freeRADIUS getting started 笔记

时间 2019-11-06

标签 freeradius getting started 笔记繁體版

原文原文链接

note from :

https://wiki.freeradius.org/guide/Getting%20Started
复制代码

Installing the Server

we assume that you can install the server via something like yum install freeradius, or apt-get install freeradius.less

Note that in Debian-based systems, the server daemon is calledide

freeradius /instead of radiusd 
复制代码

The configuration files are also located inui

/etc/freeradius/ instead of /etc/raddb/.
复制代码

Starting the server

When the server has been installed on a new machine, the first step is to start it in debugging mode, as user root:spa

# radiusd -X
复制代码

If the output says Ready to process requests, then all is well.debug

Starting the server When the server has been installed on a new machine, the first step is to start it in debugging mode, as user root:rest

radiusd -X

This step demonstrates that the server is installed and configured properly. If the output says Ready to process requests, then all is well.code

Initial Tests

Testing authentication is simple. Edit the users fileorm

etc/raddb/mods-config/files/authorize
复制代码

and add the following line of text at the top of the file, before anything else:server

testing Cleartext-Password := "password"
复制代码

Start the server in debugging mode (radiusd -X), and run radtest from another terminal window:ip

$ radtest testing password 127.0.0.1 0 testing123
复制代码

format is :

$ radtest
Usage: radtest [OPTIONS] user passwd radius-server[:port] nas-port-number secret 
复制代码

You should see the server respond with an

Access-Accept
复制代码

then congratulations, the following authentication methods now work for the testing user:

PAP, CHAP, MS-CHAPv1, MS-CHAPv2, PEAP, EAP-TTLS, EAP-GTC, EAP-MD5.
复制代码

and test123 in command line is secret defined in

etc/raddb/client.conf
复制代码

like as :

secret = testing123
复制代码

Adding a client

When we discuss clients, we mean clients of the RADIUS server, e.g.

wireless access point,
network switch or
other form of NAS.

NOT the network clients - such as laptops, tablets etc - they do not talk directly to the RADIUS server.

The above test runs radtest from localhost. It is useful to add a new client, which can be done by editing the

etc/raddb/clients.conf 
复制代码

file. Add the following content:

client new {
    ipaddr = 192.0.2.1
    secret = testing123
}
复制代码

You should change the IP address 192.0.2.1 to be the address of the client which will be sending Access-Request packets.

The client should also be configured to talk to the RADIUS server, by using the IP address of the machine running the RADIUS server. The client must use the same secret as configured above in the client section.

Then restart the server in debugging mode, and run a simple test using the testing user. You should see an Access-Accept in the server output

The following steps outline the best known method for configuring the server. Following them lets you create complex configurations with a minimum of effort. Failure to follow them leads to days of frustration and wasted effort.

Configuring the Server

Changing the server configuration should be done via the following steps:

Start with a "known working" configuration, such as supplied by the default installation.
Make one small change to the configuration files.
Start the server in debugging mode (radiusd -X).Verify that the results are what you expect

The debug output shows

any configuration changes you have made.
Databases (if used) are connected and operating.
Test packets are accepted by the server.

The debug output shows that the packets are being processed as you expect.

If anything goes wrong,double-check the configuration; read the entire debug output, looking for words like error or warning. These messages usually contain descriptions of what went wrong, and suggestions for how it can be fixed. Also see an explanation of the debug output and the debug form;

on Mac OS X

first search radius by brew search

brew search radius
复制代码

result :

==> Formulae
freeradius-server ✔
复制代码

then install by :

brew install freeradius-server
复制代码

setup site :

/usr/local/Cellar/freeradius-server/3.0.19_1
复制代码

stop service :

open ActivityMonitor kill radiusd