WinRADIUS 3.0.

18 (64-bit)
Thank you for choosing FreeRADIUS Server for Windows 3.0.18 (64-bit).

Build Options
• OpenSSL 1.1.1a (TLS 1.3)
• ODBC support (unixODBC 2.3.7)
• OpenLDAP 2.4.47
• Heimdal Kerberos 7.99.1
• IPv6

Setup

a) Start FreeRADIUS Server (Start - Programs - FreeRADIUS 3.0.18 - Start

RADIUS Server (Debug)).

Sanity Tests

Go to Start - Programs - FreeRADIUS 3.0.18 - RADIUS Command Prompt

Run the following scripts to test the server is working properly:

a) radtestwin.cmd
b) radtest-digest.cmd
c) radeapclient.cmd
d) radtest-sspi.cmd [ Use your local users here ]

1
Version Info

radiusd -Xxv

To the best of our knowledge, this is the first and only Windows native port of
FreeRADIUS Server1. This contribution started with FreeRADIUS 2.2.6 and
continues to present.

1
FreeRADIUS Project, http://freeradius.org/

2
LDAP

a) Install and set up OpenLDAP Server

b) Edit sites-enabled/default file:

authorize {
…
…
ldap
…
…
}

authenticate {
…
…
Auth-Type LDAP {
ldap
}
…
…
}

c) Edit modules/ldap file and adjust some values accordingly (e.g. server name,
base dn, etc)

d) Start OpenLDAP Server

e) Start FreeRADIUS Server

3
FR Server Output

4
SQL
MS SQL SERVER

Make sure that MS SQL server service is up and running and it can be accessed.
(FreeTDS and unixODBC utilities can be used to test connection to MS SQL Servers.)

Create ‘radius’ database

Execute all SQL scripts under the etc/raddb/sql/mssql folder

Edit etc/raddb/sql.conf file:

sql {
#
# Set the database to one of:
#
# mysql, mssql, oracle, postgresql
#
database = "unixodbc"
driver = "rlm_sql_${database}"
server = "MSSQLTestServer"
login = "testsqluser"
password = "xxxx"
…
…
}

Edit etc/raddb/sites-enabled/default file:

authorize {
…
...
sql
…
…
}
accounting {
…
…
sql
…
…
}

5
Test commands

odbcinst.exe -j

odbcinst.exe -q -d // odbcinst.exe -q -s

6
 FR Server Output

radclient -x -s -r 1 -f radclient.conf 127.0.0.1:1812 auth testing123

7
KERBEROS

a) Install and set up Heimdal Kerberos (Server)

b) Obtain a valid kerberos ticket for a particular user (a.k.a. kinit <user name>)

Add/Adjust some values in: modules/krb5, users, and sites-enabled/default

krb5 {
keytab = C:/heimdal-7.99.1/etc/krb5.keytab
service_principal = host/localhost@TEST.H5L.SE
}
Auth-Type Kerberos {
krb5
}
radclient -x -s -r 1 -f radclient-krb5.conf 127.0.0.1:1812 auth testing123

8
FR Server Output

9
EAP Methods

Use eapol_test tool to test different EAP methods.

Examples

EAP-FAST

eapol_test -a 127.0.0.1 -p 1812 -s testing123 -c eap-fast.conf

FR Server Output

eapol_test output

10
EAP-PWD

eapol_test -a 127.0.0.1 -p 1812 -s testing123 -c eap-pwd.conf

FR Server Output

11
SSPI (experimental)

Windows users authentication. It supports NTLM & Windows Kerberos.

radclient -x -s -r 1 -f radclient-sspi.conf 127.0.0.1:1812 auth testing123

FR Debug Output

Using ‘Guest’ user account …

12
Source Code
The source code is available at:

FreeRADIUS Project, http://freeradius.org/

WinRADIUS Project, http://winradius.eu/

Via email

13