Written by Timo Stankowitz timo.stankowitz@gmail.com on 2018-03-19. The installation was tested on a RPI2 running Raspbian 9.
Note: Radius uses UDP and not TCP
sudo su
apt update
apt upgrade -y
apt install
apt install freeradius -y
systemctl stop freeradius
You can find the configuration in: /etc/freeradius/3.0/
cd certs
chmod +x bootstrap
./bootstrap
In this case clients are e.g. Wireless Access Point Controller or Switches with 802.1X and NOT an end user. Meaning that the end user e.g. a Smartphone talks to the client and the clients talks to the actual radius server.
vi clients.conf
You can simply just add one IP or an IP range to the end of the file e.g.:
client client_name {
ipaddr = 192.168.178.0/24
secret = someSecretPassword123456
}
The secret is the shared secret between the client and the radius server.
vi users
For testing you can simply uncomment the line starting with bob. This is a (working) dummy user with the password of hello.
Run freeradius -X
and try to authenticate with an user. If it works you can see the result on the screen.
If everything works as expected you can start radius as a service: systemctl start freeradius