Versions Compared

Old Version 33

changes.mady.by.user Paul Dekkers

Saved on

compared with

New Version 34

changes.mady.by.user Paul Dekkers

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

FreeRADIUS is a very versatile and freely available RADIUS server under the GPL license. Setting up FreeRADIUS as an SP is a rather straightforward task, since it merely needs to forward requests from NASes to other RADIUS servers. In particular, it does not need to authenticate users. The following configuration enables your FreeRADIUS server to be an eduroam SP. At the same time, it is the baseline from which to establish an eduroam IdP configuration, if that is envisaged for a later stage.

Version information

This documentation is current as of document is in migration from FreeRADIUS 2 .1.10. Even though 2.1.11 has been released, we recommend sticking with 2.1.10, because 2.1.11 is known to have several service-affecting bugsto FreeRADIUS 3. We recommend using the last available version of the stable FreeRADIUS 3 branch. It's easy to compile version 3 (and create packages) if your distribution doesn't provide recent packages. (On Ubuntu/Debian with "make deb" for instance and "rpmbuild -ba redhat/freeradius.spec" should help you on Red Hat based systems.)

Some of the filesystem paths changed between version 2 and 3. The /etc/raddb/modules directory is now split between /etc/raddb/mods-available and /etc/raddb/mods-enabled, plus some of the configuration can be found in /etc/raddb/mods-config. Note that when a module isn't called from the rest of the configuration, placing it in mods-enabled doesn't mean it's active: only that it's available in the rest of your configuration.

Installation

FreeRADIUS is written in C and can be compiled with the usual UNIX compilation sequence. After unpacking the source into a directory of your choice, do

...

Code Block
security {
           max_attributes = 200
           reject_delay = 0
           status_server = yes
}

proxy_requests      = yes

(From the default distribution, only reject_relay needs to be changed.)

FreeRADIUS is capable of both IPv4 and IPv6. The following four sections enable both authentication and accounting processing with IPv4 and IPv6 (you can leave out the IPv6 part if your server shouldn't do IPv6):

...