Monday, 14 July 2014

Ubuntu Server: FreeRADIUS Basic Setup for 802.1x Authentication

FreeRADIUS Setup


Enter the following command on your Ubuntu server to get started;

  • apt-get install freeradius freeradius-mysql freeradius-utils




There are two files that need to be configured;

  • etc/freeradius/users
  • etc/freeradius/clients.conf

The users file contains the information used to connect the end device to RADIUS. For a quick test I've configured the following user;




The clients.conf contains the information  regarding the network. I have in this case put the clients as the entire 192.168.1.0/24 network. The secret is the password that you configure on your network devices.




There are many other ways to configure how you want to set this up. There is plently of information in both files.

You may need to restart RADIUS for the changes to take effect;

  • /etc/init.d/freeradius restart 


Verify


You can download the following tool to test your settings from;

  • http://www.mastersoft-group.com/download/


Switch Configuration

This has been configured on a cisco SF300 switch. The commands are very similar on a catalyst switch.


Enter the following command on an interface;

  • dot1x port-control auto

Configure end host

This was done on a Windows XP machine as I was having trouble on a Windows 8.1 client. I read that its not fully support as of yet on 8.1 (I will try and re-find the source for that).
  • Press 'Windows Key + R'
  • Enter 'services.msc'
  • Find 'Wired AutoConfig'
  • Second click and go to properties and select 'Automatic' where it says 'Startup type'
  • Now go to your network adapter
  • Second click and select 'Properties'
  • Click the new 'Authentication' tab
  • For this example I changed the authentication method to 'MD5-Challenge'.
  • Bring your network interface up and it should prompt you for a password.
For Windows 7 I had to;

  • Under the 'Authentication' tab
  • Click 'Settings'
  • Untick 'Validate Server Certificate'

Aslong as everything goes right the end host should connect to the network and the following message is displayed on your network device;


References;
https://www.youtube.com/watch?v=noKRvPJWsWc&index=3&list=PLDl9sfj6TNf_vDtZdC_nQmxltDEycEWiu
http://freeradius.org/
http://www.tldp.org/HOWTO/8021X-HOWTO/freeradius.html
http://windows.microsoft.com/en-gb/windows/enable-802-1x-authentication#1TC=windows-7
https://kb.meraki.com/knowledge_base/configuring-8021x-wired-authentication-on-a-windows-7-client
http://wiki.freeradius.org/guide/EAPMD5-HOWTO
http://wiki.freeradius.org/guide/Basic-configuration-HOWTO

No comments:

Post a Comment