Scribd
Upload
163 views9 pages

Configuring Linux Radius Server: - Objectives - Contents

The document provides instructions for configuring a Linux Radius server. It discusses: - An overview of how Radius works for authentication, authorization, and accounting. - Configuring the Radius server software and testing the installation and basic authentication. - Configuring client devices like an Aironet Cisco1200 access point and Windows XP clients to use the Radius server for wireless authentication. - Setting up FreeRadius configuration files to log authentication attempts, use Unix password files for authentication, and define Radius clients and encryption methods.

Uploaded by

Gokula Theerthan
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
163 views9 pages

Configuring Linux Radius Server: - Objectives - Contents

The document provides instructions for configuring a Linux Radius server. It discusses: - An overview of how Radius works for authentication, authorization, and accounting. - Configuring the Radius server software and testing the installation and basic authentication. - Configuring client devices like an Aironet Cisco1200 access point and Windows XP clients to use the Radius server for wireless authentication. - Setting up FreeRadius configuration files to log authentication attempts, use Unix password files for authentication, and define Radius clients and encryption methods.

Uploaded by

Gokula Theerthan
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 9

Configuring Linux Radius Server

• Objectives
– This chapter will show you how to install and use Radius
• Contents
– An Overview Of How Radius Works
– Configruation of Radius
– Testing Radius server
– Setting up Aironet Cisco1200 for radius
– Client Setup Windows XP with wireless pccard

• Practical
– Implementing Radius server
Introducing the elements
• NAS
– Network Access Server (NAS) perform authentication, authorization, and
accounting for users.
– The network access server, is typically a router, switch, or wireless access point
– NAS act as a relay that pass or block traffic to and from authenticated clients
• RADIUS and AAA
– The RADIUS server is usually a daemon process running on a UNIX or Windows
2003 server.
– Authentication and authorization plus accounting are combined together in
RADIUS
• LDAP
– The Lightweight Directory Access Protocol (LDAP) is an open standard
– It defines a method for accessing and updating information in a X.500-like
directory.
– LDAP simplifies user administration tasks by managing users in a central
directory.
Authentication via RADIUS and LDAP
Installing RADIUS
• Add a testuser ##useradd
useraddkalle
kalle
– Add a password for your testuser ##passwd
passwdkalle
kalle
• Building from source
– Usally a good idea for best optimized ##tar
tar-zxvf
-zxvffreeradius-1.0.2.tar.gz
freeradius-1.0.2.tar.gz
code
##./configure
./configure
##make
make
##make
makeinstall
install
• Start radiusd in debug mode
– To see if any errors arrives ##radiusd
radiusd-X
-X
• Modify /etc/shadow permission
##chmod
chmodg+r
g+r/etc/shadow
/etc/shadow
• Make the first radius auth test
– Simulate a user trying to atenticate against the radius server

0 = fake NAS port ## radtest


radtestkalle
kalle123456
123456localhost
localhost00testing123
testing123
testing123 is the mandatory common secret for localhost
NAS clients is found in /etc/raddb/clients.conf
• If radtest receives a response, the FreeRADIUS server is working.
Configure FreeRADIUS
• FreeRADIUS configuration files are usually stored in the
/etc/raddb folder
• Modifying radiusd.conf to activate logging
– Find and correct
log_auth
log_auth==yes
yes
log_auth_badpass
log_auth_badpass==yes
yes
log_auth_goodpass
log_auth_goodpass==no
no

• Setup to enable unix account to serve as autentication and


add cisco authentication port
port
port==1645
1645
passwd
passwd==/etc/passwd
/etc/passwd
shadow
shadow==/etc/shadow
/etc/shadow
group
group==/etc/group
/etc/group
Configure FreeRADIUS for NAS clients
• Adding the NAS clients in /etc/raddb/clients.conf
– You can add single clients or subnets if your like
client
client192.168.1.254/24
192.168.1.254/24{{
secret
secret ==mysecret1
mysecret1
shortname
shortname ==ap1200
ap1200
nastype
nastype ==cisco
cisco
}}

• Security is sligthly higher if you point out each NAS with IP


and have various password for them

• Here is a subnet declaration for NAS


client
client192.168.2.0/24
192.168.2.0/24{{
secret
secret ==mysecret1
mysecret1
shortname
shortname ==myserver
myserver
nastype
nastype ==other
other
}}
Configuring the user for authentication
• The file /etc/raddb/users contains authentication and
configuration information for each user.
– Add change thenfollowing links, place after the informative heater text:

Auth-Type
Auth-Type:=:=LDAP
LDAP
Auth-Type
Auth-Type := Local,User-Password
:= Local, User-Password==
=="mypasswd"
"mypasswd"
Auth-Type
Auth-Type:=:=System
System
Service-Type
Service-Type==Login
Login

– We prepare for LDAP and LOCAL authentication for users authenticate through
the NAS
• The file /etc/raddb/eap.conf sets the user cryptation
methodes (there are many)
– Change/add the following:

default_eap_type
default_eap_type==md5
md5
auth_type
auth_type==PAP
PAP
md5
md5{{}}
leap{
leap{}}
Configuring the Aironet 1200
• For EAP security, login to your AP and goto express security
1. Enter your SSID cisco
2. No VLAN
3. Security EAP
Enter IP address of your Radius server: 192.168.1.10
Enter the Server Secret: mysecret1

Click on APPLY

• For WPA security, login to your AP and goto express security


1. Enter your SSID cisco
2. No VLAN
3. Security WPA
Enter IP address of your Radius server: 192.168.1.10
Enter the Server Secret: mysecret1

Click on APPLY
Configuring the user CPE equipment
• In this particular case we have windows xp as CPE
– Install your

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy