Configuring a RADIUS server with Linux

FreeRADIUS is an open source RADIUS server that runs on all versions of Linux (FreeBSD, NetBSD, and Solaris).

1. Download the package from www.freeradius.org and follow the installation instructions at the FreeRADIUS website.
2. Refer to the RADIUS product documentation for information on configuring and starting up a RADIUS server.
3. Determine where vendor-specific dictionaries are located on the server.
   

   user@Linux:$ locate dictionary.*
   
   /usr/share/freeradius/dictionary.3com
   /usr/share/freeradius/dictionary.3gpp
   /usr/share/freeradius/dictionary.3gpp2
   /usr/share/freeradius/dictionary.acc
   /usr/share/freeradius/dictionary.acme 

4. Change to the vendor-specific dictionaries directory.
   

   user@Linux:$ cd /usr/share/freeradius/
   user@Linux:/usr/share/freeradius$

5. Verify that the dictionary.brocade file exists in this directory.
   

   user@Linux:/usr/share/freeradius$ ls dictionary.brocade
   
   dictionary. brocade

   When the dictionary.brocade file does not exist, proceed to Step 7.
6. Check that the contents of the dictionary.brocade file are correct. The following example shows the correct information.
   

   user@Linux:/usr/share/freeradius$ more dictionary.brocade
   
   # -*- text -*-
   # Copyright (C) 2013 The FreeRADIUS Server project and contributors
   #
   VENDOR          Brocade                         1588
   BEGIN-VENDOR    Brocade
   
   ATTRIBUTE       Brocade-Auth-Role                       1       string
   
   END-VENDOR      Brocade
   ATTRIBUTE       Brocade-Cmd                             8       string

   When the dictionary.brocade file exists and holds the correct information, proceed to Step 10.
7. When the dictionary.brocade file does not exist or holds incorrect information, you need to create a dictionary.brocade file with the correct information.
   1. Log in as the root user.
   2. In the vendor-specific dictionaries directory, create a file named dictionary.brocade with the below content.
      

      # -*- text -*-
      # Copyright (C) 2013 The FreeRADIUS Server project and contributors
      #
      VENDOR          Brocade                         1588
      BEGIN-VENDOR    Brocade
      
      ATTRIBUTE       Brocade-Auth-Role                       1       string
      
      END-VENDOR      Brocade

8. To import the dictionary.brocade file, add the following line to the dictionary file.
   

   $INCLUDE dictionary.brocade

9. To ensure that the dictionary is loaded, restart the FreeRADIUS server.
   

   user@Linux:/usr/share/freeradius$ sudo service freeradius restart

10. Configure an Extreme user account.
    1. Open the /etc/raddb/users file in a text editor (the location of the FreeRADIUS users configuration file depends on the Linux distribution).
    2. Add the user name and associated the permissions. The user must log in using the permissions specified with Brocade-Auth-Role. The following example configures an account called "jsmith" with admin permissions and a password "jspassword".
       

       jsmith    Auth-Type := Local, 
                          User-Password == "jspassword", 
                          Brocade-Auth-Role = "admin"

       

       Note

       You must use double quotation marks around the password and role.
11. To ensure that the changes take effect, restart the FreeRADIUS server.
    

    user@Linux:/usr/share/freeradius$ sudo service freeradius restart

Note

When you use network information service (NIS) for authentication, the only way to enable authentication with the password file is to force the device to authenticate using password authentication protocol (PAP); this requires the setting the pap option with the radius-server host command.