Blue Light
Space shortcuts
Child pages
  • General information

Versions Compared

Old Version 12

changes.mady.by.user Dyuman

Saved on

compared with

New Version 13

changes.mady.by.user Dyuman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

FreeRADIUS configuration files are many. They are located in /etc/freeradius/3.0 on Debian systems. Other distributions use a slightly different location. Most of them contain plenty of comments explaining what the configuration does and advice and warnings, but some understanding of the protocols, or getting used to, is often necessary to understand them. Here are some of themthe configuration files/folders:

clients.conf - List of clients that will be connecting to the FreeRADIUS server, including their IP addresses and passwords that they will use to authenticate to FreeRADIUS. What is called a FreeRADIUS client is actually a NAS, not a supplicant. Supplicants do not speak directly to RADIUS servers.

...

mods-config - Folder containing more config related to modules and things like, e.g. .sql files containing empty schemas for initial creation of databases for use with the sql module

...

sites-enabled - Folder containing symlinks to files in the sites-available folder, for sites that should be enabled

mods-available/eap - Configuration file for EAP module

By default, the 'default' and 'inner-tunnel' sites are enabled. 'default' is the outer tunnel, it listens for incoming requests from the NASes, 'inner-tunnel' receives requests tunneled in the TLS encryption over EAP over RADIUS, forwarded by the outer-tunnel.Inner tunnel and outer tunnel sites

The site files contain multiple sections, here are some of them:

authorize - This section lists modules/code that are run when a request is received, in preparation for authentication. One of the important tasks is to find out which authentication method/protocol the supplicant is trying to use and which FreeRADIUS module is appropriate to deal with it. When one of the listed modules finds that it is able to deal with the request, it informs FreeRADIUS. Another important task is to load in memory information that might be needed for authentication. For example, the sql module loads the relevant credentials from the SQL database so that the appropriate authentication module that later runs in the authenticate section can access them in order to compare them with what the supplicant sent.

...

post-auth - After it has been determined what action should be taken '@@@', this section takes care of any extra tasks required to be carried out, for example logging, and can also add/modify attributes to be sent back to the NAS as part of the Access-Accept/Access-Reject packet.

...

http://deployingradius.com also seems to be a reliable source Alan DeKoK's blog