Setting up external Radius server for Hotspot authentication
Summary
In this example we will perform a basic external Radius server configuration and test it with RUT device for Hotspot authentication. We will use freeradius package to set up a local Radius server on Ubuntu operating system. A router with a public IP address will be directly connected to the Radius server and forward authentication requests to a LAN IP address of the server via default Radius ports.
Prerequisites
- RUT1 - Router with a Public IP address to make local server able to accept external authentication requests
- Ubuntu machine - To host a local freeradius server
- RUT2 - To configure Hotspot and test Radius authentication method using our installed server
Preparing Ubuntu machine
Installing the server
Firstly, update the package list and upgrade to the latest packages:
sudo apt update sudo apt upgrade
Next, install freeradius package:
sudo apt install freeradius
Defining a Client
Client - Hotspot that will use freeradius to authenticate users. In order to add/edit clients, we need to access clients.conf file, use your favourite text editor to access it:
sudo nano /etc/freeradius/3.0/clients.conf
For this example we will add the following lines in order to accept any IP address as a client:
client 0.0.0.0/0 {
secret = demosecret
shortname = 0.0.0.0/0
}
Note: IP of a specific Public IP of the client can be used instead of 0.0.0.0/0
Defining a User and Password
Before we create a user and password, let's use MD5 encryption instead of a clear text password. We will generate MD5 for demo123 password using the following command:
echo -n demo123| md5sum | awk '{print $1}'
We will now define credentials for user demo. Use your favourite text editor to open users file:
sudo nano /etc/freeradius/3.0/users
Add required lines to the file:
demo MD5-Password:= "62cc2d8b4bf2d8728120d052163a77df"
Reply-Message := "%{User-Name} authenticated successfully"