Radius GUI Authentication with free Radius

Hi, everyone, we tryed in our company implement FreeRadius on CentOS7 to manage a lot off ePMP Cambium antennas. Only for GUI User Authentication.

Steps we did:
Install FreeRadius:
yum install freeradius freeradius-utils freeradius-mysql freeradius-perl -y /install
systemctl start radiusd /start service
systemctl enable radiusd /enable service after restart
Add firewall rules:
Firewall-cmd –zone-public –add-service-radius –permanent
Firewall-cmd –reload
Edit users and clients.conf:
Vim clients.conf
Add
Client ePMP {
Ipaddr = 192.168.0.0
Secret = radius
Netmask = 16 (https://i.postimg.cc/4mqYQ38P/deb1.png)
Proto = *
nas_type = other
}
Vim users
admin Cleartext-Password := “admin”

That all.
With mikrotik router it works
With ePMP 1000 Force 180/200 antenna dont (testing on fw 4.4.2, 4.5, 4.6.2)
On antenna we add Radius Server on port 1812 secret radius, GUI User Authentication – Remote Radius Server and FallBack to Local

Say Login or Password incorect.

When we try debugging we get Access – Accept
Add some screenshots:
[https://i.postimg.cc/4mqYQ38P/deb1.png]
[https://i.postimg.cc/WhhDZZ7t/deb2.png]
[https://i.postimg.cc/9zXwWKRd/epmp-log.png]
[https://i.postimg.cc/G9M89KGZ/radiusd-status.png]

you need to be using the correct dictionary for your firmware and send the correct AV pairs back with the += symbol.
I highly suggest setting up eap-ttls as this makes authentication of the radios nicer to work with and only needs a certificate pair to be created and the public cert added to the radios.

Also there is a known issue with Freeradius3 on CentOS and does not look like its a high priority to be fixed since it does work. We switched to Debian (you can also use Ubuntu) and have not had any problems.

To make your life easier, I also suggest looking into an sql backend (Daloradius is a good place to start). This will make sure you can add or delete users, devices and even start authentication of customer access without huge flat files that require freeradius to be restarted after every change.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.