All Linux HowTo's Security HowTo's

Basic FreeRadius Setup

This article demonstrates how to install and configured FreeRadius for basic authentication. By “basic authentication”, I mean we’re going to configure local users in clear text. This is the simplest way to configure FreeRadius. We’re installing this on CentOS 8.

Install the software:

yum install freeradius freeradius-utils

Add the client configuration. This allows this client only to use the radius server for authentication. We can add multiples but we’re sticking with one for now.

Edit the file “/etc/raddb/clients.conf”:

client localhost {
 ipaddr = 127.0.0.1
 secret = password123
}

Add a user by editing the “/etc/raddb/users” file:

"testuser" Cleartext-Password := "password321"

Enable and start the service:

systemctl enable radiusd
systemctl restart radiusd

Test the configuration form the localhost:

radtest testuser password321 127.0.0.1 100 password123

Enable the firewall (assuming you’re using firewalld):

firewall-cmd --add-port=1812/udp -permanent 
firewall-cmd --add-port=1813/udp -permanent 

Alter your “client.conf” file to allow remote systems to authenticate:

client localnet {
       ipv4addr = *
       secret   = password123
}

And restart the service:

systemctl restart radiusd

Issue the following command form a remote system. Make sure you install the “freeradius-utils” package on the remote system first:

# Where 10.1.2.3 is the Radius server.
radtest testuser password321 10.1.2.3 100 password123

Similar Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.