Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Download the latest version of Freeradius 3 (FR3)

    Code Block
    [root@idp ~]# wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-3.0.15.tar.bz2
  • Extract the FR3 source code

    Code Block
    [root@idp ~]# tar -jxf freeradius-server-3.0.15.tar.bz2
  • Compile and install FR3

    Info

    If you are using edushib vm image, you may need to install some additional libraries:

    Code Block
    [root@idp ~]# yum install -y libtalloc-devel libtool libtool-ltdl-devel net-snmp-devel net-snmp-utils readline-devel libpcap-devel libcurl-devel openldap-devel python-devel mysql-devel sqlite-devel unixODBC-devel freetds-devel samba4-devel json-c-devel
    Code Block
    [root@idp ~]# cd freeradius-server-3.0.15
    [root@idp freeradius-server-3.0.15]# ./configure --prefix=/opt/freeradius-server-3.0.15
    [root@idp freeradius-server-3.0.15]# make
    [root@idp freeradius-server-3.0.15]# make install
  • Download and run the eduroam.my installation kit

    Code Block
    [root@idp raddb]# cd /root
    [root@idp ~]# wget http://sifulan.my/download/eduroam-my-freeradius-config.tar.bz2
    [root@idp ~]# cd eduroam-my-freeradius-config
    [root@idp eduroam-my-freeradius-config-test]# ./setup_irs 
    
    ======= Setup .my IRS configuration =======
    
    1) Input your reaml (e.g. 'university.edu.my) : university.edu.my
    
    2) Input your secret key (e.g. 'eduroamkey') : eduroammy
    
    3) Input your Freeradius 3 installation directory (e.g. '/opt/freeradius-server-3.0.15') : /opt/freeradius-server-3.0.15
    
    4) Input your host certificate private key file (e.g. '/etc/letsencrypt/live/idp.university.edu.my/privkey.pem') : /etc/letsencrypt/live/idp.university.edu.my/privkey.pem
    
    5) Input your host certificate public key file (e.g. '/etc/letsencrypt/live/idp.university.edu.my/cert.pem') : /etc/letsencrypt/live/idp.university.edu.my/cert.pem
     
    done!!!
  • Test run

    Info

    You must turn off the radsecproxy and freeradius(2) service and inform the NRO admin before you proceed with the following steps

    Code Block
    [root@idp eduroam-my-freeradius-config-test]# cd /opt/freeradius-server-3.0.15/etc/raddb
    [root@idp raddb]# ../../sbin/radiusd -X
  • Should there is no error/misconfigure, you could link back the FR3 with the user database/directory service. For AD user you could perform the following commands:

    Code Block
    [root@idp raddb]# cp /etc/raddb/modules/mschap /opt/freeradius-server-3.0.15/etc/raddb/mods-available
    [root@idp raddb]# ln -s /opt/freeradius-server-3.0.15/etc/raddb/mods-available/mschap /opt/freeradius-server-3.0.15/etc/raddb/mods-enabled/mschap

    , while for LDAP user, you could perform the following commands:

    Code Block
    [root@idp raddb]# cp /etc/raddb/modules/ldap /opt/freeradius-server-3.0.15/etc/raddb/mods-available
    [root@idp raddb]# vi /opt/freeradius-server-3.0.15/etc/raddb/mods-available/ldap
     
    add the following config:
     
    user {
    
       		base_dn = "ou=users,dc=idp,dc=university,dc=edu,dc=my" <- change with your base_dn
    		filter = "(eduPersonPrincipalName=%{Stripped-User-Name})"	<- change the eduPersonPrincipalName with your user ID attribute
    }
    
    update {
    		control:Password-With-Header    += 'userPassword'
    		control:NT-Password     		:= 'sambaNTPassword'		
    		control:LM-Password				:= 'sambaLMPassword'
    }
    
    [root@idp raddb]# ln -s /opt/freeradius-server-3.0.15/etc/raddb/mods-available/ldap /opt/freeradius-server-3.0.15/etc/raddb/mods-enabled/ldap
  • To run the FR3 in the background, perform the following commands:

    Code Block
    [root@idp raddb]# cp /opt/freeradius-server-3.0.15/sbin/rc.radiusd /etc/rc.d/init.d/
    [root@idp raddb]# service rc.radiusd start