FreeRadius With VEGA
Overview
The purpose of this guide is to provide step by step, quick and easy way to deploy FreeRadius server. You will learn how to install FreeRadius server on your Linux system and how to configure the same to work with VEGA (as radius client)
FreeRADIUS basically includes a RADIUS server, a BSD licensed client library, a PAM library, and an Apache module.
Installation of FreeRadius
FreeRadius is easy to install. FreeRadius can be installed on Linux server by issuing commands like:
yum install freeradius (on redhat linux distribution)
OR
apt-get install freeradius (on ubuntu)
For further information with respect to installation of FreeRadius please refer to below useful links:
http://freeradius.org/doc/getting_started.html
https://www.unixmen.com/installation-freeradius-centos-ubuntu/
NOTE: There is no need to perform SQL stuff as given in above guide in order to make VEGA working with FreeRadius server.
Configuration Of FreeRadius
Configuration on FreeRadius with respect to VEGA can be divided in to three parts:
Adding Vendor
Adding User
Adding Client
Vendor Addition
In order to add VEGA specific vendor in FreeRadius we need to create a new file say name “dictionary.sangoma” within “/usr/share/freeradius/” directory and add below lines in to the file:
VENDOR Sangoma 35987
BEGIN-VENDOR Sangoma
# Vega Login user privilege level
ATTRIBUTE Sangoma-Vega-Privilege 1 integer
VALUE Sangoma-Vega-Privilege none 0x00
VALUE Sangoma-Vega-Privilege admin 0x04
VALUE Sangoma-Vega-Privilege privacy 0x20
VALUE Sangoma-Vega-Privilege provision 0x40
ATTRIBUTE Sangoma-Vega-Timeout 2 integer
END-VENDOR Sangoma
Now, edit “/usr/share/freeradius/dictionary” file by in order to include the above created file by adding below line:
$INCLUDE dictionary.sangoma
Now, proceed with next configuration i.e. Adding users.
User Addition
In order to add VEGA specific user in FreeRadius users list we need to edit “/etc/raddb/users” file. Find the user and defined the new variables for e.g. “Sangoma-vega-Privilege=admin” under the user created.
For example, if vega has a user say “user1” with password as “password1” with admin privileges then below lines needs to be included within “/etc/raddb/users”:
user1 Cleartext-Password := "password1"
Sangoma-Vega-Privilege = admin
Now, proceed with next configuration i.e. Adding client.
Client Addition
Adding client is important part of configuration as this configuration tells FreeRadius to allow connection from vega network.
In order to add New Client (VEGA as client) edit “/etc/raddb/clients.conf" and add below lines:
client 192.168.3.176 {
secret = testing
shortname = vega-test-176
}
NOTE:
192.168.3.176 is the vega ip i.e. the radius client
secret must be the password of radius server which needs to be used/configured by client in order to establish connection with radius server (in this case it is testing)
shortname is the alias which user wants to assign to client
Troubleshooting FreeRadius
Step 1) In order to test if your configured client is working fine first we need to start FreeRadius server using below command:
/etc/init.d/radius start
In order to start radius server in debugging/troubleshooting mode we can always start radius server using below command:
radisud -x
Step 2) Now, tail the system logs to check what is occurring using below command:
tail -f /var/log/messages
Now, issue below command in order to test if the client account is properly configured or not for example in this case we will test “VEGA” with user as “user1” by issuing below command:
radtest user1 password1 localhost0 testing123
The above command will give output as given below:
Sending Access-Request of id 119 to 127.0.0.1 port 1812
User-Name = "user1"
User-Password = "password1"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=119, length=20
In order to check how to configure VEGA as Radius client please refer to VEGA RADIUS Configuration.
Reference
For more reference on freeradius always refer to below links:
etc.