|
Following will describe how to setup a Radius Server on Debian Sarge 3.1 Preparation You should already have Apache 2 (with PHP) and MySQL up and running on your Debian server.
FreeRADIUS Fetch FreeRADIUS and some tools: root@ford:~ # apt-get install freeradius freeradius-mysql freeradius-dialupadmin Let's start with something easy: usernames and passwords in plain file. Edit the /etc/freeradius/radiusd.conf file and find/change following settings, add sql also (for later): bind_address = *
proxy_requests = no
#$INCLUDE ${confdir}/proxy.conf
authorize {
preprocess
# auth_log
# attr_filter
chap
mschap
# digest
# IPASS
suffix
# ntdomain
eap
files
sql
# etc_smbpasswd
# ldap
# daily
# checkval
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
# digest
# pam
# unix
# Auth-Type LDAP {
# ldap
# }
eap
}
preacct {
preprocess
acct_unique
# IPASS
suffix
# ntdomain
files
}
accounting {
detail
# daily
unix
sql
radutmp
# sradutmp
# main_pool
# pgsql-voip
}
session {
radutmp
sql
}
Create a testuser by adding following to /etc/freeradius/users: test1 User-Password == "password1"
DEFAULT Auth-Type := sql
Fall-Through := 1
comment out following lines (we don't want to authenticate against /etc/passwd file): #DEFAULT Auth-Type = System
# Fall-Through = 1
change/set the shared radius secret for localhost in /etc/freeradius/clients.conf: client 127.0.0.1 {
secret = radiussecret
nastype = other # localhost isn't usually a NAS...
}
Restart FreeRADIUS and test the account: root@ford:~ # /etc/init.d/freeradius restart
root@ford:~ # radtest test1 password1 127.0.0.1 0 radiussecret
Sending Access-Request of id 44 to 127.0.0.1:1812
User-Name = "test1"
User-Password = "password1"
NAS-IP-Address = ford
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=44, length=20
 You could add more users now or just leave things as they are. FreeRADIUS and MySQL Storing userinfo in a file can be become quite boring after a while, much more fun having all that (and lot's more) in a MySQL database 
Create a database for Radius (enter your sql rootpassword when asked):
root@ford:~ # mysql -u root mysql -p
mysql> CREATE DATABASE radius;
mysql> quit
And fill it with data from freeradius (enter your sql rootpassword when asked):
root@ford:~ # zcat /usr/share/doc/freeradius/examples/db_mysql.sql.gz | mysql -u root radius -p
Grant access to user radius@localhost (enter your sql rootpassword when asked):
root@ford:~ # mysql -u root -p
mysql> GRANT ALL PRIVILEGES ON radius.* TO 'radius'@'localhost' IDENTIFIED BY 'radiuspassword';
mysql> FLUSH PRIVILEGES;
mysql> quit;
You can easily verify through phpMyAdmin that tables nas, radacct etc. have been added to the radius database.
Now set the MySQL loginname (radius) and password (radiuspassword) into the FreeRADIUS SQL configuration file /etc/freeradius/sql.conf. Find following lines and change accordingly:
# Connect info
server = "localhost"
login = "radius"
password = "radiuspassword"
Add a SQL testuser (enter the radiuspassword when asked):
root@ford:~ # mysql -u radius radius -p
mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('testsql', 'Password', 'passwordsql');
mysql> quit
Restart FreeRADIUS and test the account:
root@ford:~ # /etc/init.d/freeradius restart
root@ford:~ # radtest testsql passwordsql 127.0.0.1 0 radiussecret
Sending Access-Request of id 48 to 127.0.0.1:1812
User-Name = "testsql"
User-Password = "passwordsql"
NAS-IP-Address = ford
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=48, length=20
FreeRADIUS and CopSpot You must add a client or change the existing entry in /etc/freeradius/clients.conf: client 192.168.1.1 {
secret = radiussecret
short-name = ipcop
}
Change the IP address to match IPCop GREEN IP. Add CopSpot users either in /etc/freeradius/users or in the MySQL database. Remember to restart FreeRADIUS if you change any of the config files.
I'll probably describe some more nice things that can be done in the future (when time permits). courtesy http://www.ban-solms.de/t/debian-radius.html
|
Articles 
