Freeradius Deployement On Ubuntu

Freedius setup is an open source package for radius protocol security. This security is generally provided for the network switches and routers on enterprise level WPA(Wireless Protected Access).

Radius: Remote Authentication Dial-In User Service is used for the authentication purpose. Radius provides the ‘AAA’ scheme, like Authentication, Authorization and Accounting.

Authentication is first step for the client (NAS device) as user and password scheme.

Authorization is the permission of the device that how much resource access granted to client.

Accounting is used for the counting record of the client at active session.

Deployment Steps: As a beginner you can use the platform setup of freeradius server. Github source is only preferred for the old versions.

Installation:

  1. Use the apt package as
      #apt-get install freeradius freeradius-utils
  1. Start the freeradius service
     #systemctl start freeradius.service
  1. The default port of freeradius service is 1812 for authentication and 1813 for accounting.
  2. Use the freeradius in debug mode as
    #freeradius –X

Before this stop service from demon mode

   #systemctl stop freeradius.service

Configuration:

  1. Setup the ‘/etc/freeradius/users’ file in this we setup the Username and password for the access point.
  username  Cleartext-Password := “password”

 

  1. Setup the ‘/etc/freeradius/clients.conf’ in the we setup the Nas clients, localhost is the default client as
     Client localhost {

                   ipaddr = 127.0.0.1

                  secret = testing123

}

Test Environment:

  1. Use the ‘radtest’ command utility as
          radtest  username password serverip port secretkey
 Example:-  radtest rahul rahul 127.0.0.1  0  testing123

 

You should see the server respond with an ‘Access-Accept’

Sending Access-Request of id 167 to 127.0.0.1 port 1812

          User-Name = “rahul”

          User-Password = “rahul”

          NAS-IP-Address = “NAS_CLIT_IP”

          NAS-Port = 0

Message-Authenticator = 0x0000000000000000
Output Of The Server Response

red_recv: Access-Accept  packet from host 127.0.0.1 port 1812, id=167, length=20.

 

Leave a Reply

Your email address will not be published. Required fields are marked *