Step 1: You can setup FreeRADIUS by modifying configuration
files. Location of configuration files depends on how you install the product.
If you
install FreeRadius using configure, make, make install, configuration files
will be under /usr/local/etc/raddb.
For CentOS,
SLES configuration files will be under /etc/raddb.
For Ubuntu,
it will be under /etc/freeradius.
Step 2: Goto the directory, where FreeRadius files located.
In my case it is in /usr/local/etc/raddb.
Step 3: FreeRadius installation comes with default client
called localhost. Open clients.conf file and make sure following entry exist in
clients.conf.
client
localhost {
ipaddr = 127.0.0.1
secret = testing123
require_message_authenticator = no
nastype = other
}
The
clients.conf file is used to define clients to the FreeRADIUS server. FreeRadius
server identifies a client using ip address. If unknown client sends a request
to a radius server, then the request is simply ignored.
Secret is
used to encrypt and decrypt certain information between radius client and
server.
Step 4: Open users file, add following lines.
"alice"
Cleartext-Password := "passme"
Framed-IP-Address = 172.16.156.62,
Reply-Message = "Hello,
%{User-Name}"
Make sure
the second and third lines are indented by a single tab character.
Users are
defined in users file. Above statements add user “alice”.
Step 5: Start radius server in debug mode. Use following
command to start radius server.
$ /usr/local/sbin/radiusd
-X
Step 6: Open another terminal and run following command.
radtest
alice passme 127.0.0.1 100 testing123
$ radtest alice passme 127.0.0.1 100 testing123 Sent Access-Request Id 80 from 0.0.0.0:55604 to 127.0.0.1:1812 length 75 User-Name = "alice" User-Password = "passme" NAS-IP-Address = 127.0.0.1 NAS-Port = 100 Message-Authenticator = 0x00 Cleartext-Password = "passme" Received Access-Accept Id 80 from 127.0.0.1:1812 to 0.0.0.0:0 length 40 Framed-IP-Address = 172.16.156.62 Reply-Message = "Hello, alice"
What I am
done here is, I used the radtest command as a client to the FreeRADIUS server
to test authentication.
If unknown
client sends a request to a radius server, then the request is simply ignored.
For example,
when I try to communicate with Radius server from unknown ip, the response like
following.
$ radtest alice passme 127.0.0.2 100 testing123
Sent Access-Request Id 80 from 0.0.0.0:59385 to 127.0.0.2:1812 length 75
User-Name = "alice"
User-Password = "passme"
NAS-IP-Address = 127.0.0.1
NAS-Port = 100
Message-Authenticator = 0x00
Cleartext-Password = "passme"
Sent Access-Request Id 80 from 0.0.0.0:59385 to 127.0.0.2:1812 length 75
User-Name = "alice"
User-Password = "passme"
NAS-IP-Address = 127.0.0.1
NAS-Port = 100
Message-Authenticator = 0x00
Cleartext-Password = "passme"
Sent Access-Request Id 80 from 0.0.0.0:59385 to 127.0.0.2:1812 length 75
User-Name = "alice"
User-Password = "passme"
NAS-IP-Address = 127.0.0.1
NAS-Port = 100
Message-Authenticator = 0x00
Cleartext-Password = "passme"
(0) No reply from server for ID 80 socket 4
No comments:
Post a Comment