Setting up Freeradius2 to use LDAP
This guide covers encrypted connections between clients and the RADIUS server through a supplicant or wireless access device. This guide is also limited in the scope of FreeRADIUS configuring it to be an integrated solution to provide WPA2 Infrastructure mode for a wireless access point.
The RADIUS Server
app is now available via Marketplace. The following document is here for historical purposes only.
Installing FreeRADIUS on ClearOS 5.2 SP2
For ClearOS 5.2, run your updates. For older versions, you must upgrade to 5.2 before you can use this module.
Install the FreeRadius service by running the following from command line:
yum --enablerepo=base-plus install app-freeradius
service syswatch restart
In Webconfig, click on the RADIUS server link under Network » Settings » RADIUS Server
To start the service, click Start. To make the service start automatically on each reboot, click To Auto
You may assign a group to authenticate through your RADIUS server. Select a group and click Update.
To allow a remote device to use the RADIUS server, give the client remote device(s) a nickname without spaces. Insert an IP address or CIDR. Select a password to be used by these client devices and click Add.
Supplication (Wireless Access Point)
Your wireless access point will have a section where you can set WPA2 Infrastructure Mode. (TDB later, it is late)
I have yet to test if these next steps break the WPA2 infrastructure capability. It shouldn't but I'm not 100% sure yet.
You can also have the LDAP authenticate through PAP locally by changing the following items.
uncomment ldap in the authorization section.
comment unix in the authorization section.
Add checkItem for pcnMicrosoftPassword in the appropriate section…
checkItem NT-Password pcnMicrosoftNTPassword
checkItem Auth-Type radiusAuthType
checkItem Simultaneous-Use radiusSimultaneousUse
Test this from command line using the radtest command:
radtest localhost 10