Difference between revisions of "Radius Authentication"
(Page init) |
m (→Discussion) |
||
(15 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | {{WIP box}} | ||
+ | <blockquote style="float: right;"> | ||
+ | [[File:freeradius_logo.png|200px]] | ||
+ | </blockquote> | ||
Placeholder | Placeholder | ||
+ | |||
+ | |||
+ | ==About== | ||
+ | [https://freeradius.org FreeRADIUS] includes a RADIUS server, a BSD licensed client library, a PAM library, and an Apache module. In most cases, the word FreeRADIUS refers to the RADIUS server. FreeRADIUS is the most widely deployed RADIUS server in the world. It is the basis for multiple commercial offerings. It supplies the AAA needs of many Fortune-500 companies and Tier 1 ISPs. | ||
+ | |||
+ | It is also widely used for Enterprise Wi-Fi and IEEE 802.1X network security, particularly in the academic community, including eduroam. The server is fast, feature-rich, modular, and scalable. | ||
+ | |||
+ | ==Discussion== | ||
+ | [https://forums.contribs.org/index.php?topic=53181.msg275326#msg275326 Discussion on the forums] | ||
+ | |||
+ | ---- | ||
+ | The framework is already in place for radius. In order to use it please define the client host in hostnames and addresses. | ||
+ | |||
+ | Once you have done this then you need to define the shared radius key for that host. You can do this with the following command: | ||
+ | |||
+ | db hosts setprop {full hostname} RadiusKey {random string of characters} | ||
+ | signal-event remoteaccess-update | ||
+ | |||
+ | ex. | ||
+ | |||
+ | db hosts setprop wireless.mydomain.com RadiusKey abcdefg123456789 | ||
+ | signal-event remoteaccess-update | ||
+ | |||
+ | After this I'd go to the device defined by wireless.mydomain.com and point to the internal interface ip for the server and enter the same key. | ||
+ | ---- | ||
+ | |||
+ | You just need to use: | ||
+ | $pw = esmith::util::LdapPassword; | ||
+ | $pw =~ s/^(.{31}).*$/$1/; | ||
+ | |||
+ | |||
+ | (this can also be found in /etc/radiusclient-ng/servers, no db key for this as of yet) | ||
+ | |||
+ | (please see https://bugs.contribs.org/show_bug.cgi?id=10358) | ||
+ | |||
+ | |||
+ | As radius shared secret on SoftEther side | ||
+ | Just enter 127.0.0.1 as radius server, and the result of the command I gave you as shared secret (or you can find the secret key in /etc/raddb/clients.conf in the existing localhost section | ||
+ | ---- | ||
+ | |||
+ | |||
+ | config setprop radiusd access private TCPPort 1812 | ||
+ | config set radius-acct service status enabled access private TCPPort 1813 | ||
+ | signal-event remoteaccess-update | ||
+ | |||
+ | ---- | ||
+ | [[Category:Howto]] |
Latest revision as of 06:53, 28 June 2017
Placeholder
About
FreeRADIUS includes a RADIUS server, a BSD licensed client library, a PAM library, and an Apache module. In most cases, the word FreeRADIUS refers to the RADIUS server. FreeRADIUS is the most widely deployed RADIUS server in the world. It is the basis for multiple commercial offerings. It supplies the AAA needs of many Fortune-500 companies and Tier 1 ISPs.
It is also widely used for Enterprise Wi-Fi and IEEE 802.1X network security, particularly in the academic community, including eduroam. The server is fast, feature-rich, modular, and scalable.
Discussion
Discussion on the forums
The framework is already in place for radius. In order to use it please define the client host in hostnames and addresses.
Once you have done this then you need to define the shared radius key for that host. You can do this with the following command:
db hosts setprop {full hostname} RadiusKey {random string of characters} signal-event remoteaccess-update
ex.
db hosts setprop wireless.mydomain.com RadiusKey abcdefg123456789 signal-event remoteaccess-update
After this I'd go to the device defined by wireless.mydomain.com and point to the internal interface ip for the server and enter the same key.
You just need to use:
$pw = esmith::util::LdapPassword; $pw =~ s/^(.{31}).*$/$1/;
(this can also be found in /etc/radiusclient-ng/servers, no db key for this as of yet)
(please see https://bugs.contribs.org/show_bug.cgi?id=10358)
As radius shared secret on SoftEther side
Just enter 127.0.0.1 as radius server, and the result of the command I gave you as shared secret (or you can find the secret key in /etc/raddb/clients.conf in the existing localhost section
config setprop radiusd access private TCPPort 1812 config set radius-acct service status enabled access private TCPPort 1813 signal-event remoteaccess-update