Difference between revisions of "FreeRADIUS"
Jump to navigation
Jump to search
Michael.mast (talk | contribs) (Created page with "==Purpose== RADIUS server for WPA Enterprise authentication ==Install== ===Amazon Linux 2=== <ref>https://rharmonson.github.io/2factorcos7.html#freeradius</ref> *Set DNS serve...") |
Michael.mast (talk | contribs) |
||
| Line 3: | Line 3: | ||
==Install== | ==Install== | ||
===Amazon Linux 2=== | ===Amazon Linux 2=== | ||
| − | <ref>https://rharmonson.github.io/2factorcos7.html#freeradius</ref> | + | <ref>https://github.com/rharmonson/richtech/wiki/CentOS-7-Minimal-&-Two-factor-Authentication-using-FreeRADIUS-3,-SSSD-1.12,-&-Google-Authenticator#sssd%20DNS</ref><ref>https://rharmonson.github.io/2factorcos7.html#freeradius</ref> |
*Set DNS servers to DCs to be used | *Set DNS servers to DCs to be used | ||
*Set Chrony sources to use the DCs, comment out the Amazon pools. | *Set Chrony sources to use the DCs, comment out the Amazon pools. | ||
| Line 10: | Line 10: | ||
<pre> | <pre> | ||
sudo yum -y install freeradius freeradius-utils | sudo yum -y install freeradius freeradius-utils | ||
| + | </pre> | ||
| + | *Update /etc/raddb/radiusd.conf user and group from radiusd to root. Though I have done this with another radius server running google auth, I think there should be a better option. More research should be done. | ||
| + | *Uncomment pam module from /etc/raddb/sites-enabled/default | ||
| + | *Create symlink for pam module | ||
| + | <pre> | ||
| + | sudo ln -s /etc/raddb/mods-available/pam /etc/raddb/mods-enabled/pam | ||
| + | </pre> | ||
| + | *Update /etc/raddb/users by adding the default auth type to PAM. It is also common practice to uncomment the disabled group. | ||
| + | <pre> | ||
| + | DEFAULT Group == "disabled", Auth-Type := Reject | ||
| + | Reply-Message = "Your account has been disabled." | ||
| + | |||
| + | DEFAULT Auth-Type := PAM | ||
| + | </pre> | ||
| + | *Add your client, in this case I added a subnet where the access points reside. | ||
| + | <pre> | ||
| + | client wifi { | ||
| + | ipaddr = 192.168.1.0/24 | ||
| + | secret = somesecret | ||
| + | require_message_authenticator = no | ||
| + | nas_type = other | ||
| + | } | ||
| + | </pre> | ||
| + | ====sssd==== | ||
| + | <pre> | ||
| + | sudo yum -y install sssd realmd adcli | ||
</pre> | </pre> | ||
Revision as of 12:11, 2 July 2021
Contents
Purpose
RADIUS server for WPA Enterprise authentication
Install
Amazon Linux 2
- Set DNS servers to DCs to be used
- Set Chrony sources to use the DCs, comment out the Amazon pools.
- Set static IP, add to Windows DNS.
- Install FreeRadius packages.
sudo yum -y install freeradius freeradius-utils
- Update /etc/raddb/radiusd.conf user and group from radiusd to root. Though I have done this with another radius server running google auth, I think there should be a better option. More research should be done.
- Uncomment pam module from /etc/raddb/sites-enabled/default
- Create symlink for pam module
sudo ln -s /etc/raddb/mods-available/pam /etc/raddb/mods-enabled/pam
- Update /etc/raddb/users by adding the default auth type to PAM. It is also common practice to uncomment the disabled group.
DEFAULT Group == "disabled", Auth-Type := Reject
Reply-Message = "Your account has been disabled."
DEFAULT Auth-Type := PAM
- Add your client, in this case I added a subnet where the access points reside.
client wifi {
ipaddr = 192.168.1.0/24
secret = somesecret
require_message_authenticator = no
nas_type = other
}
sssd
sudo yum -y install sssd realmd adcli
