Radius Terminologies:
Clients: A client refers to a NAS, like an access point (AP). In this tutorial, it is the MT router.
NAS: Network access server.
Change Ownership:
Default FreeRADIUS configuration files are in /etc/freeradius. To work in this folder easier change the folder ownership.
$ sudo chown -R jake:freerad /etc/freeradiusConfigure NAS:
For clients to work probably, NAS requires to have a static ip address. To enable dynamic clients with no static ip address, please see this post. This tutorial will assume all the clients have a static ip address. Client configuration can be stored in a file or MySQL. Below show how to configure the client file.
$ cd /etc/freeradiusOpen the client file with an editor.
$ sudo vi clients.confThis file is well documented. Read through it for your own understanding. Add a new client by copy and paste the following to the end of the clients.conf. Client's ip address is the ip that the RADIUS have to communicate with. If RADIUS is within the same local network, client's ip address is its local ip address. If RADIUS have to speak the client via the internet, client's ip address is the public ip address.
client 127.313.28.15{
secret = radius
shortname = client_home
nas_type = mikrotik
limit {
max_connections = 0
lifetime = 0
idle_timeout = 30
}
}
MySQL Configuration:Setting up the MySQL database: Username: radius. Password: radpass.
mysql -uroot -p CREATE DATABASE radius; GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radpass"; exitCreate the tables.
$sudo mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql $sudo mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sqlConfiguration:
Add the radius database information.
$vi sql.conf
driver = "rlm_sql_mysql"
# Connection info:
server = "localhost"
port = 3306
login = "radius"
password = "radpass"
read_groups = yes
read_clients = yes
Uncomment all sql in /sites-enabled/default and /sites-enabled/inner-tunnel.$ sudo sed -i s/^#.*sql$/sql/g sites-enabled/default
$ sudo sed -i s/^#.*sql$/sql/g /etc/freeradius/sites-enabled/inner-tunnelAdd $INCLUDE sql.conf below $INCLUDE sites-enabled/ in /radiusd.conf.
Link sql.conf to modules.
$ cd modules
$ ln -s sql.conf modules/sqlDisable Proxy:
sudo vi radiusd.conf proxy_requests = noConfigure EAP:
$ cd /etc/freeradius $ sed -i s/use_tunneled_reply\ =\ no/use_tunneled_reply\ =\ yes/g eap.confDisable PAP:
$ sed -i s/pap$/#pap/g sites-enabled/defaultRun it:
$ sudo radiusd -X Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Ready to process requests.Setup Test Environment:
Add Radius Client to Mk Router:
Setup MK Router to authenticate wireless network via EAP.
Add test username and password to MySQL. Try it.
3 comments
This is a great inspiring article.I am pretty much pleased with your good work.You put really very helpful information..
Reply123.hp.com/oj4650
Along with this, we have indicated here a good and easy process for hp printer setup. So for what reason would you say you are stopping? Hit the connection and appreciate top-tier printing results 123.hp.com/oj4650.
ReplyDue to poor technical knowledge, I am getting jam in the middle of the setup process of the HP printer. What to do? I am unable to guess the setup process of the 123.hp.com/oj4650 HP printer. It has become a risky task for me, so I need to take the master technical help from a certified technical specialist.
ReplyPost a Comment