Thursday, August 8, 2019

.::: Install Freeradius 3 on Centos7/Redhat7, Redhat 8/ Centos 8 :::.

1. Disable SE Linux
[root@radius-teguht ~]# cat /etc/selinux/config | grep SELINUX=
# SELINUX= can take one of these three values:
SELINUX=disabled
[root@radius-teguht ~]#


2. Disable firewall
[root@radius-teguht ~]# systemctl stop firewalld
[root@radius-teguht ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)
[root@radius-teguht ~]#


3. Configure hosts
[root@radius-teguht ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.10.20.20 radius-teguht
[root@radius-teguht ~]#


4. Install Freeradius
[root@radius-teguht ~]# yum install freeradius freeradius-utils -y

5. Configure service radiusd
[root@radius-teguht ~]# systemctl restart radiusd
[root@radius-teguht ~]# systemctl status radiusd
[root@radius-teguht ~]# radiusd -X


6. Configure user
[root@radius-teguht ~]# cat /etc/raddb/users
.............
#########################################################
# You should add test accounts to the TOP of this file! #
# See the example user "bob" above.                     #
#########################################################
# On no match, the user is denied access.
test    Cleartext-Password := "testing123"
    Reply-Message = "Hello",
    Service-Type = Administrative-User,
    PaloAlto-Admin-Role = superuser

testing Cleartext-Password := "password"
[root@radius-teguht ~]#


7. Configure client
[root@radius-teguht ~]# cat /etc/raddb/clients.conf
.......

client 10.10.10.10{
    secret                = testing123
    shortname             = 10.10.10.10
    nastype               = paloalto
    }

client 10.10.20.20 {
        secret                = testing123
        shortname             = 10.10.20.20
        nastype               = firewall
    }
   
.......


8. Restart service radiusd
[root@radius-teguht ~]# systemctl restart radiusd
[root@radius-teguht ~]# systemctl status radiusd
[root@radius-teguht ~]# radiusd -X


9. Testing Radiusx
from localhost
# radtest testing password 127.0.0.1 0 testing123

from Client remote
# radtest testing password radius-teguhtriharto 1812 testing123
# radtest testing password 10.10.10.100 1812 testing123


sample log

.::: Radius test from localhost :::.

[root@radius-teguht ~]# radtest testing password 127.0.0.1 0 testing123
Sent Access-Request Id 156 from 0.0.0.0:36915 to 127.0.0.1:1812 length 77
    User-Name = "testing"
    User-Password = "password"
    NAS-IP-Address = 10.10.10.100
    NAS-Port = 0
    Message-Authenticator = 0x00
    Cleartext-Password = "password"
Received Access-Accept Id 156 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
[root@radius-teguht ~]#

.::: Radius test from Client :::.

[root@server ~]# radtest testing password radius-teguhtriharto 1812 testing123
Sent Access-Request Id 7 from 0.0.0.0:48027 to 10.10.10.100:1812 length 77
    User-Name = "testing"
    User-Password = "password"
    NAS-IP-Address = 10.10.10.100
    NAS-Port = 1812
    Message-Authenticator = 0x00
    Cleartext-Password = "password"
Received Access-Accept Id 7 from 10.10.10.100:1812 to 0.0.0.0:0 length 20
[root@server ~]#
[root@server ~]#
[root@server ~]# radtest testing password 10.10.10.100 1812 testing123
Sent Access-Request Id 82 from 0.0.0.0:56496 to 10.10.10.100:1812 length 77
    User-Name = "testing"
    User-Password = "password"
    NAS-IP-Address = 10.10.10.100
    NAS-Port = 1812
    Message-Authenticator = 0x00
    Cleartext-Password = "password"
Received Access-Accept Id 82 from 10.10.10.100:1812 to 0.0.0.0:0 length 20
[root@server ~]#

No comments:

Post a Comment

Popular Posts