Jump to content

How to install FreeRadius Server on Ubuntu Server 12.04


wildweaselmi
 Share

Recommended Posts

Here are the commands I used to get the Free Radius Server installed on my Ubuntu Server 12.04 for the purpose of authenticating on my Cisco Hardware using RADIUS credentials.



Install the necessary applications



sudo apt-get install mysql-client mysql-server

sudo apt-get install freeradius freeradius-utils freeradius-mysql

sudo apt-get install php5 php-pear php5-gd php-DB






Test Radius

radtest [user] localhost testing123

radtest user1 supersecret localhost 1812 testing123[/code]


[i](of course it will fail because you haven't added any users yet)[/i]



[b]Add Radius User[/b]

sudo nano /etc/freeradius/users




ADD:

user1 Cleartext-password := "supersecret"

Service-Type = NAS-Prompt-User,

cisco-avpair = "shell:priv-lvl=15"

sudo service freeradius restart




(go to test radius section and try again)



Add Clients

sudo nano /etc/freeradius/clients.conf




ADD @ END:

client 192.168.1.30 {

secret=network

shortname=router

nastype=cisco

}

sudo service freeradius restart




(NOTES: secret=pre-shared key, shortname=can be anything, nastype=other,cisco,livingston,etc)



Configure Cisco IOS Client (192.168.1.30) to authenticate with Radius Server (192.168.1.21)

config t

username ciscoadmin secret ciscopwd

aaa new-model

aaa authentication login AUTH group radius local enable


aaa authentication login default radius local

aaa authorization exec default radius local

enable secret pass#1234

radius-server host 192.168.1.21 auth-port 1812 key network

line vty 0 5

login authentication AUTH

copy run start

exit

aaa authentication banner x

@@@@@@@@@@@@@@@@@@@@@@@@@@@

ACCESS RESTRICTED

@@@@@@@@@@@@@@@@@@@@@@@@@@@

aaa authentication username-prompt USER=>

aaa authentication password-prompt PASSWORD=>

aaa authentication fail-message Login Incorrect L

@@@@@@@@@@@@@@@@@@@@@@@@@@@

INCORRECT

@@@@@@@@@@@@@@@@@@@@@@@@@@@

aaa authentication fail-message # Login Incorrect #

copy run start


Link to comment
Share on other sites

So close... I had only a few objectives

  1. Central user management for Cisco control = RADIUS or TACACS (which I prefer RADIUS because it works on more than Cisco stuff)
  2. Set and Pass on privilege set (0-15) per user = RADIUS or TACACS
  3. Show who logged in where and what commands where issued (All I see is TACACS doing that, not so much RADIUS)


Link to comment
Share on other sites

You may want to check out TACACS...





Believe me, I would love RADIUS to work as well since so many applications utilize RADIUS for authentication but honesty you can't beat TACACS (or tac_plus) for authentication for Cisco hardware. Especially when you want to limit what commands can be used. TACACS goes way above and beyond just using the privilege level set.



Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...