API tools faq
paste
shokti

ubuntu 13.04 - freeradius mysql authentication

shokti
Dec 2nd, 2013
260
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.58 KB | None | 0 0
raw download clone embed print report
  1. Requirements:
  2. mysql, php5, apache2, phpmyadmin
  3.  
  4. install freeradius:
  5. sudo apt-get install freeradius freeradius-mysql
  6.  
  7. test freeradius from the default users file:
  8. sudo nano -c /etc/freeradius/users
  9.  
  10. uncomment entry that looks similar below:
  11.  
  12. "John Doe" Auth-Type := Local, User-Password == "hello"
  13. Reply-Message = "Hello, %u"
  14.  
  15. restart ubuntu:
  16. sudo reboot
  17.  
  18. check freeradius config files:
  19. sudo service freeradius stop
  20.  
  21. sudo freeradius -XXX
  22.  
  23. If all goes well the last line should display:
  24. Mon Jun 29 15:24:34 2009 : Debug: Ready to process requests.
  25.  
  26. NOTE: If you get error “Error binding to port for 0.0.0.0 port 1812”, it means freeradius is already running. Stop it by doing the following:
  27. sudo ps –A | grep freeradius
  28. kill -9 freeradius-PID
  29.  
  30. start freeradius again:
  31. sudo service freeradius start
  32.  
  33. Test password authorization to users file:
  34. sudo radtest "John Doe" hello 127.0.0.1 0 testing123
  35.  
  36.  
  37. If all goes well you should get a reply:
  38.  
  39. Sending Access-Request of id 136 to 127.0.0.1 port 1812
  40. User-Name = "John Doe"
  41. User-Password = "hello"
  42. NAS-IP-Address = 255.255.255.255
  43. NAS-Port = 0
  44. rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=136, length=37
  45. Reply-Message = "Hello, John Doe"
  46.  
  47. change authorization to mysql:
  48. sudo nano -c /etc/freeradius/sql.conf
  49.  
  50. change value below to your actual value:
  51. server = "localhost"
  52. login = "root"
  53. password = "password"
  54. radius_db = "radius"
  55.  
  56. edit /etc/freeradius/radiusd.conf:
  57. sudo nano -c /etc/freeradius/radiusd.conf
  58.  
  59. uncomment the line below:
  60. $INCLUDE sql.conf
  61.  
  62. edit /etc/freeradius/sites-available/default:
  63. sudo nano -c /etc/freeradius/sites-available/default
  64.  
  65. uncomment sql in the following section below:
  66.  
  67. authorize {
  68. ...
  69. sql
  70. ...
  71. }
  72.  
  73. accounting {
  74. ...
  75. sql
  76. ...
  77. }
  78.  
  79. session {
  80. ...
  81. sql
  82. ...
  83. }
  84.  
  85. post-auth {
  86. ...
  87. sql
  88. ...
  89. }
  90.  
  91. create radius database and tables:
  92. switch to root:
  93. su -
  94.  
  95. mysql -u root -p
  96.  
  97. create database radius
  98. quit
  99.  
  100. mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql
  101. mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sql
  102.  
  103. You should have 8 tables as shown below:
  104.  
  105. nas
  106. radacct
  107. radcheck
  108. radgroupcheck
  109. radgroupreply
  110. radpostauth
  111. radreply
  112. radusergroup
  113.  
  114. populate radcheck and nas table:
  115. mysql -u root -p
  116.  
  117. use radius;
  118. INSERT INTO `radius`.`radcheck` (`id` ,`username` ,`attribute` ,`op` ,`value`) VALUES (NULL , 'test1', 'MD5-Password', ':=', MD5( '1234' ));
  119. insert into radcheck (username,attribute,op,value) values ('test2','Cleartext-Password',':=','1234');
  120. insert into nas (nasname,shortname,secret,description) values ('192.168.0.1','radius','testing123','server radius');
  121. quit
  122.  
  123. exit from root:
  124. exit
  125.  
  126. test freeradius sql authentication:
  127. sudo radtest test1 1234 localhost 0 testing123
  128. sudo radtest test2 1234 localhost 0 testing123
  129.  
  130. --------------------------------------------------------
  131. to connect a wireless AP to freeradius:
  132.  
  133. edit /etc/freeradius/sql.conf:
  134. sudo nano /etc/freeradius/sql.conf
  135.  
  136. uncomment:
  137. readclients=yes
  138.  
  139. edit /etc/freeradius/radiusd.conf:
  140. sudo nano /etc/freeradius/radiusd.conf
  141.  
  142. comment:
  143. #$INCLUDE clients.conf
  144.  
  145. edit /etc/freeradius/sites-available/inner-tunnel:
  146. sudo nano /etc/freeradius/sites-available/inner-tunnel
  147.  
  148. uncomment sql:
  149.  
  150. authorize{
  151. ...
  152. sql
  153. ...
  154. }
  155.  
  156. goto http://your_freeradius_ip/phpmyadmin and login and select radius database:
  157.  
  158. populate nas table - for radius clients (insert row):
  159. nasname ---> 192.168.0.254
  160. shortname ---> linksys
  161. type ---> other
  162. ports ---> 1812
  163. secret ---> testing123
  164. description ---> radius client
  165.  
  166. populate radcheck table - for user account (insert row):
  167. username ---> user1
  168. attribute ---> Cleartext-Password
  169. op ---> :=
  170. value ---> password1
  171.  
  172. NOTE: attribute can also be MD5-Password
  173.  
  174. populate radusergroup table - for users group (insert row):
  175. username ---> user1
  176. groupname ---> wifiuser
  177.  
  178. populate radreply table (insert row):
  179. username ---> user1
  180. attribute ---> Fall-Through
  181. op ---> :=
  182. value ---> yes
  183.  
  184. populate radgroupcheck table (insert row):
  185. groupname ---> wifiuser
  186. attribute ---> Auth-Type
  187. op ---> :=
  188. value ---> EAP
  189.  
  190. NOTE: value can be local, Accept, or Reject
  191.  
  192. populate radgroupreply table (insert rows):
  193. groupname ---> wifiuser
  194. attribute ---> Framed-Compression
  195. op ---> :=
  196. value ---> Van-Jacobsen-TCP-IP
  197.  
  198. groupname ---> wifiuser
  199. attribute ---> Framed-Protocol
  200. op ---> :=
  201. value ---> PPP
  202.  
  203. groupname ---> wifiuser
  204. attribute ---> Service-Type
  205. op ---> :=
  206. value ---> Framed-User
  207.  
  208. groupname ---> wifiuser
  209. attribute ---> Framed-MTU
  210. op ---> :=
  211. value ---> 1500
  212.  
  213. ------------------------------------------------------------------
  214. go to http://192.168.0.254 - this your wireless AP or nas client:
  215. setup the SSID
  216. go to wireless security:
  217. security mode ---> WPA2 Enterprise
  218. WPA algoritms ---> AES
  219. RADIUS Server Address ---> YOUR_FREERADIUS_IP(can be 192.168.0.1)
  220. RADIUS Server Port ---> 1812
  221. RADIUS Shared Secret ---> testing123
  222.  
  223.  
  224. Connect Using WPA2-Enterprise with Windows Vista:
  225. 1. go to Network and Sharing Center
  226. 2. Select Manage wireless networks
  227. 3. select Manually create a network profile
  228. 4. Enter data:
  229. Network name: YOUR_SSID
  230. Security type: WPA2-Enterprise
  231. Encryption type: AES
  232. Security Key/Passphrase: <leave blank>
  233. 5. In Wireless Network Properties, select the Security tab
  234. network authentication method, select Microsoft: Protected EAP (PEAP)
  235. Uncheck Validate server certificate
  236. Click Configure button and Uncheck Automatically use my Windows logon on name and password if the computer is not on the domain
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!