Quick Configurations for Free Radius Server.
It is assumed that Free Radius has been successfully installed in your system. You can always get
the latest Free Radius Package from http://www.freeradius.org/
Minimum Configuration for FreeRadius - By: Akash Shrestha
A) NOTES:
1) FreeRadius is inbuilt package in Fedora Core versions.
The configuration files are in /etc/raddb directory.
2) If you install FreeRadius using tarballs(.tar.gz) then, the default
directory for configuration files are in /usr/local/etc/raddb directory.
3) You have to make changes in port number used by Radius Server as follows
in /etc/services file.
a) Comment all the entries with radius in /etc/services
Search for ports 1812 and 1813 and comment them all
##radius 1812/tcp # Radius
##radius 1812/udp # Radius
##radius-acct 1813/tcp radacct # Radius Accounting
##radius-acct 1813/udp radacct # Radius Accounting
b) Add new port number for radius and radius-acct in /etc/services file as follow:
radius 1645/tcp
radius 1645/udp
radius-acct 1646/tcp
radius-acct 1646/udp
----------------------------------------------------------------------------
B) CONFIGURATIONS:
Now you are ready to edit configuration files for FreeRadius. Edit four files.
1) Edit the file users
# vi /etc/raddb/users
Nothing to be done in this file, just see if the following lines are uncommented, by default
they are uncommented. So leave at it is.
DEFAULT Auth-Type = System
Fall-Through = 1
----------------------------------------------------------------------------
2) Edit the file client.conf
Add the following lines.
client 192.168.10.0/24 {
secret = secret123
shortname = Portmaster
nastype = livingston
login = !root
password = abc123
}
client 192.168.10.0/24 = The network you are using.
secret = The secret set that you have set in your NAS
shortname = Some name for your NAS, which get displayed
when user is authenticated by Radius server.
nastype = Type of the NAS Livingston, 3COM etc
login = Login name of the NAS Server.
password = Password of the NAS Server.
----------------------------------------------------------------------------
3) Edit the file sql.conf
# vi /etc/raddb/sql.conf
See for following lines in this file under sql section and make changes as per your
requirements.
sql {
# Connect info
server = "localhost" # mysql and radius are in same server
login = "root" # mysql username 'root'
password = "akash123" # mysql password
# Database table configuration
radius_db = "radius" # mysql database
}
----------------------------------------------------------------------------
4) Edit the file radius.conf
# vi /etc/raddb/radius.conf
See for following lines (They all should be uncommented!)
log_auth = yes # logs authentication requests
log_auth_badpass = no
# logs incorrect password with bad password (if you want to use it change to yes
instead on no)
log_auth_goodpass = no
# logs correct password with correct password ( don't change to yes, coz you don't
want to view others password)
# MODULE CONFIGURATION
# Unix /etc/passwd style authentication
#
unix {
.
. # uncomment them all for /etc/passwd user authentication.
passwd = /etc/passwd
shadow = /etc/shadow
group = /etc/group
.
.
}
# Authentication.
authenticate {
#
# PAP authentication, when a back-end database listed
# in the 'authorize' section supplies a password. The
# password can be clear-text, or encrypted.
.
.
unix #uncomment this
.
.
}
----------------------------------------------------------------------------
That's all for files in /etc/raddb.
Remember you have changed following four files:
1) clients.conf
2) radius.conf
3) sql.conf
4) users
----------------------------------------------------------------------------
Now create tables used by FreeRadius doing using following commands.
# mysql -uroot -p
> create database radius;
> grant all privileges on radius.* to radius@localhost identified
by 'akash123';
> exit
First Create radius database doing following commands
1) There is a sample file for creating database and tables used by Radius
located at:
a) /usr/local/src/Freeradius-xx/doc/examples
If installed using tarballs in the location /usr/local/src
b) /usr/share/doc/Freeradius-xx/examples
If you are using the built-in FreeRadius package from Fedora.
2) Be in the respective locations.
# cd /usr/local/src/Freeradius-xx
Now you should see many sql files but we need only mysql.sql files,
so see for it. If it is listed then do the following.
# mysql -uroot -pakash123 radius < mysql.sql
----------------------------------------------------------------------------
C) TESTING:
Now you can test the FreeRadius Installation and configurations doing following things.
1) Use radtest command of FreeRadius.
# radtest username password radius-server NAS port Number secret
Example:
# radtest akash akash localhost 1645 testing123
By default this must work on the Radius Server itself just change
the and with valid system user in your Radius
server
OR
# radtest akash akash 192.168.10.50 1645 testing123
where,
akash = username from /etc/passwd
akash = password from /etc/passwd
192.168.10.50 = IP Address of Radius Server
1645 = NAS Port Number where Radius Server connects.
testing123 = Shared secret between NAS and Radius Server.
----------------------------------------------------------------------------
D) QUEIRIES:
This is the end of the Configuration of FreeRadius on Fedora Core Series.
If you still have any problem please just write mail to 'Akash Shrestha' at:
akashrestha@hotmail.com
Generated on: Wed Dec 13 2006 13:02:33
|
