Radius Server: Difference between revisions
→Configuration
| (7 intermediate revisions by the same user not shown) | |||
Line 10:
== Configuration ==
Edit the freeradius users:
sudo nano /etc/freeradius/3.0/users
Uncomment the user 'John Doe':
Line 16:
Reply-Message = "Hello, %u"
Add a new User with Group Name:
Test teh connectivity from local machine:▼
aman Cleartext-Password := "pwd123"
Citrix-User-Groups = "S_UA_G_Superuser",
Reply-Message = "Hello, %{User-Name}"
sudo radtest "John Doe" hello 127.0.0.1 0 testing123
Remote access to the radius server
sudo nano /etc/freeradius/3.0/clients.conf
And add the following snippet:
Line 30 ⟶ 36:
Now from another machine, try the following:
radtest "John Doe" "hello"
You will get Access-Accept packet and "Hello, John Doe" messages.
Line 207 ⟶ 213:
password: radius
=== Troubleshooting Daloradius ===
*If you get permission denied error when importing schema:
Line 285 ⟶ 291:
If you are unable to use radtest from other servers, check credentials for 0.0.0.0/0 in below file:
sudo nano clients.conf
== Debugging ==
sudo service freeradius stop
sudo freeradius -X
= Misc =
Line 325 ⟶ 335:
EAP-Code = Success
Packet flow is as follows:
22:40:29.222278 IP 10.107.88.68.54216 > ubuntu.radius: RADIUS, Access-Request (1), id: 0x2e length: 87
22:40:29.240517 IP ubuntu.radius > 10.107.88.68.54216: RADIUS, '''Access-Challenge''' (11), id: 0x2e length: 80
22:40:29.242083 IP 10.107.88.68.54216 > ubuntu.radius: RADIUS, Access-Request (1), id: 0x2f length: 117
22:40:29.292782 IP ubuntu.radius > 10.107.88.68.54216: RADIUS, Access-Accept (2), id: 0x2f length: 51
Similar Packet capture file:
[[Media:RADIUS2.cap|RADIUS2]]
Forcing EAP for a user:
| |||