筆記 ： FreeRADIUS Installation and Basic Configuration on CentOS 7

note from : systemzone.net/freeradius-…

FreeRADIUS is a modular, high performance and highly customizable open source RADIUS server.

We will now install freeRADIUS on CentOS 7 Linux Server. We will install freeRADIUS from YUM repository. So, before going to start freeRADIUS installation, you should have CentOS 7 ready so that it can access CentOS Yum repository.

Installation

Before going to start freeRADIUS installation, we will first check the available freeRADIUS packages in CentOS YUM repository. For this, issue the following command from your CentOS 7 command prompt with root user privilege.

[root@freeradius ~]#  yum search freeradius
...
freeradius-devel.i686 : FreeRADIUS development files
freeradius-devel.x86_64 : FreeRADIUS development files
...
freeradius.x86_64 : High-performance and highly configurable free RADIUS server
複製代碼

The search command will show you the available packages that can be installed like the above output. Among the listed packages, we will only install

freeradius, freeradius-utils, freeradius-mysql and freeradius-perl packages. 
複製代碼

So, issue the following command from your CentOS command prompt to install these packages.

[root@freeradius ~]# yum install freeradius freeradius-utils freeradius-mysql freeradius-perl –y
複製代碼

Within few moments, your desired freeRADIUS packages will be installed and you will get an installation complete message. To ensure your packages installation, issue the following command that will show installed freeRADIUS packages.

[root@freeradius ~]# rpm -qa | grep freeradius
freeradius-utils-3.0.13-9.el7_5.x86_64
freeradius-perl-3.0.13-9.el7_5.x86_64
freeradius-3.0.13-9.el7_5.x86_64
freeradius-mysql-3.0.13-9.el7_5.x86_64
複製代碼

If you get the above message, your freeRADIUS suit and required packages have been installed successfully.

Now we will check whether our freeRADIUS server is working or not with the following command.

[root@freeradius ~]# radiusd –X
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on proxy address * port 47697
Listening on proxy address :: port 60842
Ready to process requests
複製代碼

If you got the above message, your freeRADIUS server is ready to accept RADIUS client request and provide reply.

Before going to start configuration, we will now check whether our RADIUS server is running or not with the following command where radiusd is freeRADIUS daemon in CentOS Linux Distribution.

[root@freeradius ~]# systemctl status radiusd
複製代碼

issue the following command to start radius daemon.

[root@freeradius ~]# systemctl start radiusd
複製代碼

Also issue the following command so that your radius daemon can run at the time of system restart.

[root@freeradius ~]# systemctl enable radiusd
複製代碼

To restart or reload your configuration, issue the following command from your CentOS 7 command prompt.

[root@freeradius ~]# systemctl restart radiusd
複製代碼

RADIUS Server listen Authentication request on UDP port 1812 and Accounting request on UDP port 1813. So, you have to allow these ports from your CentOS 7 Firewall. To allow these ports, issue the following command from your CentOS 7 command prompt.

[root@freeradius ~]# firewall-cmd –zone=public –add-port=1812/udp
[root@freeradius ~]# firewall-cmd –zone=public –add-port=1813/udp
複製代碼

To make this configuration permanent, issue the following command.

[root@freeradius ~]# firewall-cmd –zone=public –permanent –add-port=1812/udp
[root@freeradius ~]# firewall-cmd –zone=public –permanent –add-port=1813/udp
複製代碼

Basic Configuration

After successful freeRADIUS installation, we will now do a basic configuration where localhost will be defined as a NAS device (RADIUS client) and bob will be defined a test user. After we have defined the client and the test user, we will use the radtest program to fill the role of a RADIUS client and test the authentication of bob.

FreeRADIUS is set up by modifying configuration files. The default location of freeRADIUS configuration file in CentOS 7 is /etc/raddb. So:

cd /etc/raddb
ls 
複製代碼

to view available configuration files and directories.

Open client.conf file with vim editor (vim client.conf) and confirm that the following entry exists in the clients.conf

client localhost {
    ipaddr = 127.0.0.1
    secret = testing123
    require_message_authenticator = no
    nas_type = other
}
複製代碼

Define bob as a FreeRADIUS test user. Open users file with vim editor (vim users) and add the following lines at the top of the users file. Make sure that the second and third lines are indented by a single tab character.

「bob」 Cleartext-Password := 「password」
     Framed-IP-Address = 192.168.10.10,
     Reply-Message = 「Hello, %{User-Name}」
複製代碼

In v3, this is located in

#  raddb/mods-config/files/authorize
複製代碼

Reload the freeRADIUS server with the restart command.

[root@freeradius ~]# systemctl restart radiusd
複製代碼

Authenticate bob user using the following radtest command where

1. bob is a test user and
2. password is the password of bob user defined in users file.
3. 127.0.0.1 (localhost) is IP address of NAS device,
4. 100 is NAS port and
5. testing123 is the NAS password

defined in client.conf file.

[root@freeradius raddb]# radtest bob password 127.0.0.1 100 testing123

Sent Access-Request Id 118 from 0.0.0.0:52494 to 127.0.0.1:1812 length 75
 User-Name = 「bob」
 User-Password = 「password」
 NAS-IP-Address = 192.168.40.10
 NAS-Port = 100
 Message-Authenticator = 0x00
 Cleartext-Password = 「password」
複製代碼

Received Access-Accept Id 118 from 127.0.0.1:1812 to 0.0.0.0:0 length 40

Framed-IP-Address = 192.168.10.10
 Reply-Message = 「Hello, bob」
複製代碼

Radtest will show the response of the FreeRADIUS server like the above output. That means, your freeRADIUS server is completely ready to accept RADIUS clients and users request.