network switch or other form of NAS. NOT the network clients - such as
laptops, tablets etc - they do not talk directly to the RADIUS server.
Note:
The above test runs radtest from localhost.
It is useful to add a new client, which can be done by editing the clients.conf
file.
client new {
ipaddr = 10.0.0.1
secret = testing123
}
a) You should change the IP address 192.0.2.1 to be the address of the client which
will be sending Access-Request packets.
b) The client should also be configured to talk to the RADIUS server, using the IP
address of the machine running the RADIUS server. c) The client must use the same
secret as configured above in the client section.
Then restart the server in debugging mode (freeradius -X), and run a simple test
using the testing user.
You should see an Access-Accept in the server output.
client localhost {
ipaddr = 127.0.0.1
secret = testing123
}
To test the user we run this at the terminal prompt once freeradius service is
started:
Output:
###############################################################################
Sent Access-Request Id 34 from 0.0.0.0:48123 to 127.0.0.1:1812 length 77
User-Name = "testing"
User-Password = "password"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "password"
Received Access-Accept Id 34 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
###############################################################################
NEXT STEPS:
The next step is to configure an access point, switches, routers etc to point to
the radius server. These authenticators
and listed in /etc/freeradius/3.0/clients.conf , with their secret
NB: Their configured secret should match those in the above file.
Changing the server configuration should be done via the following steps:
1) Start with a "known working" configuration, such as supplied by the default
installation.
2) Make one small change to the configuration files.
3) Start the server in debugging mode (radiusd -X).
4) Verify that the results are what you expect
The debug output shows any configuration changes you have made.
-Databases (if used) are connected and operating.
-Test packets are accepted by the server.
-The debug output shows that the packets are being processed as you expect.
-The response packets are contain the attributes you expect to see.
-If everything is OK, save a copy of the configuration, go back to step (2), and
make another change.