|
Page 1 of 3 Radius Server + MySql Integration FreeRADIUS Server works out of the box with a large list of SQL servers, but unfortunately there are a number of configuration guides available on the internet that are either for very old versions of FreeRADIUS Server, or are wrong, or both. This guide is an attempt to correct some of the misinformation.
System These instructions are for FreeRADIUS Server version 1.1.7 and have been tested on an openSUSE 10.2 installation. Before You Start Before starting with FreeRADIUS, please make sure your server is up and configured on your network, that you have your SQL server of choice (MySQL, Postgresql etc) installed and running, and that your NAS is configured to send RADIUS requests to your RADIUS server. We have some sample configs for Cisco NAS available here.
Getting Started Firstly, you need to install FreeRADIUS Server on your system. As the premiere open source RADIUS suite it is included as a standard package with numerous Operating Systems and has binary packages for many others. Installation is most easily accomplished by installing a binary package (rpm, deb), but if you have a less well known operating system you may need to build your own.
Basic Configuration It's best to start with a simple config using the standard text files, if only to test that FreeRADIUS is correctly installed and works. - Edit /etc/raddb/clients.conf and enter the details of your NAS unit(s). There are examples here, so it should be easy. There should already be a 'localhost' NAS preconfigured here for testing purposes (i.e. so you can use radtest).
- Edit /etc/raddb/users and create an example user account. The file is commented on how to do this.
- Edit /etc/raddb/radiusd.conf and change as needed. You may wish to change the default port to run on 1645 (old port) if you are replacing a legacy RADIUS server.
At this point you should be able to manually fire up /usr/sbin/radiusd. You should do this with the debug turned on so you can see what happens: /usr/sbin/radiusd -X
Lots of stuff will scroll to the screen, and it should tell you it's ready to accept requests. If you get an error, READ THE DEBUG, then check the docs, check the above and try again.
You should now be able to use FreeRadius. You can use radtest to test an account from the command line: radtest username password servername port secret
So, if your example user is 'fred' with password 'wilma', your server is called 'radius.domain.com', is using port 1645, and you put localhost (or your localhost's IP) in clients.conf with a secret of 'mysecret', you should use:
radtest fred wilma radius.domain.com 1645 mysecret
And you should get back something like:
Sending Access-Request of id 226 to 127.0.0.1:1645
User-Name = 'fred'
User-Password = '\304\2323\326B\017\376\322?K\332\350Z;}'
NAS-IP-Address = radius.domain.com
NAS-Port = 1645
rad_recv : Access-Accept packet from host 127.0.0.1:1645,id=226, length=56
Framed-IP-Address = 80.84.161.1
Framed-Protocol = PPP
Service-Type = Framed-User
Framed-Compression = Van-Jacobson-TCP-IP
Framed-IP- Netmask = 255.255.255.255
You should get an 'Access Accept' response. If you don't, do not pass Go, do not collect £200. Go back and check everything. Read the docs, READ THE DEBUG!!
If you have a Windows PC handy you may also wish to use NTradPing (downloadable from MasterSoft) to send test packets instead of radtest. If you do this, or test from any other machine, remember your PC (or other machine) needs to be in your NAS list in clients.conf too! OK, so at this point you should have text-file authentication working in FreeRadius...
|
