Radius Install & Basic Configuration
About this article
On Debian, there is a free package running Radius, named freeradius. This is an article to install freeradius and basic configuration.
Install
Install is very easy. There is an apt package, so executing some commands complete the installation.
- apt-get update
- apt-get install freeradius
- apt-get install freeradius-utils
Basic configuration
Radius requires following configurations.
- Defined radius user
- Defined accepted network information
Define radius user
Edit /etc/freeradius/users. Here is an example to use Host user on Radius.
user01 Auth-Type :=System
Reply-Message = "User user01 logged in",
Service-Type = "Administrative-User",
Fall-Through = YesAnd adding the reject message.
DEFAULT Auth-Type := Reject
Reply-Message = "This account is disabled."
Define accepted network information
Edit /etc/freeradius/clients.conf. If office network segment is 192.168.1.0/24 and accepted only authentication requests from office network, adding following contents to clients.conf.
client 192.168.1.0/24 {
secret = $secret_word
require_message_authenticator = no
}
Test authentication
There is a test radius client in freeradius-utils package. Here is a test authentication sample.
# radtest user01 password localhost 1812 testing123
Sending Access-Request of id 144 to 127.0.0.1 port 1812
User-Name = "user01"
User-Password = "password"
NAS-IP-Address = XXX.XXX.XXX.XXX
NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=144, length=48
Reply-Message = "User user01 logged in"
Service-Type = Administrative-User
#
