Difference between revisions of "Radius"

From SME Server
Jump to navigationJump to search
(Radius notes for WPA2 authentication, radtest and general use)
 
m (formatting)
 
(2 intermediate revisions by 2 users not shown)
Line 6: Line 6:
 
Radius should work out of the box for WPA2 AP. You have to create a host for your AP, with the correct IP of your AP, then set the radius secret:
 
Radius should work out of the box for WPA2 AP. You have to create a host for your AP, with the correct IP of your AP, then set the radius secret:
  
 +
<pre>
 
db hosts setprop ap.domain.tld RadiusKey SuperSecretThing
 
db hosts setprop ap.domain.tld RadiusKey SuperSecretThing
 
signal-event remoteaccess-update
 
signal-event remoteaccess-update
 +
</pre>
  
 +
If you want to test radius with '''radtest''' (yum install freeradius-utils) it doesn't work as is you need to do the following:
  
If you want to test radius with radtest (yum install freeradius-utils) it doesn't work as is you need to do the following:
+
Add this template to '''/etc/e-smith/templates-custom/etc/raddb/users/40ldap'''  
  
Add this template to /etc/e-smith/templates-custom/etc/raddb/users/40ldap
+
DEFAULT    Auth-Type := LDAP
 
 
DEFAULT    Auth-Type := LDAP
 
  
 
expand the raddb/uses template and any user in LDAP can be used in radtest.  
 
expand the raddb/uses template and any user in LDAP can be used in radtest.  

Latest revision as of 13:10, 31 December 2018

Radius is configured to a minimal level on a standard SME9 installation. Out of the box it is used for PPTP VPN user authentication.

Daniel B. Provided the following information regarding using radius on SME as an authentication source for WPA2 Enterprise.

Radius should work out of the box for WPA2 AP. You have to create a host for your AP, with the correct IP of your AP, then set the radius secret:

db hosts setprop ap.domain.tld RadiusKey SuperSecretThing
signal-event remoteaccess-update

If you want to test radius with radtest (yum install freeradius-utils) it doesn't work as is you need to do the following:

Add this template to /etc/e-smith/templates-custom/etc/raddb/users/40ldap

DEFAULT    Auth-Type := LDAP

expand the raddb/uses template and any user in LDAP can be used in radtest.

Command format:

radtest {username} {password} {hostname} 10 {radius_secret}