RADIUS

De Enes Juriquilla


    1. Configuración de archivo radius.conf

Una vez instalado y configurado el servicio de LDAP., se procede a configurar el servicios de Radius

Se edita el archivo /etc/freeradius/3.0/radiusd.conf

    prefix = /usr
    exec_prefix = /usr
    sysconfdir = /etc
    localstatedir = /var
    sbindir = ${exec_prefix}/sbin
    logdir = /var/log/freeradius
    raddbdir = /etc/freeradius/3.0
    radacctdir = ${logdir}/radacct
    name = freeradius
    confdir = ${raddbdir}
    modconfdir = ${confdir}/mods-config
    certdir = ${confdir}/certs
   cadir   = ${confdir}/certs
   run_dir = ${localstatedir}/run/${name}
   db_dir = ${raddbdir}
   libdir = /usr/lib/freeradius
   pidfile = ${run_dir}/${name}.pid
   correct_escapes = true
   max_request_time = 30
    cleanup_delay = 5
    max_requests = 16384
    hostname_lookups = no
    log {
    	destination = files
       colourise = yes
       file = ${logdir}/radius.log
       syslog_facility = daemon
       stripped_names = no
       auth = yes
       auth_badpass = no
       auth_goodpass = no
       msg_denied = "You are already logged in - access denied"
       }
      checkrad = ${sbindir}/checkrad
     ENV {
     }
      policy { $INCLUDE policy.d/ }
     $INCLUDE sites-enabled/
    1. Configuración de clientes

'Se edita el archivo /etc/freeradius/3.0/clients.conf

A continuación se muestra el contenido ejemplo de las controladoras configuradas como clientes.

   client 10.10.50.0/24 {

ipaddr = 10.10.50.0 prefix = 24 secret = 12345678 shortname = radENES

   }
   client 10.10.100.254{

ipaddr = 10.10.100.254 secret = 12345678 shortname = intraENES

   }
   client localhost {
   ipaddr = 127.0.0.1
    proto = *
    secret = 12345678
    require_message_authenticator = no
    limit {
      max_connections = 16
      lifetime = 0

idle_timeout = 30

     }
   }
   client localhost_ipv6 {

ipv6addr = ::1 secret = 12345678

    }