Line 1: |
Line 1: |
| ==Summary== | | ==Summary== |
− | In this example, we will set up Teltonika Networks router to use a Radius server for SSH and/or WebUI authentication. We will use the ''freeradius'' package to set up a local Radius server on an Ubuntu virtual machine. Then we will create a new user. Lastly, we will test the configuration. | + | In this example, we will set up a Teltonika Networks router to use a Radius server for SSH and/or WebUI authentication. We will use the ''freeradius'' package to set up a local Radius server on an Ubuntu virtual machine. Then we will create a new user. Lastly, we will test the configuration. |
| | | |
| This is the idea of how a Radius server is used for RUTOS authentication:<br> | | This is the idea of how a Radius server is used for RUTOS authentication:<br> |
Line 7: |
Line 7: |
| [[File:Networking freeradius lan topology diagram v1.png|border|class=tlt-border]] | | [[File:Networking freeradius lan topology diagram v1.png|border|class=tlt-border]] |
| ==Prerequisites== | | ==Prerequisites== |
− | *'''Router''' with the ability to install an additional package - PAM | + | *'''Router''' with the ability to install the PAM package and running firmware version 7.6 or later |
| *'''Ubuntu machine''' with the ability to host a local FreeRadius server | | *'''Ubuntu machine''' with the ability to host a local FreeRadius server |
| + | '''Note:''' in this example Ubuntu version 22.04.3 LTS was used |
| ==Preparing Ubuntu machine== | | ==Preparing Ubuntu machine== |
| ====Installing the FreeRadius server==== | | ====Installing the FreeRadius server==== |
Line 21: |
Line 22: |
| In order to add/edit clients, we need to access the '''clients.conf''' file. Use your favorite text editor to edit it: | | In order to add/edit clients, we need to access the '''clients.conf''' file. Use your favorite text editor to edit it: |
| sudo nano /etc/freeradius/3.0/clients.conf | | sudo nano /etc/freeradius/3.0/clients.conf |
− |
| |
| For this example, we will add the following lines in order to accept any IP address as a client: | | For this example, we will add the following lines in order to accept any IP address as a client: |
| client 0.0.0.0/0 { | | client 0.0.0.0/0 { |
Line 124: |
Line 124: |
| [pap] = reject | | [pap] = reject |
| } # Auth-Type PAP = reject | | } # Auth-Type PAP = reject |
| + | [[Category:Router control and monitoring]] |