FreeRADIUS is a high-performance and highly configurable multi-protocol policy server that supports RADIUS, DHCPv4, DHCPv6, TACACS+ and VMPS. It is provided under the terms of the GNU GPLv2. Using RADIUS allows authentication and authorization to be centralized on the network and minimizes the need to do so when new users are added or removed from the network.
Building steps
1. Environmental requirements
OS: CentOS7 machine
FreeRadius: FreeRADIUS Version 3.0.13
2. Installation configuration and environment construction
1. Install freeradius
yum install freeradius
2. Configure authentication users
2.1. Modify the /etc/raddb/mods-config/files/authorize file and add authentication user information
# 配置了一个 username 为 testing, password 为 password 的认证用户
testing Cleartext-Password := "password"
2.2. Start the freeradius server and test it locally
# 1. 使用命令 radiusd 启动 freeradius (或使用 radiusd -X 以调试模式启动 freeradius)
radiusd
# 在本机环境(安装了 freeradius 服务器的 CentOS7 机器上)执行以下命令进行测试
# 2. 使用 username 为 testing , password 为 password ,密钥为 testing123 的用户进行 radius 登录认证
radtest testing password 127.0.0.1 0 testing123
3. Add client
3.1. Configure client information and allow clients to access.
Modify the /etc/raddb/clients.conf configuration file and add
# 配置客户端,允许该客户端进行访问
# ipaddr = 0.0.0.0 表示允许所有的地址进行访问
client new {
ipaddr = 0.0.0.0
secret = testing123
}
To restart radius, you can use netstat -anp | grep 1812; kill -9 pid to stop radius, and rerun radiusd to start radius.
3.2. 1812/udp and 1813/udp ports need to be opened
firewall-cmd --add-port=1812/udp
firewall-cmd --add-port=1812/udp --permanent
firewall-cmd --add-port=1813/udp
firewall-cmd --add-port=1813/udp --permanent
4. Use Java client for testing
4.1. Required dependencies
// https://mvnrepository.com/artifact/net.jradius/jradius-core
implementation 'net.jradius:jradius-core:1.1.5'
// https://mvnrepository.com/artifact/net.jradius/jradius-dictionary
implementation 'net.jradius:jradius-dictionary:1.1.5'
// https://mvnrepository.com/artifact/net.jradius/jradius-extended
implementation 'net.jradius:jradius-extended:1.1.5'
4.2. Java client test code
public static void main(String[] args) {
String serverIp = "192.168.0.1";
String username = "testing";
String password = "password";
String secret = "testing123";
try {
AttributeFactory.loadAttributeDictionary("net.jradius.dictionary.AttributeDictionaryImpl");
InetAddress host = InetAddress.getByName(serverIp);
RadiusClient rc = new RadiusClient(host, secret, 1812, 1813, 20);
AttributeList attrs = new AttributeList();
attrs.add(new Attr_UserName(username));
attrs.add(new Attr_NASPortType(Attr_NASPortType.Wireless80211));
attrs.add(new Attr_NASPort(1));
AccessRequest request = new AccessRequest(rc, attrs);
request.addAttribute(new Attr_UserPassword(password));
RadiusResponse reply = rc.authenticate(request, new EAPMD5Authenticator() {
}, 5);
logger.info("Received:\n" + reply.toString());
boolean isAuthenticated = (reply instanceof AccessAccept);
String replyMessage = (String) reply.getAttributeValue(Attr_ReplyMessage.TYPE);
if (replyMessage != null) {
logger.info("Reply Message: " + replyMessage);
}
System.out.println(isAuthenticated);
} catch (Exception e) {
logger.error("Failed", e);
}
}
Reference document:
https://blog.csdn.net/weixin_37655163/article/details/104518642
Source code: FreeRADIUS/freeradius-server: FreeRADIUS - a multi-protocol policy server. (github.com)
Official documentation: Documentation (freeradius.org)
Installation and configuration test documentation: Getting Started (freeradius.org)