User Tools

Site Tools

Trace:
radius_on_centos7

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
radius_on_centos7 [2015/06/24 14:31] herwarthradius_on_centos7 [2018/02/26 21:36] (current) – [Update to CentOS 7.4] herwarth
Line 1: Line 1:
 ======FreeRadius on CentOS 7 with LDAP support====== ======FreeRadius on CentOS 7 with LDAP support======
 +=====Prerequisite=====
 +  * Download the WPA test script: {{:rad_eap_test.gz|}}
 =====Installation====== =====Installation======
   yum install freeradius-ldap freeradius-utils freeradius   yum install freeradius-ldap freeradius-utils freeradius
Line 22: Line 24:
                 control:Password-With-Header    += 'userPassword'                 control:Password-With-Header    += 'userPassword'
                 control:NT-Password             := 'SambaNTPassword'                 control:NT-Password             := 'SambaNTPassword'
 +                reply:Reply-Message             := 'radiusReplyMessage'
 +                reply:Tunnel-Type               := 'radiusTunnelType'
 +                reply:Tunnel-Medium-Type        := 'radiusTunnelMediumType'
 +                reply:Tunnel-Private-Group-ID   := 'radiusTunnelPrivategroupId'
         }         }
         user {         user {
Line 63: Line 69:
 -rw-r-----. 1 root radiusd  245 Jun 24 16:24 dh -rw-r-----. 1 root radiusd  245 Jun 24 16:24 dh
 -rw-r-----. 1 root radiusd 6297 Jun 24 16:24 server.pem -rw-r-----. 1 root radiusd 6297 Jun 24 16:24 server.pem
 +</code>
 +  systemctl enable radiusd
 +  systemctl start radiusd
 +=====Firewall=====
 +  firewall-cmd --permanent --zone=management --add-service=radius
 +  firewall-cmd --permanent --zone=local --add-service=radius
 +  firewall-cmd --reload
 +=====Testing=====
 +Query user for normal access:
 +  radtest <USERNAME> <SECRET> localhost 2 testing123
 +Query user for WPA enterprise:
 +  ./rad_eap_test -H localhost -P 1812 -S testing123 -u <USERNAME> -p <SECRET> -m WPA-EAP -e PEAP -2 MSCHAPV2
 +  ./rad_eap_test -H localhost -P 1812 -S testing123 -u <USERNAME> -p <SECRET> -m WPA-EAP -e TTLS -2 PAP
 +=====Update to CentOS 7.4=====
 +The upgrade to CentOS 7.4 breaks FreeRadius with LDAP. I discovered some errors with dots (.) in the username. So I altered the filter file in /etc/raddb/policy.d
 +
 +THIS CODE IS OBSOLETE
 +<code - /etc/raddb/policy.d/filter>
 +.
 +.
 +.
 +#               if (&User-Name =~ /\.\./ ) {
 +#                       update request {
 +#                               &Module-Failure-Message += 'Rejected: User-Name contains multiple ..s'
 +#                       }
 +#                       reject
 +#               }
 +.
 +.
 +#               if (&User-Name =~ /\.$/ {
 +#                       update request {
 +#                               &Module-Failure-Message += 'Rejected: Realm ends with a dot'
 +#                       }
 +#                       reject
 +#               }
 +.
 +.
 +.
 +</code>
 +===== Peap config change for radius assigned VLAN ====
 +<code - /etc/raddb/mods-available/eap>
 +.
 +.
 +peap {
 +.
 +.
 +                use_tunneled_reply = yes
 +.
 +.
 </code> </code>
 {{tag>centos}} {{tag>centos}}
radius_on_centos7.1435156291.txt.gz · Last modified: by herwarth

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki