Difference between revisions of "Setting up external Radius server for Hotspot authentication"

From Teltonika Networks Wiki
m
m
Line 12: Line 12:
  
 
==Preparing Ubuntu machine==
 
==Preparing Ubuntu machine==
 +
 +
====Installing the server====
 +
----
  
 
Firstly, update the package list and upgrade to the latest packages:
 
Firstly, update the package list and upgrade to the latest packages:
Line 17: Line 20:
 
sudo apt update
 
sudo apt update
 
sudo apt upgrade
 
sudo apt upgrade
 +
</pre>
 +
 +
Next, install freeradius package:
 +
<pre>
 +
sudo apt install freeradius
 +
</pre>
 +
 +
====Defining a Client====
 +
----
 +
 +
Client - Hotspot that will use freeradius to authenticate users.
 +
In order to add/edit clients, we need to access clients.conf file, use your favourite text editor to access it:
 +
<pre>
 +
sudo nano /etc/freeradius/3.0/clients.conf
 +
</pre>
 +
For this example we will add the following lines in order to accept any IP address as a client:
 +
<pre>
 +
client 0.0.0.0/0 {
 +
    secret = demosecret
 +
    shortname = 0.0.0.0/0
 +
}
 +
</pre>
 +
Note: IP of a specific Public IP of the client can be used instead of 0.0.0.0/0
 +
 +
====Defining a User and Password====
 +
----
 +
 +
Before we create a user and password, let's use MD5 encryption instead of a clear text password. We will generate MD5 for '''demo123''' password using the following command:
 +
<pre>
 +
echo -n demo123| md5sum | awk '{print $1}'
 +
</pre>
 +
 +
We will now define credentials for user '''demo'''. Use your favourite text editor to open '''users''' file:
 +
<pre>
 +
sudo nano /etc/freeradius/3.0/users
 +
</pre>
 +
 +
Add required lines to the file:
 +
<pre>
 +
demo    MD5-Password:= "62cc2d8b4bf2d8728120d052163a77df"
 +
        Reply-Message := "%{User-Name} authenticated successfully"
 
</pre>
 
</pre>

Revision as of 12:40, 28 October 2022

Main Page > General Information > Configuration Examples > WIFI > Setting up external Radius server for Hotspot authentication

Summary

In this example we will perform a basic external Radius server configuration and test it with RUT device for Hotspot authentication. We will use freeradius package to set up a local Radius server on Ubuntu operating system. A router with a public IP address will be directly connected to the Radius server and forward authentication requests to a LAN IP address of the server via default Radius ports.

Prerequisites

  • RUT1 - Router with a Public IP address to make local server able to accept external authentication requests
  • Ubuntu machine - To host a local freeradius server
  • RUT2 - To configure Hotspot and test Radius authentication method using our installed server

Preparing Ubuntu machine

Installing the server

Firstly, update the package list and upgrade to the latest packages: 

sudo apt update
sudo apt upgrade

Next, install freeradius package: 

sudo apt install freeradius

Defining a Client

Client - Hotspot that will use freeradius to authenticate users. In order to add/edit clients, we need to access clients.conf file, use your favourite text editor to access it: 

sudo nano /etc/freeradius/3.0/clients.conf

For this example we will add the following lines in order to accept any IP address as a client: 

client 0.0.0.0/0 {
     secret = demosecret
     shortname = 0.0.0.0/0
}

Note: IP of a specific Public IP of the client can be used instead of 0.0.0.0/0

Defining a User and Password

Before we create a user and password, let's use MD5 encryption instead of a clear text password. We will generate MD5 for demo123 password using the following command: 

echo -n demo123| md5sum | awk '{print $1}'

We will now define credentials for user demo. Use your favourite text editor to open users file: 

sudo nano /etc/freeradius/3.0/users

Add required lines to the file: 

demo     MD5-Password:= "62cc2d8b4bf2d8728120d052163a77df"
        Reply-Message := "%{User-Name} authenticated successfully"
Retrieved from "https://wiki.teltonika-networks.com/index.php?title=Setting_up_external_Radius_server_for_Hotspot_authentication&oldid=97606"