-----------------------------------------------
tar zxvf freeradius-<version>.tar.gz
freeradius_2.1.8+dfsg.orig.tar.gz
./configure
make
su - root
make install
Process:
-----------------------------------------------
1. EDIT /etc/hosts FILE
sudo nano /etc/hosts
there is name resolution for IPv6,
so the name “localhost” is ambiguous (IPv4, or IPv6). To fix this:
COMMENT the line below:
::1 localhost ip6-localhost ip6-loopback
2. EDIT /etc/freeradius/sql.conf FILE
Configure freeRADIUS to read information about Radius Clients from database:
By default, freeRADIUS server will read the list of Radius Clients from a text file (the file /etc/freeradius/clients.conf).
But to make it easier to add or remove Radius Clients, the freeRADIUS server should read information about Radius Clients from database.
To configure the freeRADIUS server to read Radius Clients from database, we do as follow:
Open the file /etc/freeradius/sql.conf
In the sql{} module
database = "mysql"
driver = "rim_sql_${database}"
UNDER CONNECTION info:
CHANGE
PASSWORD
password = "YOURPASSWORD"
# Database table configuration for everything except Oracle
radius_db = "radius"
Change, and make sure the two below settings have correct values:
UNCOMMENT
# readclients = yes
AND MAKE SURE
# Table to keep radius clients info
IS:
nas_table = "nas"
3. CREATE DB USER, DATABASE AND PRIVILEGES
mysql -u root -p
create user 'radius'@'localhost' identified by 'PASSWORD';
create datavase radius;
grant all privileges on radius.* to 'radius'@'localhost';
exit
4. EDIT /etc/freeradius/sites-enabled/default FILE
sudo gedit /etc/freeradius/sites-enabled/default
In the file “default”, you check if the following settings are correct or not (the settings in the below pictures are correct settings):
In the authorize{} module
# Look in an SQL dtatbase. the schema of the database
# is meant to mirror the "users" file
UNCOMMENT
# sql
In the accounting{} module
# Log traffic to an SQL database
UNCOMMENT
# sql
SAME FOR:
In the session{} module
In the post-auth{} module
UNCOMMENT
# sql
5. EDIT /etc/freeradius/raddb/radiusd.conf FILE
Now, we configure the “radiusd.conf”. This file contains general settings for the Radius Server. We follow the below steps:
sudo gedit /etc/freeradius/raddb/radiusd.conf
Then, we check if the settings in the file radiusd.conf are correct or not.
In the listen{} module
The port for radius server to listen for authentication request is 1812
# Port on which to listen to
CHANGE TO
port = 1812
In the "SECOND" listen{} module
Port for accounting is 1813
# This second "listen" section is for listening on the accounting
CHANGE TO
port = 1813
In the log{} module
Some settings for logging username, password, etc:
# Log the full user-name attribute, as it was found in the request
CHANGE TO
stripped_names = yes
# Log authentication requests to the log file
CHANGE TO
auth = yes
# Log passwords with the authentication requests.
CHANGE TO
auth_badpass = yes
auth_goodpass = no
In the modules{} module
# Include another file that has the SQL-related configuration
UNCOMMENT
# $INCLUDE sql.conf
KEPT ON GETTING ERROR PACKAGE REJECTED UPON:
sudo radtest -x radius yehuda72 localhost 1812 testing123
AND ERROR:
/var/run/freeradius/freeradius.pid not found
SO DID:
sudo nano /etc/freeradius/raddb/radiusd.conf
AND CHNAGED:
name = radiusd
TO
name = freeradius
OLD VER SAYS TO DO:
FROM
run_dir = ${localstatedir}/run/radiusd
TO
run_dir = ${localstatedir}/run/freeradius
stop FR then restar it
Code:
/etc/init.d/freeradius stop
/etc/init.d/freeradius start
then FR will started normally and generate it's pid file
after that you can test FR worked like this: add any user on your local machine to /etc/freeradius/uers then test it with
Code:
radtest user passwd localhost 1812 testing123
No comments:
Post a Comment