Home > Uncategorized > Free Radius Configuration with EAP-MD5 Authentication and MySQL for Accounting and Authorization : in Ubuntu

Free Radius Configuration with EAP-MD5 Authentication and MySQL for Accounting and Authorization : in Ubuntu

Freeradius is most widely used radius server in the world. Freeradius server is fast, rich-feature, modular and scalable. It supplies the AAA ( Authentication, Authorization and Accounting) needs. I have configured freeradius with MYSQL for the part of my project work. Here, I am sharing the information, how you can configure easily freeradius with EAP-MD5 support and I have used HP2524 switch as my authenticator.

Installation:

To install freeradius and freeradius with mysql, use the following command:

 # apt-get install freeradius
 # apt-get install freeradius-mysql

Configuration:

In oder to configure freeradius for EAP-MD5 , in the /etc/freeradius/radiusd.conf file the authorized section must have eap :

authorize {
   preprocess
   files
   eap
}

In the authenticate section must have eap uncommented:

authenticate {
 eap
}

Finally, the EAP module under /etc/eap.conf has to be configured this way to support eap-md5:


eap {
   md5 {
   }
}

In order to use SQL for accounting purpose /etc/freeradius/radiusd.conf must have

$INCLUDE  ${confdir}/sql.conf

and sql.conf file must have the database name, server info and login credentials:
sql {
	# Database type
	# Current supported are: rlm_sql_mysql, rlm_sql_postgresql,
	# rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc, rlm_sql_freetds
	driver = "rlm_sql_mysql"

	# Connect info
	server = "localhost"
	login = "root"
	password = ""

	# Database table configuration
	radius_db = "radius"

In the authorize section, uncomment the sql :

authorise {
       preprocess
       chap
       mschap
       suffix
       eap

       files
       sql
       pap
}

Add the line 'sql' to the accounting{} section to tell FreeRADIUS to store accounting records in SQL :

accounting {
       detail
       sql
}

add ‘sql’ to the post-auth{} section if you want to log all Authentication attempts to SQL.

post-auth {
 #  Get an address from the IP Pool.
#	main_pool
#	sqlippool

 #
 #  If you want to have a log of authentication replies,
 #  un-comment the following line, and the 'detail reply_log'
 #  section, above.
#	reply_log

 #
 #  After authenticating the user, do another SQL query.
 #
 #  See "Authentication Logging Queries" in sql.conf
 sql

}

In order to use switch as Authenticator in the port based authentication the clients.conf file must have the switch Information and shared secret:

#
# clients.conf - client configuration directives
#
#######################################################################

#######################################################################
#
#  Definition of a RADIUS client (usually a NAS).
client 192.168.30.5 {
	secret		        = radius123
	shortname		= hp
	nas-type		= other
}
Advertisements
  1. November 11, 2009 at 11:28 am

    Ah!!! at last I found what I was looking for. Somtimes it takes so much effort to find even tiny useful piece of information.
    Nice post. Thanks

  2. December 1, 2010 at 8:47 pm

    good topic

  3. June 26, 2013 at 6:43 pm

    This is the perfect blog for anybody who would like to
    find out about this topic. You understand a whole lot its almost tough to argue with you (not that I really would
    want to…HaHa). You certainly put a fresh spin on a topic that’s been discussed for years. Wonderful stuff, just great!

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: