Radiusd Labs

Will use Radiusd-cistron-1.6.4


A-    Radiusd installation and configuration 

Installation

ftp noc.t1.ws.afnog.org (anonymous FTP)
get radiusd-cistron-1.6.4.tar.gz from pub to /tmp
untar the archive
go to src
"make"  your Makefile
make
make dbm
make install

Configuration

Radiusd
Configure the client file /etc/raddb/clients
Configure users profile /etc/raddb/users
Start radiusd /usr/local/sbin/radiusd -xy

Clients

1- Test your radiusd with radtest
radtest user password localhost 1 testing123
localhost is a client of your radiusd with the share secret " testing123" (see the clients file)

2-    Configure your NAS (CISCO router)

Enable securtity on your Cisco router

aaa new-model
aaa authentication login default group  radius
aaa authentication ppp pppusers group radius
aaa authorization exec group radius
aaa authorization network  group radius
aaa accounting exec start-stop radius
aaa accounting network start-stop radius
radius-server host your-radius-server-ip auth-port 1812 acct-port 1813
radius-server key share-secret

* Replace "your-radius-server-ip" by the ip of your radius server

* Replace "share-secret" by the key to be used in the clients file

Give an ip address to your router's ethernet interface
ip classless
ip subnet-zero
interface eth0
ip address x.x.x.x  255.255.255.192
no shutdown

add your Cisco router as client in the radiusd clients file

edit /etc/raddb/clients and add the line :

your-Cisco- router-IP        share -secret

Authenticate access to your NAS and check your radiusd log file /var/log/radius.log

Please do not save the configuration to your router Nvram
.

3-    Configure the PAM module pam_radius.so  to  authenticate ftp users by radius

    a- Your PC is a radius client. Add the appropriate line to the radiusd clients file

   b- Create the file /etc/radius.conf
      Add the following line:
      auth radius-server  share-secret*

Replace "radius-server" by the the IP of your radius server
Replace "share-secret" by the share secret you used in clients file

   c- edit the file /etc/pam.conf
       add the following to ftpd authentication (before the required statment)

ftpd     auth     sufficient    pam_radius.so    try_first_pass

ftp your pc and check /var/log/radius. log file.


B-     ROAMING

Set up  ROAMING Service  with clearinghouse on intructor computer and forwarding server on student's computer. Authenticate users using realm

C-     Scaling radiusd

1- Build users database
2-Use  PAM  to authenticate  users with the db passwd  /etc/pwd.db , /etc/spwd.db