Configuring the FreeRADIUS Server

Configuring the RADIUS server involves configuring the RADIUS server and the RADIUS client (for authentication and authorization). FreeRADIUS configuration files are usually stored in the /etc/raddb folder. The following example demonstrates how to configure the FreeRADIUS server for authentication and LDAP support:

  1. Modify the radiusd.conf file global settings: 
    log_auth = yes              (log authentication requests to the log file)
log_auth_badpass = no       (don't log passwords if request rejected)
log_auth_goodpass = no      (don't log passwords if request accepted)
  2. Modify LDAP Settings: 
    modules {
	        ldap {
                server = "ldaptest.extremenetworks.com"
                basedn = "o=ldaptestdemo,dc=extremenetworks,dc=com"
                filter = "(cn=%{Stripped-User-Name:-%{User-Name}})"
                base_filter = "(objectclass=radiusprofile)"
                start_tls = no
                dictionary_mapping = ${raddbdir}/ldap.attrmap
                authtype = ldap
                ldap_connections_number = 5
                timeout = 4
        timelimit = 3
        net_timeout = 1
		        }
}
  3. Uncomment LDAP from the authorize section: 
    				authorize {
			preprocess
			chap
			mschap
			suffix
			ldap
			eap
			files
				}
  4. Uncomment LDAP from the authenticate section: 
    		authenticate {
		Auth-Type PAP {
		pap
			}
		Auth-Type CHAP {
		chap
			}
		Auth-Type MS-CHAP {
		mschap
			}
			unix
		ldap
			eap

    An Extreme Networks edge switch serves as a network access server (NAS) for workstations and as a RADIUS client for the RADIUS server.

    RADIUS clients are configured in /etc/raddb/clients.conf. There are two ways to configure RADIUS clients. Either group the NAS by IP subnet or list the NAS by host name or IP address.
  5. Configure the RADIUS client using the second method. 
    client 192.168.1.1 {
          secret = extreme1
          shortname = ldap-demo
}
9037492-00 Rev AB