Systematic procedure for basic FreeRADIUS installation in LINUX:
FreeRADIUS Version: 2.X
- Install the server through the command “sudo apt-get install freeradius”
- Navigate to the path “/etc/freeradius/” through the command “cd /etc/freeradius/
- To define a client or AP IP, edit /etc/freeradius/clients.conf and add its entity as below
Here AP’s IP address is 10.110.65.159 and its shared secret is “SECRET”
- For authenticating a SM ,edit "/etc/freeradius/users" file and add the username and password as below.
Here “SM_AUTHENTICATION” is the username and “password” is the shared secret.
- Edit “/etc/freeradius/users” file for user authentication through radius as below
Here “USERAUTHENTICATION” is the username and “password” is the shared Secret.
“Cambium-Canopy-UserLevel” and “Cambium-Canopy-Usermode” called Vendor specific attributes (VSA).
- To add these VSA’s download the Cambium Dictionary files at https://support.cambiumnetworks.com/files/pmp450/ and copy the downloaded files at /usr/share/freeradius/.
- Add the name of the copied file(dictionary.canopy) by editing the file “/usr/share/freeradius/dictionary”
Here “dictionary.canopy” is the dictionary file added.
- Add Cambium certificates by downloading them at https://support.cambiumnetworks.com/files/pmp450/ . Unzip and copy the files at “/etc/freeradius/certs/".
The certs folder should contain files same as below
- Finally editing “eap.conf” file as below helps freeradius to look for certificates, dictionary files and other.
- To copy the inner tunnel request to outer tunnel make the changes in eap.conf as below:
ADDITONAL LINKS:
- Guide for getting started https://wiki.freeradius.org/guide/Getting-Started
- Guide to troubleshoot freeraidus https://wiki.freeradius.org/guide/Troubleshooting
Commands:
- To run the freeradius in debugging mode: freeradius –XX
- To stop the running freeradius:service freeradius stop
- To start the freeradius:service freeradius start
- Always restart the freeradius after making any changes.To restart the freeradius:service freeradius restart
- Freeradius is intelligent enough to automatically determine outer tunnel type and inner tunnel type.