Skip to content

Instantly share code, notes, and snippets.

@mcortes19

mcortes19/RADIUS.md

Last active March 27, 2025 13:24
Show Gist options
  • Save mcortes19/0341ef0ec753a9c894fd8a41a07ead71 to your computer and use it in GitHub Desktop.
Save mcortes19/0341ef0ec753a9c894fd8a41a07ead71 to your computer and use it in GitHub Desktop.
Download ZIP
Set up RADIUS server with local, mysql and LDAP configuration
Raw
RADIUS.md

RADIUS SERVER

ROUTER/AP SETTINGS

  • SSID = redes
  • IP = 192.168.1.1/24
  • SECURITY MODE = WPA2 Enterprise
  • RADIUS SERVER = 192.168.1.254
  • RADIUS PORT = 1812
  • SHARED SECRET = 12345678

RADUIS SERVER/DEBIAN 8

  • Install freeradius package

      $ apt-get install freeradius

  • Add end of file /etc/network/interface

      allow-hotplug eth0
  iface eth0 inet static
      address 192.168.1.254
      netmask 255.255.255.0
      gateway 192.168.1.1

LOCAL USERS

  • Make a files copy.

      $ cp /etc/freeradius/clients.conf /etc/freeradius/clients.conf.bak
  $ cp /etc/freeradius/users /etc/freeradius/users.bak

  • Add end of flie /etc/freeradius/clients.conf

      client 192.168.1.1 {
      secret = 12345678
      shortname = redes
  }

  • Add end of file /etc/freeradius/users

      mcortes  Cleartext-Password := "123"
  apadilla  Cleartext-Password := "123"
  rcordero Cleartext-Password := "123"
  vmora Cleartext-Password := "123"

Check the double password quotes

MYSQL USERS

  • Install mysql server package.

      $ apt-get install mysql-server

  • Install freeradius packages.

      $ apt-get install freeradius freeradius-mysql

Root mysql password = root

  • Create radius database.

      $ mysql -uroot -proot
  mysql> create database radius;
  mysql> exit

  • Import schema.sql script to database recently created.

      $ mysql -uroot -proot radius < /etc/freeradius/sql/mysql/schema.sql

  • Create db users.

      $ mysql -uroot -proot
  mysql> use radius;
  mysql> INSERT INTO radcheck (username, attribute, value) VALUES ('user01', 'password', 'password01');
  mysql> INSERT INTO radcheck (username, attribute, value) VALUES ('user02’, 'password', 'password02’);
  mysql> exit;

  • Import nas.sql script to database recently created.

      $ mysql -uroot -proot radius < /etc/freeradius/sql/mysql/nas.sql

  • Create db clients (AP/ROUTER)

      $ mysql -uroot -proot
  mysql> use radius;
  mysql> INSERT INTO nas (nasname, shortname, type, ports, secret) VALUES ('192.168.1.1', 'redes', 'cisco', 1812,'12345678');
  mysql> exit;

  • Stop freeradius service

      $ /etc/init.d/freeradius stop

  • Make a files copy.

      $ cp /etc/freeradius/sql.conf /etc/freeradius/sql.conf.bak
  $ cp /etc/freeradius/sites-available/default /etc/freeradius/sites-available/default.bak
  $ cp /etc/freeradius/sites-available/inner-tunnel /etc/freeradius/sites-available/inner-tunnel.bak
  $ cp radiusd.conf radiusd.conf.bak

  • Edit file /etc/freeradius/sql.conf

      # Connection info:
  server = "localhost"
  #port = 3306
  login = "root"
  password = "root"
  
  readclients = yes

  • Uncomment all sql apparition in file /etc/freeradius/sites-available/default

  • Uncomment all sql apparition in file /etc/freeradius/sites-available/inner-tunnel

  • Comment $INCLUDE clients.conf line in file /etc/freeradius/radiusd.conf

  • Uncomment $INCLUDE sql.conf line in file /etc/freeradius/radiusd.conf

  • Restart freeradius service

      $ /etc/init.d/freeradius start

  • Reboot Virtual Machine.

      $ reboot

  • Reference 1

  • Reference 2

  • Reference 3

  • Reference 4

LDAP USERS

  • Install OpenLDAP server package.

      $ apt-get install slapd ldap-utils ldapscripts

  • Install freeradius packages.

      $ apt-get install freeradius freeradius-ldap

  • Reconfigure slapd package

      dpkg-reconfigure -plow

    • Omit OpenLDAP server configuration?

        No

    • DNS domain name?

        redes.com

    • Organization name?

        TEC

    • Administrator password?

        root

    • Database backend?

        HDB

    • Remove the database when slapd is purged?

        No

    • Move old database?

        Yes

    • Allow LDAPv2 protocol?

        No

  • Install phpLDAPadmin to Manage LDAP with a Web Interface

      $ apt-get install phpldapadmin

  • Configure phpLDAPadmin

      nano /etc/phpldapadmin/config.php

  • Edit and set the next values

      $servers->setValue('server','host','127.0.0.1');
  $servers->setValue('server','base',array('dc=redes,dc=com'));  
  $servers->setValue('login','bind_id','cn=admin,dc=redes,dc=com');   
  $config->custom->appearance['hide_template_warning'] = true;

  • Login phpldapadmin interface with password: root

  • Create LDAP entities

    • Create a child entry under dc=redes, dc=com called Generic: Posix group, its name should be users. This will create a new group entity called cn=users
    • Create a child entry under cn=users called Generic: User Account, its password encrypt method must be clear. Fill the other fields with whatever you want.

  • Edit file /etc/freeradius/modules/ldap

      server = "localhost"
  identity = "cn=admin,dc=redes,dc=com"
  password = root
  basedn = "dc=redes,dc=com"

  • Edit file /etc/freeradius/sites-available/default

      # Uncomment ldap lines        
  autorize {
      ldap
  }

  • Edit file /etc/freeradius/sites-available/inner-tunnel

      # Uncomment ldap lines        
  autorize {
      ldap
  }
  
  authenticate {
      Auth-Type LDAP {
          ldap
      }
  }

  • Reboot Virtual Machine.

      $ reboot

  • Reference 1

  • Reference 2

  • Reference 3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment