Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Requirements:
- mysql, php5, apache2, phpmyadmin
- install freeradius:
- sudo apt-get install freeradius freeradius-mysql
- test freeradius from the default users file:
- sudo nano -c /etc/freeradius/users
- uncomment entry that looks similar below:
- "John Doe" Auth-Type := Local, User-Password == "hello"
- Reply-Message = "Hello, %u"
- restart ubuntu:
- sudo reboot
- check freeradius config files:
- sudo service freeradius stop
- sudo freeradius -XXX
- If all goes well the last line should display:
- Mon Jun 29 15:24:34 2009 : Debug: Ready to process requests.
- NOTE: If you get error “Error binding to port for 0.0.0.0 port 1812”, it means freeradius is already running. Stop it by doing the following:
- sudo ps –A | grep freeradius
- kill -9 freeradius-PID
- start freeradius again:
- sudo service freeradius start
- Test password authorization to users file:
- sudo radtest "John Doe" hello 127.0.0.1 0 testing123
- If all goes well you should get a reply:
- Sending Access-Request of id 136 to 127.0.0.1 port 1812
- User-Name = "John Doe"
- User-Password = "hello"
- NAS-IP-Address = 255.255.255.255
- NAS-Port = 0
- rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=136, length=37
- Reply-Message = "Hello, John Doe"
- change authorization to mysql:
- sudo nano -c /etc/freeradius/sql.conf
- change value below to your actual value:
- server = "localhost"
- login = "root"
- password = "password"
- radius_db = "radius"
- edit /etc/freeradius/radiusd.conf:
- sudo nano -c /etc/freeradius/radiusd.conf
- uncomment the line below:
- $INCLUDE sql.conf
- edit /etc/freeradius/sites-available/default:
- sudo nano -c /etc/freeradius/sites-available/default
- uncomment sql in the following section below:
- authorize {
- ...
- sql
- ...
- }
- accounting {
- ...
- sql
- ...
- }
- session {
- ...
- sql
- ...
- }
- post-auth {
- ...
- sql
- ...
- }
- create radius database and tables:
- switch to root:
- su -
- mysql -u root -p
- create database radius
- quit
- mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql
- mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sql
- You should have 8 tables as shown below:
- nas
- radacct
- radcheck
- radgroupcheck
- radgroupreply
- radpostauth
- radreply
- radusergroup
- populate radcheck and nas table:
- mysql -u root -p
- use radius;
- INSERT INTO `radius`.`radcheck` (`id` ,`username` ,`attribute` ,`op` ,`value`) VALUES (NULL , 'test1', 'MD5-Password', ':=', MD5( '1234' ));
- insert into radcheck (username,attribute,op,value) values ('test2','Cleartext-Password',':=','1234');
- insert into nas (nasname,shortname,secret,description) values ('192.168.0.1','radius','testing123','server radius');
- quit
- exit from root:
- exit
- test freeradius sql authentication:
- sudo radtest test1 1234 localhost 0 testing123
- sudo radtest test2 1234 localhost 0 testing123
- --------------------------------------------------------
- to connect a wireless AP to freeradius:
- edit /etc/freeradius/sql.conf:
- sudo nano /etc/freeradius/sql.conf
- uncomment:
- readclients=yes
- edit /etc/freeradius/radiusd.conf:
- sudo nano /etc/freeradius/radiusd.conf
- comment:
- #$INCLUDE clients.conf
- edit /etc/freeradius/sites-available/inner-tunnel:
- sudo nano /etc/freeradius/sites-available/inner-tunnel
- uncomment sql:
- authorize{
- ...
- sql
- ...
- }
- goto http://your_freeradius_ip/phpmyadmin and login and select radius database:
- populate nas table - for radius clients (insert row):
- nasname ---> 192.168.0.254
- shortname ---> linksys
- type ---> other
- ports ---> 1812
- secret ---> testing123
- description ---> radius client
- populate radcheck table - for user account (insert row):
- username ---> user1
- attribute ---> Cleartext-Password
- op ---> :=
- value ---> password1
- NOTE: attribute can also be MD5-Password
- populate radusergroup table - for users group (insert row):
- username ---> user1
- groupname ---> wifiuser
- populate radreply table (insert row):
- username ---> user1
- attribute ---> Fall-Through
- op ---> :=
- value ---> yes
- populate radgroupcheck table (insert row):
- groupname ---> wifiuser
- attribute ---> Auth-Type
- op ---> :=
- value ---> EAP
- NOTE: value can be local, Accept, or Reject
- populate radgroupreply table (insert rows):
- groupname ---> wifiuser
- attribute ---> Framed-Compression
- op ---> :=
- value ---> Van-Jacobsen-TCP-IP
- groupname ---> wifiuser
- attribute ---> Framed-Protocol
- op ---> :=
- value ---> PPP
- groupname ---> wifiuser
- attribute ---> Service-Type
- op ---> :=
- value ---> Framed-User
- groupname ---> wifiuser
- attribute ---> Framed-MTU
- op ---> :=
- value ---> 1500
- ------------------------------------------------------------------
- go to http://192.168.0.254 - this your wireless AP or nas client:
- setup the SSID
- go to wireless security:
- security mode ---> WPA2 Enterprise
- WPA algoritms ---> AES
- RADIUS Server Address ---> YOUR_FREERADIUS_IP(can be 192.168.0.1)
- RADIUS Server Port ---> 1812
- RADIUS Shared Secret ---> testing123
- Connect Using WPA2-Enterprise with Windows Vista:
- 1. go to Network and Sharing Center
- 2. Select Manage wireless networks
- 3. select Manually create a network profile
- 4. Enter data:
- Network name: YOUR_SSID
- Security type: WPA2-Enterprise
- Encryption type: AES
- Security Key/Passphrase: <leave blank>
- 5. In Wireless Network Properties, select the Security tab
- network authentication method, select Microsoft: Protected EAP (PEAP)
- Uncheck Validate server certificate
- Click Configure button and Uncheck Automatically use my Windows logon on name and password if the computer is not on the domain
Add Comment
Please, Sign In to add comment