Installing freeradius
To install freeradius in RedHat Linux or CentOS operating system, type this command in the terminal:
# yum install freeradius
Type ‘y’ when ‘Is this ok [y/N]:’prompt. Below is the example output of the command entered:
[root@radius01 ~]# yum install freeradius
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* addons: mirror.nus.edu.sg
* base: mirror.nus.edu.sg
* extras: mirror.nus.edu.sg
* updates: mirror.nus.edu.sg
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package freeradius.i386 0:1.1.3-1.5.el5_4 set to be updated
--> Processing Dependency: net-snmp-utils for package: freeradius
--> Processing Dependency: net-snmp for package: freeradius
--> Processing Dependency: perl(DBI) for package: freeradius
--> Running transaction check
---> Package net-snmp.i386 1:5.3.2.2-7.el5_4.2 set to be updated
--> Processing Dependency: libsensors.so.3 for package: net-snmp
---> Package net-snmp-utils.i386 1:5.3.2.2-7.el5_4.2 set to be updated
---> Package perl-DBI.i386 0:1.52-2.el5 set to be updated
--> Running transaction check
---> Package lm_sensors.i386 0:2.10.7-4.el5 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
freeradius i386 1.1.3-1.5.el5_4 updates 1.1 M
Installing for dependencies:
lm_sensors i386 2.10.7-4.el5 base 513 k
net-snmp i386 1:5.3.2.2-7.el5_4.2 updates 696 k
net-snmp-utils i386 1:5.3.2.2-7.el5_4.2 updates 185 k
perl-DBI i386 1.52-2.el5 base 600 k
Transaction Summary
================================================================================
Install 5 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 3.1 M
Is this ok [y/N]: y
Downloading Packages:
(1/5): net-snmp-utils-5.3.2.2-7.el5_4.2.i386.rpm | 176 kB 00:00
http://mirror.nus.edu.sg/centos/5.4/updates/i386/RPMS/net-snmp-utils-5.3.2.2-7.el5_4.2.i386.rpm: [Errno 4] Socket Error: timed out
Trying other mirror.
(1/5): net-snmp-utils-5.3.2.2-7.el5_4.2.i386.rpm | 185 kB 00:00
(2/5): lm_sensors-2.10.7-4.el5.i386.rpm | 513 kB 00:00
(3/5): perl-DBI-1.52-2.el5.i386.rpm | 576 kB 00:00
http://mirror.nus.edu.sg/centos/5.4/os/i386/CentOS/perl-DBI-1.52-2.el5.i386.rpm: [Errno 4] Socket Error: timed out
Trying other mirror.
(3/5): perl-DBI-1.52-2.el5.i386.rpm | 600 kB 00:00
(4/5): net-snmp-5.3.2.2-7.el5_4.2.i386.rpm | 696 kB 00:00
(5/5): freeradius-1.1.3-1.5.el5_4.i386.rpm | 1.1 MB 00:24
--------------------------------------------------------------------------------
Total 27 kB/s | 3.1 MB 01:56
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : perl-DBI 1/5
Installing : lm_sensors 2/5
Installing : net-snmp 3/5
Installing : net-snmp-utils 4/5
Installing : freeradius 5/5
Installed:
freeradius.i386 0:1.1.3-1.5.el5_4
Dependency Installed:
lm_sensors.i386 0:2.10.7-4.el5 net-snmp.i386 1:5.3.2.2-7.el5_4.2
net-snmp-utils.i386 1:5.3.2.2-7.el5_4.2 perl-DBI.i386 0:1.52-2.el5
Complete!
At this point you have successfully installed the radius server, next you have to verify that the radius server is installed.
Check the Server Radius System Version
To check the version of the Radius Server that has been installed, use this command:
# rpm -qa freeradius
Below is the example output of the command entered:
root@radius01 ~]# rpm -qa freeradius
freeradius-1.1.3-1.5.el5_4
radiusd.conf configuration
Next you have to configure the radiusd.conf file based on your network details, in this tutorial, the example show the details of my network configuration.
Using vi text editor, edit the radiusd.conf file using the following configuration. Firstly, enter this command to edit the radius.conf file in the terminal console:
vi /etc/raddb/radiusd.confvi /etc/raddb/radiusd.conf
ldap {
server = "192.168.4.41"
# identity = "cn=admin,o=My Org,c=UA"
# password =secret
basedn = "ou=people,o=mydomain.gov.my,o=gov"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
password_attribute = "userPassword"
# base_filter = "(objectclass=radiusprofile)"
password_attribute = userPassword
#access_attr = "dialupAccess"
authorize {
#
# The preprocess module takes care of sanitizing some bizarre
# attributes in the request, and turning them into attributes
# which are more standard.
#
# The ldap module will set Auth-Type to LDAP if it has not
# already been set
ldap
# $INCLUDE ${confdir}/sql.conf
authenticate {
#
# PAP authentication, when a back-end database listed
# in the 'authorize' section supplies a password. The
# password can be clear-text, or encrypted.
# Uncomment it if you want to use ldap for authentication
# Note that this means "check plain-text password against
# the ldap database", which means that EAP won't work,
# as it does not supply a plain-text password.
Auth-Type LDAP {
ldap
}
Save the configuration before exit by typing ‘:wq’ and enter.
Users configuration
Edit the users by using vi text editor, use following configuration. To edit the users, enter this command in the terminal console:
vi /etc/raddb/Users
Below is the users configuration:
vi /etc/raddb/Users
DEFAULT Auth-Type = System
Fall-Through = 1
DEFAULT Auth-Type := LDAP
Fall-Through = 1
Save the configuration before exit by typing ‘:wq’ and enter.
Client.conf configuration
Edit the Client.conf file by using vi text editor, use following configuration. To edit the Client.conf, enter following command in the terminal console:
vi /etc/raddb/Client.conf
Below is the Client.conf configuration:
vi /etc/raddb/Client.conf
client 192.168.0.0/16 {
secret = test
shortname = private-network-2
}
Save the configuration before exit by typing ‘:wq’ and enter.
Start radius server.
In order to start the radius server, use following command in the terminal console:
# /etc/init.d/radiusd start
Stop radius server.
In order to stop the radius server, use following command in the terminal console:
# /etc/init.d/radiusd stop
Restart radius server.
In order to restart the radius server, use following command in the terminal console:
# /etc/init.d/radiusd restart
Below is the example of the output of restart command entered:
[root@radius01 raddb]# /etc/init.d/radiusd restart
Stopping RADIUS server: [ OK ]
Starting RADIUS server: Tue Apr 13 11:00:48 2010 : Info: Starting - reading configuration files ...
[ OK ] For information, radius server is not automatically start after the operating system is rebooted, so you have to manually enter the start or restart command.
Test The radius Configuration
In order to check the radius server is working and functioning, use following command:
radtest {username} {password} {hostname} 10 {radius_secret}
If the authentication is not successfull, Access-reject message will be display. Access-accept will be display if the authentication is successful.
