Monday 30 March 2015

How to configure Freeradius server as Radius Proxy/ Relay

Setup :

FreeRadius Server (Linux PC1)---------------------Linux PC2 -----------------------------------AP ----------Users
10.1.1.1 /24                                  10.1.1.2/24            10.2.1.2/24              10.2.1.1/24



Details:

1) The users are authenticated from Free radius server.

2) The Linux PC 2acts as Router with IP forwarding enabled.

3) On Linux PC 2 Radius proxy or the Radius relay is to be enabled so that it forwards the requests to/from users.

4) Free radius is installed in both Linux PC , one to act as relay and another as server.

Configuration on Free radius server

1) Users in users.conf
2) The Linux PC 2 as radius client to be defined in clients.conf
3) Start radius server

radiusd -X


Configuration on Linux PC 2:

Modify below lines in proxy.conf


1)    # virtual_server = foo   --> Change to ->         virtual_server = 10.1.1.1

2) Comment below lines

realm LOCAL {
    #  If we do not specify a server pool, the realm is LOCAL, and
    #  requests are not proxied to it.
}

to

#realm LOCAL {
    #  If we do not specify a server pool, the realm is LOCAL, and
    #  requests are not proxied to it.
#}

3) Uncomment below lines and give ip address of the Radius server

#realm DEFAULT {
#    authhost    = radius.company.com:1600
#    accthost    = radius.company.com:1601
#    secret        = testing123
#}

to

realm DEFAULT {
    authhost    = 10.1.1.1
    accthost    = 10.1.1.1
    secret        = testing123
}

4) The secret between Radius server and this relay is "testing123".

5) Start the server which should act as relay.

radiusd -X


Configuration on AP
For AP the Radius server is the immediate server i.e. here relay 10.2.1.2
User

Once users are defined properly in Linux PC 1, and setup is done, the users should get authenticated.