eDirectory integration with FreeRADIUS
Linux SLES 9
FreeRADIUS Server or freeradius is a daemon for linux/unix operating systems which allows one to set up a radius protocol server, which is usually used for authentication and accounting of dial-up users. To use the server, you also need a correctly setup client which will talk to it, usually a terminal server or a PC with appropriate emulation software.
Debugging FreeRADIUS with radtest
Testing FreeRadius with radtest:
Edit /usr/local/etc/raddb/clients.conf and enter the details of your NAS unit(s). There are examples here, so it should be easy. Tip: You'll also want to enter 'localhost' here for testing purposes (i.e. so you can use radtest).
At this point you should be able to manually fire up /usr/local/sbin/radiusd. You should do this with the debug turned on so you can see what happens:
Lots of stuff will scroll to the screen, and it should tell you it's ready to accept requests. If you get an error, READ THE DEBUG, then check the docs, check the above and try again.
You should now be able to use FreeRadius. You can use radtest to test an account from the command line:
radtest username password servername port secret
So, if your example user is 'bob' with password 'novell', your server is called 'radius.domain.com', is using port 1645, and you put localhost (or your localhost's IP) in clients.conf with a secret of 'mysecret', you should use:
radtest bob novell radius.domain.com 1645 mysecret
And you should get back something like:
Sending Access-Request of id 226 to 127.0.0.1:1645
User-Name = 'bob'
User-Password = '\304\2323\326B\017\376\322?K\332\350Z;}'
NAS-IP-Address = radius.domain.com
NAS-Port = 1645
rad_recv : Access-Accept packet from host 127.0.0.1:1645,id=226, length=56
Framed-IP-Address = 22.214.171.124
Framed-Protocol = PPP
Service-Type = Framed-User
Framed-Compression = Van-Jacobson-TCP-IP
Framed-IP- Netmask = 255.255.255.255
You should get an 'Access Accept' response. If you don't, Go back and check everything. Read the docs, READ THE DEBUG!!
You may also test with NTRadPing (downloadable from MasterSoft) on a desktop Windows PC to send test packets towards the radius server - very handy tool. If you do this, or test from any other machine, remember your PC (or other machine) needs to be in your NAS list in clients.conf too!.
Formerly known as TID# 10100993