Simple Installation of Freeradius
Simple Installation of Freeradius
Simple Installation of Freeradius
This document describes the steps to install freeRadius under Fedora and prepare configuration to be used to authenticate PacketShaper Login Access. I do have Fedora with kernel 2.6.9-1.667 running and downloaded a copy of freeRadius 2.1.7 from their website http://freeradius.org Make sure you have Development Tools installed on your Fedora Workstation A comprehensive Source of Installation & Configuration is found on http://wiki.freeradius.org/Main_Page Unpack the download gz file
[root@fedora freeradius-server-2.1.7]# ./configure [root@fedora freeradius-server-2.1.7]# make [root@fedora freeradius-server-2.1.7]# make install
The first time, you should start the freeRadius Server under root. The X will run the server in debugging mode. The will also generate a Certificate.
However, this is only half of the story. Next you will need to configure the Radius Server to respond with the vendor specific access level attribute.
Title
page 2 of 5
3. Enter each users name, password, and local access level into the users file
Copy the original users (/usr/local/etc(raddb) file to and create an empty file. Personally, I prefer slim files with only some lines. I also did use user names from the local fedora workstation, to control passwords from a system point of view. However, keep in mind, only PAP will work. I did use PacketWise 8.3.3. It may change in the future, but that question needs to get to BlueCoat, who owns PacketShaper after their acquisition of Packeteer. rbemsel Auth-Type := System Packeteer-AVPair = "access=look" root Auth-Type := System Packeteer-AVPair = "access=touch"
= secret88 = lab-shaper
Title
page 3 of 5
You can get a more detailed response, when loggin into the console or telnet/ssh to the CLI 192.168.10.83# radius session ID Status Age Idle Limit Type Access User Name -------------------------------------------------------------------------------4b1c20af logged in 125 secs 0 secs 60 mins CLI touch root 4b1c2021 logged in 260 secs 202 secs 60 mins WUI touch root 192.168.10.83# I like following login test, as I can see immediate response. 192.168.10.83# radius login root my_secret_password "root" RADIUS Authentication OK Vendor-Specific: access=touch 192.168.10.83#
Title
page 4 of 5
Title
page 5 of 5
Troubleshooting Tips
This is a free Test Utility, which can be downloaded at www.dialways.com . Using this tool does not require any other radius clients to connect to the server.
Additionally, I use to Packet Monitoring Tool, which can be downloaded at www.analogx.com. This is also freeware and helps to determine if packets are leaving and receiving correct. Easy to define filters. It does not capture data, but show incoming and outgoing connections. Very useful
Finally, if you have started freeRadius in debugging mode, there is a lot of information, how authentication using the radius protocol works Dont forget to use tcpdump on Linux to see if Radius Packets are received
22:32:11.379864 IP 192.168.10.83.1088 > 192.168.10.231.radius: RADIUS, Access Request (1), id: 0x91 length: 59 22:32:11.394389 IP 192.168.10.231.radius > 192.168.10.83.1088: RADIUS, Access Accept (2), id: 0x91 length: 40