Candela Technologies Logo
Network Testing and Emulation Solutions

Setting up a RADIUS Server

Goal: To set up a LANforge wireless access point with a local RADIUS server.

 
  1. The LANforge auto-install --do_radius option will setup FreeRADIUS on the LANforge system with two example EAP methods, EAP-TLS and EAP-TTLS
  2. The config files for FreeRADIUS are located in /etc/raddb
    1. /etc/raddb/certs contains the files necessary for EAP-TLS
    2. The LANforge auto-install copies the necessary files into /home/lanforge for use by LANforge wireless clients.
    3. For EAP-TLS, use client.p12 as the client's Private Key and ca.pem as the client's CA Cert File. The Private Key password is lanforge screenshot
    4. /etc/raddb/users contains the user and password for EAP-TTLS
    5. The example EAP-TTLS user is testuser with password testpasswd. Additional entries can be added to the users file, then restart FreeRADIUS with systemctl restart radiusd.service screenshot
  3. An alternative to FreeRADIUS is to use the hostapd RADIUS server.
    1. Stop the FreeRADIUS service with systemctl stop radiusd.service
    2. Modify the interface to use for the hostapd process and select the RADIUS checkbox. screenshot
    3. Create a hostapd_<port-name>.conf file in the /home/lanforge/wifi directory with the following info. screenshot
    4. Setup the desired EAP methods and passwords in the /etc/hostapd.eap_users file. screenshot
    5. If using EAP-SIM or EAP-AKA, verify entries in the /etc/hlr_auc_gw.milenage_db file, then start the HLR tool. screenshot
    6. Verify the hostapd process is running for the interface selected for the RADIUS server, here it is eth1. screenshot
  4. Whether you use FreeRADIUS or hostapd RADIUS, setup your AP with the RADIUS server's IP address and port.
    1. If using a LANforge AP on the same system as the RADIUS server, then the AP will address the RADIUS server at localhost or 127.0.0.1 with port 1812. screenshot
    2. If using an external AP or WLAN Controller, then configure the device to address the RADIUS server on the network connected to a LANforge interface configured for RADIUS.

Candela  Technologies, 2417 Main Street, Suite 201, Ferndale, WA 98248, USA
www.candelatech.com | sales@candelatech.com | +1.360.380.1618
Google+ | Facebook | LinkedIn | Blog