ClearOS Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


Setting up Freeradius2 to use LDAP

This guide covers encrypted connections between clients and the RADIUS server through a supplicant or wireless access device. This guide is also limited in the scope of FreeRADIUS configuring it to be an integrated solution to provide WPA2 Infrastructure mode for a wireless access point.

Deprecated

The RADIUS Server app is now available via Marketplace. The following document is here for historical purposes only.

Installing FreeRADIUS on ClearOS 5.2 SP2

For ClearOS 5.2, run your updates. For older versions, you must upgrade to 5.2 before you can use this module.

yum update

Install the FreeRadius service by running the following from command line:

yum --enablerepo=base-plus install app-freeradius
service syswatch restart

Configuring FreeRadius

In Webconfig, click on the RADIUS server link under Network » Settings » RADIUS Server

Starting RADIUS

To start the service, click Start. To make the service start automatically on each reboot, click To Auto

Group Control

You may assign a group to authenticate through your RADIUS server. Select a group and click Update.

Remote Devices

To allow a remote device to use the RADIUS server, give the client remote device(s) a nickname without spaces. Insert an IP address or CIDR. Select a password to be used by these client devices and click Add.

https://clearos.com/dokuwiki2/lib/exe/fetch.php?w=550&tok=f35934&media=howtos:radiusconfig.png

Supplication (Wireless Access Point)

Your wireless access point will have a section where you can set WPA2 Infrastructure Mode. (TDB later, it is late)

Clients

Windows XP/Vista/7

Mac OSX

Additional Settings

I have yet to test if these next steps break the WPA2 infrastructure capability. It shouldn't but I'm not 100% sure yet.

PAP

You can also have the LDAP authenticate through PAP locally by changing the following items.

/etc/raddb/sites-enabled/default

uncomment ldap in the authorization section. comment unix in the authorization section.

#unix
ldap

/etc/raddb/ldap-attrmap

Add checkItem for pcnMicrosoftPassword in the appropriate section…

checkItem       NT-Password                     pcnMicrosoftNTPassword
checkItem       Auth-Type                       radiusAuthType
checkItem       Simultaneous-Use                radiusSimultaneousUse

Test

Test this from command line using the radtest command:

radtest   localhost 10 
content/en_us/kb_howtos_setting_up_freeradius2_to_use_ldap.txt · Last modified: 2015/03/01 10:35 (external edit)

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3Akb_howtos_setting_up_freeradius2_to_use_ldap&1563297844