Linux Voodoo Corporation
About Us 866.309.4617 Tracking Shopping Cart Checkout
Shop Account Customer Care Services Resources
Overview Books Mailing Lists Search Howtos
 
  You are here: » Main » Howto's Log In  | Financing  
Swartz Creek, Michigan: Linux Voodoo offers Linux consulting (and support) services (both free and commercial), Linux compatible hardware and software reviews and sales, Linux servers and desktop, the Voodoo Linux distribution and hardening systems, Linux driver development, Linux news,chat, message boards, Linux embedded jobs, security advisories, Linux howto's and newbie information. linux download red hat directpc direct pc linux linux software linux driver linux tutorial linux mandrake mandrake linux linux command netapp linux mount windows source decss linux game linux hp suse linux linux downloads linux firewall linux server linux programming linux red hat wine linux linux ppt linux operating system embedded linux linux distribution corel linux free linux free linux download linux help force 10baset linux linux laptop reset linux scsi d kill tape /proc linux router linux pda linux wallpaper red hat linux download linux kernel linux router project linux iso linux howto linux how to linux os linux application linux certification linux web hosting linux hosting linux modem peanut linux nokia rs 232 linux modem setting linux for window linux free download linux documentation project linux sms1 linux call back linux problem reading directory linux boot disk linux theme linux cluster linux closing port linux security dialogic linux linux emulator linux training linux startup dual boot window 2000 linux linux magazine linux auto rpm realtek rtl8019 linux driver download robomon linux linux estrutura de diretorios 3c589d config linux timeservice linux linux samba linux dvd player linux .ppt mplayer near download and linux red hat linux 7.2 linux mail server free linux software linux hardwarelinux anti virus redmond linux linux modem driver linux vpn pic microcontroller linux programmer aol for linux linux review linux wireless
contact us: abuse@flonetwork.com webmaster@flonetwork.com info@webmaster@flonetwork.com spampoision@lnxvoodoo.com noc@sprint.net webmaster@lnxvoodoo.com wlad@lnxvoodoo.com michelle@lnxvoodoo.com ryan@lnxvoodoo.com bryan@lnxvoodo.com rambo@lnxvoodoo.com senioreditor@lnxvoodoo.com editor@lnxvoodoo.com
WOW on Linux, yes our gaming systems do include World of Warcraft for Linux! Linux Voodoo Gaming systems include one copy of World of Warcraft, 1 year paid subscription to Transgaming.com so you can play over 200 popular Windows games on our linux systems. Too good to be true? Try it out for yourself.
  Start shopping
Notebooks
notebooks 

 

Desktops
desktops 

 

Servers
servers 

 

Appliances
appliances 

 

Accessories
accessories 

 

Software
software 
Howto's  
Authentication Server: Setting up FreeRADIUS
802.1X Port-Based Authentication HOWTO
PrevNext

3. Authentication Server: Setting up FreeRADIUS

FreeRADIUS is a fully GPLed RADIUS server implementation. It supports a wide range of authentication mechanisms, but PEAP is used for the example in this document.

3.1. Installing FreeRADIUS

Installing FreeRADIUS

  1. Head over to the FreeRADIUS site, http://www.freeradius.org/, and download the latest release. 

    
   # cd /usr/local/src
   # wget ftp://ftp.freeradius.org/pub/radius/freeradius-1.0.0.tar.gz
   # tar zxfv freeradius-1.0.0.tar.gz
   # cd freeradius-1.0.0

  2. Configure, make and install: 

    
    # ./configure
    # make
    # make install

    You can pass options to configure. Use ./configure --help or read the README file, for more information.

The binaries are installed in /usr/local/bin and /usr/local/sbin. The configuration files are found under /usr/local/etc/raddb.

If something went wrong, check the INSTALL and README included with the source. The RADIUS FAQ also contains valuable information.

3.2. Configuring FreeRADIUS

FreeRADIUS has a big and mighty configuration file. It's so big, it has been split into several smaller files that are just "included" into the main radius.conf file.

There is numerous ways of using and setting up FreeRADIUS to do what you want: i.e., fetch user information from LDAP, SQL, PDC, Kerberos, etc. In this document, user information from a plain text file, users, is used.

Tip

The configuration files are thoroughly commented, and, if that is not enough, the doc/ folder that comes with the source contains additional information.

Configuring FreeRADIUS

  1. The configuration files can be found under /usr/local/etc/raddb/ 

    
    # cd /usr/local/etc/raddb/

  2. Open the main configuration file radiusd.conf, and read the comments! Inside the encrypted PEAP tunnel, an MS-CHAPv2 authentication mechanism is used.

    1. MPPE [RFC3078] is responsible for sending the PMK to the AP. Make sure the following settings are set: 

      
    # under MODULES, make sure mschap is uncommented!
    mschap {
      # authtype value, if present, will be used
      # to overwrite (or add) Auth-Type during
      # authorization. Normally, should be MS-CHAP
      authtype = MS-CHAP

      # if use_mppe is not set to no, mschap will
      # add MS-CHAP-MPPE-Keys for MS-CHAPv1 and
      # MS-MPPE-Recv-Key/MS-MPPE-Send-Key for MS-CHAPv2
      #
      use_mppe = yes

      # if mppe is enabled, require_encryption makes
      # encryption moderate
      #
      require_encryption = yes

      # require_strong always requires 128 bit key
      # encryption
      #
      require_strong = yes

      authtype = MS-CHAP
      # The module can perform authentication itself, OR
      # use a Windows Domain Controller. See the radius.conf file
      # for how to do this.
    }

    2. Also make sure the "authorize" and "authenticate" contains: 

      
    authorize {
        preprocess
        mschap
	suffix
	eap
	files
    }
    
    authenticate {
         
         #
         #  MSCHAP authentication.    
         Auth-Type MS-CHAP {
               mschap
          }
	
	 #
         #  Allow EAP authentication.
         eap
     }

  3. Then, change the clients.conf file to specify what network it's serving: 

    
   # Here, we specify which network we're serving
   client 192.168.0.0/16 { 
        # This is the shared secret between the Authenticator (the 
	# access point) and the Authentication Server (RADIUS).
        secret          = SharedSecret99
        shortname       = testnet
    }

  4. The eap.conf should also be pretty straightforward.

    1. Set "default_eap_type" to "peap": 

      
      default_eap_type = peap

    2. Since PEAP is using TLS, the TLS section must contain: 

      
    tls { 
        # The private key password
        private_key_password = SecretKeyPass77
	# The private key
        private_key_file = ${raddbdir}/certs/cert-srv.pem
        #  Trusted Root CA list
        CA_file = ${raddbdir}/certs/demoCA/cacert.pem
        dh_file = ${raddbdir}/certs/dh
        random_file = /dev/urandom
	}

    3. Find the "peap" section, and make sure it contain the following: 

      
      peap {
        #  The tunneled EAP session needs a default
        #  EAP type, which is separate from the one for
        #  the non-tunneled EAP module.  Inside of the
        #  PEAP tunnel, we recommend using MS-CHAPv2,
        #  as that is the default type supported by
        #  Windows clients.
        default_eap_type = mschapv2
      }

  5. The user information is stored in a plain text file users. A more sophisticated solution to store user information may be preferred (SQL, LDAP, PDC, etc.).

    Make sure the users file contains the following entry: 

    
   "testuser"      User-Password == "Secret149"
PrevHomeNext
Obtaining Certificates Supplicant: Setting up Xsupplicant
Continue
 



P
System Builder

Now Shipping from: California - Florida - Georgia - Massachusetts - Michigan - New Jersey - Pennsylvania - Tennessee - Texas
We only ship within the USA and APO's.
We do not ship on national US holidays or on weekends.
Linux Voodoo RSS Store Feed
About Us  |  Contact Us  |  Conditions of Use  |  Privacy Notice  |  Warranty & Returns  |  Employment |  PHP HTML Form Builder

Copyright © 2003, Linux Voodoo Corporation All rights reserved. Linux is a trademark of Linus Torvalds.
email-addresses
Asterisk Debian Linux, WOW on Linux, yes our gaming systems do include World of Warcraft for Linux! Linux Voodoo Gaming systems include one copy of World of Warcraft, 1 year paid subscription to Transgaming.com so you can play over 200 popular Windows games on our linux systems. Too good to be true? Try it out for yourself.