Configuring RADIUS in Linux

  • Make sure RADIUS server is installed in the linux system [RedHat used for testing]
[root@server2 ~]# rpm -qa | grep radius
freeradius-1.0.1-3.RHEL4.5
[root@server2 ~]#
  • To make radius daemon start when the system boots up: “chkconfig radiusd on”
  • If there is any configuration changes, we need to stop-start or restart the radius daemon using “/etc/init.d/radiusd {start|stop|status|restart|reload|condrestart}”
  • Three files which radius process use;
    • /etc/raddb/radiusd.conf – RADIUS configuration file
    • /etc/raddb/users – users password, privilege level configuration file.
    • /etc/raddb/clients.conf – File where we provide the client IP address and the shared key
  • Confirm the server is listening on radius UDP-1812 port
[root@server2 ~]# netstat -a | grep radius
udp        0      0 *:radius                    *:*
udp        0      0 *:radius-acct               *:*
[root@server2 ~]#
  • To packet capture only RADIUS packets, use “tcpdump udp dst port 1812”
  • If there is any problems starting the RADIUS server check “/var/log/radius/radius.log”
  • Radius server contact a database which can be local, LDAP,PAP etc and reply for ‘Access-request’ msg sent by client (Routers). Reply can be either access-accept or access-reject.

Sample config from “users” file:

venkat1 Auth-Type :=Local, User-Password := "venkat1"
        Service-Type = NAS-Prompt-User,
        cisco-avpair = "shell:priv-lvl=10",
        cisco-avpair = "shell:cmd=show"

<If user enters “enable 8” (by default 15), following snip is checked>

$enab8$ Auth-Type := Local, User-Password=="pass8"

 

Sample config from “clients.config” file:

client 10.16.151.211{
        secret = passwd123
        shortname = 10.16.151.211
}

Reference:

http://wiki.freeradius.org/

http://wiki.freeradius.org/Cisco

Advertisements
This entry was posted in Linux and tagged , . Bookmark the permalink.

One Response to Configuring RADIUS in Linux

  1. Venkat says:

    Ubuntu Server: FreeRADIUS Basic Setup for 802.1x Authentication

    http://www.networkingbits.com/2014/07/freeradius-basic-setup.html

    If there is any trouble with Radius Authentication, check with following commands:

    sudo freeradius -X << to run with Root privilege
    sudo vim /etc/freeradius/radiusd.conf << port, local IP configurations
    sudo tail -f /var/log/freeradius/radius.log << log files.
    sudo /etc/init.d/freeradius restart << restarting freeradius service
    /etc/freeradius/clients.conf and /etc/freeradius/users file for clients and user configurations.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s