Chapter 12: Freeradius And Security; Overview; Configuration; Radiusd.conf File - Extreme Networks Summit WM Technical Reference Manual

12 FreeRADIUS and Security

Overview

A good way to get up a running with an inexpensive RADIUS server is to use FreeRADIUS. This
program is available from and provides good options for RADIUS authentication and
www.freeradius.org
accounting. While it is possible to configure FreeRADIUS to interoperate with a Microsoft infrastructure
such as Active Directory using LDAP it is recommended that IAS (Internet Authentication Service) is
used for better integration with a Microsoft environment.
For those without a Microsoft infrastructure, read on.
FreeRADIUS is available as a tarball from the FreeRADIUS website and it can be readied for use on
most systems with the typical steps:
./configure
make
make install
The current release of FreeRADIUS is 2.0.1. Once it is installed the configuration files are typically found
at either /usr/local/etc/raddb or under /etc/raddb. The binary is called radiusd and running the file
in the foreground as radiusd -X is very useful for debugging RADIUS requests.

Configuration

The configuration of FreeRADIUS involves modifying several files that usually reside under /usr/
local/etc/raddb or /etc/raddb.

radiusd.conf file

The main configuration for FreeRADIUS is within the radiusd.conf file. This file contains general
options for how the server behaves, which general protocols to respond to, etc. Here are some notes on
the sections that may come in handy:
authorize section
Uncomment all auth types that are in use (files is the name of the type that uses the user file).
clients.conf file
This file contains definitions of RADIUS clients that are allowed to interact with the RADIUS server for
AAA information.
123
Summit WM Technical Reference Guide, Software Version 5.1