Setting up Freeradius2 to use LDAP
This guide covers encrypted connections between clients and the RADIUS server through a supplicant or wireless access device. This guide is also limited in the scope of FreeRADIUS configuring it to be an integrated solution to provide WPA2 Infrastructure mode for a wireless access point.
Deprecated
Installing FreeRADIUS on ClearOS 5.2 SP2
For ClearOS 5.2, run your updates. For older versions, you must upgrade to 5.2 before you can use this module.
yum update
Install the FreeRadius service by running the following from command line:
yum --enablerepo=base-plus install app-freeradius service syswatch restart
Configuring FreeRadius
In Webconfig, click on the RADIUS server link under
Starting RADIUS
To start the service, click Start. To make the service start automatically on each reboot, click To Auto
Group Control
You may assign a group to authenticate through your RADIUS server. Select a group and click Update.
Remote Devices
To allow a remote device to use the RADIUS server, give the client remote device(s) a nickname without spaces. Insert an IP address or CIDR. Select a password to be used by these client devices and click Add.
Supplication (Wireless Access Point)
Your wireless access point will have a section where you can set WPA2 Infrastructure Mode. (TDB later, it is late)
Clients
Windows XP/Vista/7
Mac OSX
Additional Settings
PAP
You can also have the LDAP authenticate through PAP locally by changing the following items.
/etc/raddb/sites-enabled/default
uncomment ldap in the authorization section. comment unix in the authorization section.
#unix ldap
/etc/raddb/ldap-attrmap
Add checkItem for pcnMicrosoftPassword in the appropriate section…
checkItem NT-Password pcnMicrosoftNTPassword checkItem Auth-Type radiusAuthType checkItem Simultaneous-Use radiusSimultaneousUse
Test
Test this from command line using the radtest command:
radtestlocalhost 10