Radius Authentication

From SME Server
Jump to navigationJump to search
Warning.png Work in Progress:
This page is a Work in Progress. The contents off this page may be in flux, please have a look at this page history the to see list of changes.


Freeradius logo.png

Placeholder


About

FreeRADIUS includes a RADIUS server, a BSD licensed client library, a PAM library, and an Apache module. In most cases, the word FreeRADIUS refers to the RADIUS server. FreeRADIUS is the most widely deployed RADIUS server in the world. It is the basis for multiple commercial offerings. It supplies the AAA needs of many Fortune-500 companies and Tier 1 ISPs.

It is also widely used for Enterprise Wi-Fi and IEEE 802.1X network security, particularly in the academic community, including eduroam. The server is fast, feature-rich, modular, and scalable.

Discussion

https://forums.contribs.org/index.php?topic=53181.msg275326#msg275326

The framework is already in place for radius. In order to use it please define the client host in hostnames and addresses.

Once you have done this then you need to define the shared radius key for that host. You can do this with the following command:

db hosts setprop {full hostname} RadiusKey {random string of characters} signal-event remoteaccess-update

ex.

db hosts setprop wireless.mydomain.com RadiusKey abcdefg123456789 signal-event remoteaccess-update

After this I'd go to the device defined by wireless.mydomain.com and point to the internal interface ip for the server and enter the same key.


You just need to use:

$pw = esmith::util::LdapPassword;
$pw =~ s/^(.{31}).*$/$1/;


(this can also be found in /etc/radiusclient-ng/servers, no db key for this as of yet)

(please see https://bugs.contribs.org/show_bug.cgi?id=10358)


As radius shared secret on SoftEther side Just enter 127.0.0.1 as radius server, and the result of the command I gave you as shared secret (or you can find the secret key in /etc/raddb/clients.conf in the existing localhost section



config setprop radiusd access private TCPPort 1812
config set radius-acct service status enabled access private TCPPort 1813
signal-event remoteaccess-update