Installation and testing freeradius

freeradius official website

freeradius的github

Installation method

Non-source installation

For example ubuntu:

For Bionic Beaver (18.04), add to your apt source list (/etc/apt/sources.list):

deb http://packages.networkradius.com/releases/ubuntu-bionic bionic main

sudo apt-key adv --keyserver keys.gnupg.net --recv-key 0x41382202
sudo apt-get update
sudo apt-get install freeradius

Start the service:/etc/init.d/freeradius start

Debugging start:freeradius -X

Source installation:

git clone https://github.com/FreeRADIUS/freeradius-server.git

Enter the directory

Switch to version 3.0

git checkout -b git checkout -b release_3_0_20

git pull

carried out

./configure

We found less two dependencies, one installation.

sudo apt-get install libtalloc-dev

sudo apt-get install libkqueue-dev

make

sudo make install

Ubtuntu different use of apt-get install freeradius way to the location and source code will be the default installation location of the source is

/usr/local/etc/raddb/

The use of ubuntu apt-get mode configuration file is placed in the

/etc/freeradius/

Simple test to the official way:

Then modify / etc / users file freeradius / under to remove this comment

steve   Cleartext-Password := "testing"
    Service-Type = Framed-User,
    Framed-Protocol = PPP,
    Framed-IP-Address = 172.16.3.33,
    Framed-IP-Netmask = 255.255.255.0,
    Framed-Routing = Broadcast-Listen,
    Framed-Filter-Id = "std.ppp",
    Framed-MTU = 1500,
    Framed-Compression = Van-Jacobsen-TCP-IP

carried outfreeradius -X

In another terminal:radtest testing localhost 1812 testing123

Other test configuration scheme:

## vi users 用户配置
#两个字符串分别是验证时输入的身份和密码
"hzlarm" Cleartext-Password := "hzlarm123"

 
## clients.conf 配置客户端的密码以下是默认的,本机测试，配置这个点即可：client localhost 
 secret      = testing123
##如果是联网测试，往下找类似字段进行修改，指定的外网ip以及设定一个密码。
##这个密码是配置fitap时的密码，同样要输入的是radius服务器的ip与端口。这ip不清楚地话可以随意设置，
##等开启freeradius -X以及配置好fitap指向radius，服务器端会报错忽略某某ip，然后填入这个ip即可。
client private-network-1 {
       ipaddr          = xxx.87.xx.12/24
       secret          = testing123

 
## /etc/raddb/eap.conf
## eap-tls配置，在tls模块配置客户端证书
## 将父证书到顶级证书的内容都加入到pem中，要不然freeradius无法识别，
ca_file = ${cadir}/alilang/alilang_ca_merge.pem
 
## etc/raddb/sites-enabled/default
## 配置验证和授权的方式，计费可不考虑，这次不测是到这个点；确认开启了以下几个方式
pap
eap
chap
mschap
 

pap：

radtest hzlarm hzlarm123 127.0.0.1 1812 testing123

eap-md5：

#   radeapclient -x 127.0.0.1 auth testing123 < eap-md5.txt
#	以下内容写在eap-md5.txtf文件

User-Name = "hzlarm "
Cleartext-Password = "hzlarm123"
EAP-Code = Response
EAP-Id = 210
EAP-Type-Identity = "ufiletest"
Message-Authenticator = 0x00

peap-mschapv2：

#   eapol_test -c peap-mschapv2.conf -s testing123
#	以下内容写在peap-mschapv2.conf文件

network={
        ssid="example"
        key_mgmt=WPA-EAP
        eap=PEAP
        identity="hzlarm"
        anonymous_identity="anonymous"
        password="hzlarm123"
        phase2="autheap=MSCHAPV2"

#  Uncomment the following to perform server certificate validation.
#  ca_cert="/etc/freeradius/certs/ca.der"
}

Installation testing tools eapol_test

cd /usr/local/src/
wget https://w1.fi/releases/wpa_supplicant-2.9.tar.gz
tar –xzvf wpa_supplicant-2.9.tar.gz
cd wpa_supplicant-2.9/wpa_supplicant/
cp defconfig .config
make eapol_test
#报错执行
#sudo apt-get install libdbus-1-dev
#sudo apt-get install libnl-3-dev libnl-genl-3-200 libnl-genl-3-dev libnl-idiag-3-dev
cp eapol_test /usr/local/bin/

eap-tls:

# 	sudo eapol_test -c eap-tls.conf -a 127.0.0.1 -p 1812 -s testing123 -r 1
# 	以下内容写在eap-tls.conf文件

network={
    eap=TLS
    eapol_flags=0
    key_mgmt=IEEE8021X
    identity="hzlarm"
    password="hzlarm123"

    # client 
    ca_cert="/etc/freeradius/certs/ca.pem"
    client_cert="/etc/freeradius/certs/client.pem"
    private_key="/etc/freeradius/certs/client.key"
    private_key_passwd="whatever"

    # server
    #ca_cert="/etc/freeradius/certs/ca.pem"
    #client_cert="/etc/freeradius/certs/server.pem"
    #private_key="/etc/freeradius/certs/server.key"
    #private_key_passwd="whatever"
}

ttls-chap:

#   eapol_test -c ttls-chap.conf -s testing123
#	以下内容写在ttls-chap.conf文件
network={
        ssid="example"
        key_mgmt=WPA-EAP
        eap=TTLS
        identity="hzlarm"
        anonymous_identity="anonymous"
        password="hzlarm123"
        phase2="auth=CHAP"

#  Uncomment the following to perform server certificate validation.
#		ca_cert="/etc/freeradius/certs/ca.der"
}

ttls-eapmd5:

#
#   eapol_test -c ttls-eapmd5.conf -s testing123
#
network={
        ssid="example"
        key_mgmt=WPA-EAP
        eap=TTLS
        identity="hzlarm"
        anonymous_identity="anonymous"
        password="hzlarm123"
        phase2="autheap=MD5"

#  Uncomment the following to perform server certificate validation.
#		ca_cert="/etc/freeradius/certs/ca.der"
}

ttls-mschapv2:

#
#   eapol_test -c ttls-mschapv2.conf -s testing123
#
network={
    ssid="example"
    key_mgmt=WPA-EAP
    eap=TTLS
    identity="hzlarm"
    anonymous_identity="anonymous"
    password="hzlarm123"
    phase2="autheap=MSCHAPV2"

    #  Uncomment the following to perform server certificate validation.
    #ca_cert="/etc/freeradius/certs/ca.pem"
}

ttls-pap:

#
#   eapol_test -c ttls-pap.conf -s testing123
#
network={
        ssid="example"
        key_mgmt=WPA-EAP
        eap=TTLS
        identity="hzlarm"
        anonymous_identity="anonymous"
        password="hzlarm123"
        phase2="auth=PAP"
 
#  Uncomment the following to perform server certificate validation.
#		ca_cert="/etc/freeradius/certs/ca.der"
}