content:en_us:kb_howtos_setting_up_freeradius2_to_use_ldap

Setting up Freeradius2 to use LDAP

This guide covers encrypted connections between clients and the RADIUS server through a supplicant or wireless access device. This guide is also limited in the scope of FreeRADIUS configuring it to be an integrated solution to provide WPA2 Infrastructure mode for a wireless access point.

Deprecated

<note warning>The RADIUS Server app is now available via Marketplace. The following document is here for historical purposes only.</note>

Installing FreeRADIUS on ClearOS 5.2 SP2

For ClearOS 5.2, run your updates. For older versions, you must upgrade to 5.2 before you can use this module.

yum update

Install the FreeRadius service by running the following from command line:

yum --enablerepo=base-plus install app-freeradius
service syswatch restart

Configuring FreeRadius

In Webconfig, click on the RADIUS server link under <navigation>Network » Settings » RADIUS Server</navigation>

Starting RADIUS

To start the service, click Start. To make the service start automatically on each reboot, click To Auto

Group Control

You may assign a group to authenticate through your RADIUS server. Select a group and click Update.

Remote Devices

To allow a remote device to use the RADIUS server, give the client remote device(s) a nickname without spaces. Insert an IP address or CIDR. Select a password to be used by these client devices and click Add.

Supplication (Wireless Access Point)

Your wireless access point will have a section where you can set WPA2 Infrastructure Mode. (TDB later, it is late)

Clients

Windows XP/Vista/7

Mac OSX

Additional Settings

<note warning>I have yet to test if these next steps break the WPA2 infrastructure capability. It shouldn't but I'm not 100% sure yet.</note>

PAP

You can also have the LDAP authenticate through PAP locally by changing the following items.

/etc/raddb/sites-enabled/default

uncomment ldap in the authorization section. comment unix in the authorization section.

#unix
ldap

/etc/raddb/ldap-attrmap

Add checkItem for pcnMicrosoftPassword in the appropriate section…

checkItem       NT-Password                     pcnMicrosoftNTPassword
checkItem       Auth-Type                       radiusAuthType
checkItem       Simultaneous-Use                radiusSimultaneousUse

Test

Test this from command line using the radtest command:

radtest <username> <password> localhost 10 <RADIUSpassword>
content/en_us/kb_howtos_setting_up_freeradius2_to_use_ldap.txt · Last modified: 2015/03/01 17:35 (external edit)

Page Tools