Free Radius Server can be downloaded from http://sourceforge.net/projects/freeradius/
Some of the common commands are :
1) To run RADIUS service :
radiusd –X
2) To kill RADIUS service, search for the process-id
ps –ax
kill 9 <pid>
3) Configure Clients:
/usr/local/etc/raddb/clients.conf
client 10.0.0.1/16 {
secret = test123
shortname = private-network-2
}
4) Configure users:
/usr/local/etc/raddb/users
"user1" Cleartext-Password: = "test1"
5) PEAP :To authenticate a client using PEAP, the following configurations are needed for the PEAP module in the eap.conf file
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}
6) To authenticate a client by validating the server certificate, "ca.der " certificate needs to be installed in the client
7) TLS: To authenticate a client using TLS ,the following configurations are needed for the TLS module in the eap.conf file
tls {
certdir = ${confdir}/certs
cadir = ${confdir}/certs
private_key_password = whatever
private_key_file = ${certdir}/server.pem
certificate_file = ${certdir}/server.pem
CA_file = ${cadir}/ca.pem
dh_file = ${certdir}/dh
random_file = ${certdir}/random
CA_path = ${cadir}
cipher_list = "DEFAULT"
make_cert_command = "${certdir}/bootstrap"
cache {
enable = no
lifetime = 24 # hours
max_entries = 255
}
}
8) TTLS: To authenticate a client using TTLS ,the following configurations are needed for the TTLS module in the eap.conf file
ttls {
default_eap_type = md5
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}
How to generate the certificates
1) To generate the certificates for ca and server use command "./bootstrap" in the below folder
/usr/local/etc/raddb/certs
2) To generate certificates for client
Use command, "make client.pem" and copy the certificate "client.p12" to client and install
*** while installing the client.p12 in windows client, config password same as in certificate i,e "whatever" as per in client.cnf
Radius VLAN assignment
"user1" Cleartext-Password := "test1"
Tunnel-type = VLAN,
Tunnel-medium-type = IEEE-802,
Tunnel-Private-Group-Id = "10"
Note: "use_tunneled_reply" is to be enabled for authentication to work. To enable, need to configure, "use_tunneled_reply = yes" in the eap.conf file
Some of the common commands are :
1) To run RADIUS service :
radiusd –X
2) To kill RADIUS service, search for the process-id
ps –ax
kill 9 <pid>
3) Configure Clients:
/usr/local/etc/raddb/clients.conf
client 10.0.0.1/16 {
secret = test123
shortname = private-network-2
}
4) Configure users:
/usr/local/etc/raddb/users
"user1" Cleartext-Password: = "test1"
5) PEAP :To authenticate a client using PEAP, the following configurations are needed for the PEAP module in the eap.conf file
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}
6) To authenticate a client by validating the server certificate, "ca.der " certificate needs to be installed in the client
7) TLS: To authenticate a client using TLS ,the following configurations are needed for the TLS module in the eap.conf file
tls {
certdir = ${confdir}/certs
cadir = ${confdir}/certs
private_key_password = whatever
private_key_file = ${certdir}/server.pem
certificate_file = ${certdir}/server.pem
CA_file = ${cadir}/ca.pem
dh_file = ${certdir}/dh
random_file = ${certdir}/random
CA_path = ${cadir}
cipher_list = "DEFAULT"
make_cert_command = "${certdir}/bootstrap"
cache {
enable = no
lifetime = 24 # hours
max_entries = 255
}
}
8) TTLS: To authenticate a client using TTLS ,the following configurations are needed for the TTLS module in the eap.conf file
ttls {
default_eap_type = md5
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}
How to generate the certificates
1) To generate the certificates for ca and server use command "./bootstrap" in the below folder
/usr/local/etc/raddb/certs
2) To generate certificates for client
Use command, "make client.pem" and copy the certificate "client.p12" to client and install
*** while installing the client.p12 in windows client, config password same as in certificate i,e "whatever" as per in client.cnf
Radius VLAN assignment
"user1" Cleartext-Password := "test1"
Tunnel-type = VLAN,
Tunnel-medium-type = IEEE-802,
Tunnel-Private-Group-Id = "10"
Note: "use_tunneled_reply" is to be enabled for authentication to work. To enable, need to configure, "use_tunneled_reply = yes" in the eap.conf file