Difference between revisions of "Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up a RADIUS Server"
Davidmbrooke (Talk | contribs) (Created initial placeholder) |
Davidmbrooke (Talk | contribs) (Expanded initial skeleton) |
||
Line 17: | Line 17: | ||
A RADIUS server provides an Authentication, Authorization and Accounting (AAA) service. Typical use cases include: | A RADIUS server provides an Authentication, Authorization and Accounting (AAA) service. Typical use cases include: | ||
− | * Authenticating Wireless Network clients which use the "WPA-Enterprise" (as opposed to "WPA-PSK") authentication model | + | * Authenticating Wireless Network clients which use the "WPA-Enterprise" (as opposed to "WPA-PSK") authentication model where a Wireless Network Access Point is often configured to talk the RADIUS protocol to a server which knows how to authenticate users/clients. |
+ | |||
+ | Read the following in conjunction with the standard FreeRADIUS documentation located [http://freeradius.org/doc/ here]. | ||
==Packages== | ==Packages== | ||
+ | The main Package required is <code class="filename">radius.lrp</code>. | ||
+ | For normal operation the following Packages are also required. | ||
+ | * <code class="filename">lpthread.lrp</code> | ||
+ | * <code class="filename">libcrpto.lrp</code> | ||
+ | * <code class="filename">libssl.lrp</code> | ||
+ | |||
+ | When connecting to different types of back-end server further Packages are required: | ||
+ | ; LDAP : <code class="filename">libldap.lrp</code> | ||
+ | |||
+ | In addition, for installation and configuration of some aspects of FreeRADIUS the following additional Package is typically required. This may be removed once installation and configuration is complete: | ||
+ | * <code class="filename">openssl.lrp</code> | ||
+ | |||
+ | ==Installation== | ||
+ | Some manual installation steps are required before running FreeRADIUS for the first time. | ||
+ | |||
+ | ===Generate Digital Certificate Files=== | ||
+ | The "bootstrap" script needs to be run to generate files required to support Digital Certificate processing. This is the (only) step that needs the <code class="filename">openssl.lrp</code> Package to be installed: | ||
+ | cd /etc/raddb/certs/ | ||
+ | sh bootstrap | ||
+ | This will create quite a number of "example" Digital Certificate files in directory <code class="filename">/etc/raddb/certs/</code>. | ||
+ | FreeRADIUS will try to do this automatically the first time it runs but on [[Bering-uClibc 4.x]] this will fail, so the script must be run manually - or the relevant files installed by hand. | ||
+ | |||
+ | ===Run RADIUS Daemon in Debug Mode=== | ||
+ | To check the configuration settings it is highly recommended to run '''radiusd''' in debug mode, from the command line: | ||
+ | cd /root/ | ||
+ | radiusd -X | ||
+ | |||
+ | ==Configuration== | ||
TODO | TODO | ||
+ | |||
+ | ==Further Reading== | ||
+ | * Standard FreeRADIUS [http://freeradius.org/doc/ Documentation] and [http://wiki.freeradius.org/Main_Page Wiki] | ||
+ | * [http://vuksan.com/linux/dot1x/802-1x-LDAP.html FreeRADIUS + 802.1x/WPA + OpenLDAP HOWTO] | ||
Revision as of 11:11, 10 April 2011
Advanced Topics - Setting Up a RADIUS Server | ||
---|---|---|
Prev | Bering-uClibc 4.x - User Guide | Next |
Warning: This page is written for the new FreeRADIUS version 2 variant of radius.lrp
, not the old Cistron RADIUS v1.6.8
radius.lrp
which is included in Bering-uClibc 4.0.
The new Package, based on FreeRADIUS version 2.1.10, is expected to be included in Bering-uClibc 4.1. Davidmbrooke 14:15, 9 April 2011 (UTC)
Contents
Introduction
This page provides some guidance on setting up a Remote Authentication Dial In User Service (RADIUS) server on Bering-uClibc 4.x using the FreeRADIUS software.
A RADIUS server provides an Authentication, Authorization and Accounting (AAA) service. Typical use cases include:
- Authenticating Wireless Network clients which use the "WPA-Enterprise" (as opposed to "WPA-PSK") authentication model where a Wireless Network Access Point is often configured to talk the RADIUS protocol to a server which knows how to authenticate users/clients.
Read the following in conjunction with the standard FreeRADIUS documentation located here.
Packages
The main Package required is radius.lrp
.
For normal operation the following Packages are also required.
-
lpthread.lrp
-
libcrpto.lrp
-
libssl.lrp
When connecting to different types of back-end server further Packages are required:
- LDAP
-
libldap.lrp
In addition, for installation and configuration of some aspects of FreeRADIUS the following additional Package is typically required. This may be removed once installation and configuration is complete:
-
openssl.lrp
Installation
Some manual installation steps are required before running FreeRADIUS for the first time.
Generate Digital Certificate Files
The "bootstrap" script needs to be run to generate files required to support Digital Certificate processing. This is the (only) step that needs the openssl.lrp
Package to be installed:
cd /etc/raddb/certs/ sh bootstrap
This will create quite a number of "example" Digital Certificate files in directory /etc/raddb/certs/
.
FreeRADIUS will try to do this automatically the first time it runs but on Bering-uClibc 4.x this will fail, so the script must be run manually - or the relevant files installed by hand.
Run RADIUS Daemon in Debug Mode
To check the configuration settings it is highly recommended to run radiusd in debug mode, from the command line:
cd /root/ radiusd -X
Configuration
TODO
Further Reading
- Standard FreeRADIUS Documentation and Wiki
- FreeRADIUS + 802.1x/WPA + OpenLDAP HOWTO
Prev | Up | Next |