Network design, development and automation for enterprise, service provider and
data center fabrics.

basondole.io

Installation of Radius server on debian.

Remote Authentication Dial-In User Service (RADIUS) is a networking protocol, operating on port 1812, that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service.

Install the package
sudo apt-get install freeradius

Configuration

Depending on the linux distro the configuration file can be locate in
/etc/freeradius/3.0/radiusd.conf or /etc/freeradius/radiusd.conf
Edit the configuration file to specify where the clients will be defined. Note clients are devices that will use this radius server clients are NOT users. By default the clients file is clients.conf and it is stored in the same directory as the radius.conf

sudo nano /etc/freeradius/3.0/radiusd.conf

Scroll to the clients configuration section to identify the clients config file
# CLIENTS CONFIGURATION
$INCLUDE clients.conf

Edit the clients file to define clients

sudo nano /etc/freeradius/3.0/clients.conf

Add cisco router by specifying its address

 client R63 {
        ipaddr          = 192.168.56.63
        secret          = fisi123
        nastype         = cisco
 }

You can also add several devices using network range

client lab {
             ipaddr   = 10.10.1.0
             netmask  = 24
             secret   = workbook
}

Edit the users file to add users

sudo nano /etc/freeradius/3.0/users

Define user and specific parameters, add the user just below the default user bob or lameuser. For junos the Juniper-Local-user-Name is the user defined on the junos device to be associated with 

 cisco      Cleartext-Password := "cisco123"
                   Service-Type = Nas-Prompt-User,
                   Cisco-AVPair = "shell:priv-lvl=15"

 paul       Cleartext-Password := "junos123"
                   Service-Type = Login-User,
        Juniper-Local-User-Name = "junos_su"

Restart the service

sudo service freeradius restart

Test the configuration

root@eve-ng:~# radtest junos_su junos123 127.0.0.1 0 testing123 

Sending Access-Request of id 155 to 127.0.0.1 port 1812
        User-Name = " junos_su"
        User-Password = "junos123"
        NAS-IP-Address = 127.0.1.1
        NAS-Port = 0
        Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=155, length=37
        Service-Type = Login-User
        Juniper-Local-User-Name = "junos_su"

When configuring clients remember to specify the port 1812 as radius uses port 1812 by default.

Paul S.I. Basondole

IT & Network Expert / Lead
Network & Automation designer;
2x JNCIP (RS/SP) 1x CCNP (RS)
BSc Telecommunications Eng.
© 2019 basondole.io

Sliding Sidebar