[root@radius-teguht ~]# cat /etc/selinux/config | grep SELINUX=
# SELINUX= can take one of these three values:
SELINUX=disabled
[root@radius-teguht ~]#
2. Disable firewall
[root@radius-teguht ~]# systemctl stop firewalld
[root@radius-teguht ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
[root@radius-teguht ~]#
3. Configure hosts
[root@radius-teguht ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.10.20.20 radius-teguht
[root@radius-teguht ~]#
4. Install Freeradius
[root@radius-teguht ~]# yum install freeradius freeradius-utils -y
5. Configure service radiusd
[root@radius-teguht ~]# systemctl restart radiusd
[root@radius-teguht ~]# systemctl status radiusd
[root@radius-teguht ~]# radiusd -X
6. Configure user
[root@radius-teguht ~]# cat /etc/raddb/users
.............
#########################################################
# You should add test accounts to the TOP of this file! #
# See the example user "bob" above. #
#########################################################
# On no match, the user is denied access.
test Cleartext-Password := "testing123"
Reply-Message = "Hello",
Service-Type = Administrative-User,
PaloAlto-Admin-Role = superuser
testing Cleartext-Password := "password"
[root@radius-teguht ~]#
7. Configure client
[root@radius-teguht ~]# cat /etc/raddb/clients.conf
.......
client 10.10.10.10{
secret = testing123
shortname = 10.10.10.10
nastype = paloalto
}
client 10.10.20.20 {
secret = testing123
shortname = 10.10.20.20
nastype = firewall
}
.......
8. Restart service radiusd
[root@radius-teguht ~]# systemctl restart radiusd
[root@radius-teguht ~]# systemctl status radiusd
[root@radius-teguht ~]# radiusd -X
9. Testing Radiusx
from localhost
# radtest testing password 127.0.0.1 0 testing123
from Client remote
# radtest testing password radius-teguhtriharto 1812 testing123
# radtest testing password 10.10.10.100 1812 testing123
sample log
.::: Radius test from localhost :::.
[root@radius-teguht ~]# radtest testing password 127.0.0.1 0 testing123
Sent Access-Request Id 156 from 0.0.0.0:36915 to 127.0.0.1:1812 length 77
User-Name = "testing"
User-Password = "password"
NAS-IP-Address = 10.10.10.100
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "password"
Received Access-Accept Id 156 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
[root@radius-teguht ~]#
.::: Radius test from Client :::.
[root@server ~]# radtest testing password radius-teguhtriharto 1812 testing123
Sent Access-Request Id 7 from 0.0.0.0:48027 to 10.10.10.100:1812 length 77
User-Name = "testing"
User-Password = "password"
NAS-IP-Address = 10.10.10.100
NAS-Port = 1812
Message-Authenticator = 0x00
Cleartext-Password = "password"
Received Access-Accept Id 7 from 10.10.10.100:1812 to 0.0.0.0:0 length 20
[root@server ~]#
[root@server ~]#
[root@server ~]# radtest testing password 10.10.10.100 1812 testing123
Sent Access-Request Id 82 from 0.0.0.0:56496 to 10.10.10.100:1812 length 77
User-Name = "testing"
User-Password = "password"
NAS-IP-Address = 10.10.10.100
NAS-Port = 1812
Message-Authenticator = 0x00
Cleartext-Password = "password"
Received Access-Accept Id 82 from 10.10.10.100:1812 to 0.0.0.0:0 length 20
[root@server ~]#
No comments:
Post a Comment