Archive

Posts Tagged ‘Freeradius’

Configuring windows xp client for 802.1x authentication support for EAP-MD5

November 4, 2009 1 comment
In order to use windows X client of windows XP to test the 802.1x port based authentication:   go to network connection and right click on local area connection and select properties.
selection_802
Select the Authentication tab:
auth-tab
And then enable “802.1X authentication for the network” and select the eap method that you want to use. In my case, I have used  “MD5 challenge” but you can select according to your requirements. And then select “authenticate as computer when computer information is available”. And then select OK to apply the rules.
conf-aut-802
Advertisements

Free Radius Configuration with EAP-MD5 Authentication and MySQL for Accounting and Authorization : in Ubuntu

October 18, 2009 3 comments

Freeradius is most widely used radius server in the world. Freeradius server is fast, rich-feature, modular and scalable. It supplies the AAA ( Authentication, Authorization and Accounting) needs. I have configured freeradius with MYSQL for the part of my project work. Here, I am sharing the information, how you can configure easily freeradius with EAP-MD5 support and I have used HP2524 switch as my authenticator.

Installation:

To install freeradius and freeradius with mysql, use the following command:

 # apt-get install freeradius
 # apt-get install freeradius-mysql

Configuration:

In oder to configure freeradius for EAP-MD5 , in the /etc/freeradius/radiusd.conf file the authorized section must have eap :

authorize {
   preprocess
   files
   eap
}

In the authenticate section must have eap uncommented:

authenticate {
 eap
}

Finally, the EAP module under /etc/eap.conf has to be configured this way to support eap-md5:


eap {
   md5 {
   }
}

In order to use SQL for accounting purpose /etc/freeradius/radiusd.conf must have

$INCLUDE  ${confdir}/sql.conf

and sql.conf file must have the database name, server info and login credentials:
sql {
	# Database type
	# Current supported are: rlm_sql_mysql, rlm_sql_postgresql,
	# rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc, rlm_sql_freetds
	driver = "rlm_sql_mysql"

	# Connect info
	server = "localhost"
	login = "root"
	password = ""

	# Database table configuration
	radius_db = "radius"

In the authorize section, uncomment the sql :

authorise {
       preprocess
       chap
       mschap
       suffix
       eap

       files
       sql
       pap
}

Add the line 'sql' to the accounting{} section to tell FreeRADIUS to store accounting records in SQL :

accounting {
       detail
       sql
}

add ‘sql’ to the post-auth{} section if you want to log all Authentication attempts to SQL.

post-auth {
 #  Get an address from the IP Pool.
#	main_pool
#	sqlippool

 #
 #  If you want to have a log of authentication replies,
 #  un-comment the following line, and the 'detail reply_log'
 #  section, above.
#	reply_log

 #
 #  After authenticating the user, do another SQL query.
 #
 #  See "Authentication Logging Queries" in sql.conf
 sql

}

In order to use switch as Authenticator in the port based authentication the clients.conf file must have the switch Information and shared secret:

#
# clients.conf - client configuration directives
#
#######################################################################

#######################################################################
#
#  Definition of a RADIUS client (usually a NAS).
client 192.168.30.5 {
	secret		        = radius123
	shortname		= hp
	nas-type		= other
}