Radius Install & Basic Configuration
About this article
On Debian, there is a free package running Radius, named freeradius. This is an article to install freeradius and basic configuration.
Install
Install is very easy. There is an apt package, so executing some commands complete the installation.
- apt-get update
- apt-get install freeradius
- apt-get install freeradius-utils
Basic configuration
Radius requires following configurations.
- Defined radius user
- Defined accepted network information
Define radius user
Edit /etc/freeradius/users. Here is an example to use Host user on Radius.
user01 Auth-Type :=System Reply-Message = "User user01 logged in", Service-Type = "Administrative-User", Fall-Through = Yes
And adding the reject message.
DEFAULT Auth-Type := Reject Reply-Message = "This account is disabled."
Define accepted network information
Edit /etc/freeradius/clients.conf. If office network segment is 192.168.1.0/24 and accepted only authentication requests from office network, adding following contents to clients.conf.
client 192.168.1.0/24 { secret = $secret_word require_message_authenticator = no }
Test authentication
There is a test radius client in freeradius-utils package. Here is a test authentication sample.
# radtest user01 password localhost 1812 testing123 Sending Access-Request of id 144 to 127.0.0.1 port 1812 User-Name = "user01" User-Password = "password" NAS-IP-Address = XXX.XXX.XXX.XXX NAS-Port = 1812 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=144, length=48 Reply-Message = "User user01 logged in" Service-Type = Administrative-User #