February 1st, 2003, 03:35 PM
HOW TO: Install Cistron RADIUS on Linux
I've had some good feedback on my W2K RADIUS doc, so here is another one I wrote for the Linux platform. I personally use this one and love it!
Installing Cistron radius on a Linux platform
1.Download the software from ftp://ftp.radius.cistron.nl/pub/radius/ Download the file : radiusd-cistron-1.6.6.tar.gz
2.From the directory where you downloaded the software, unzip the software with the following command: gunzip radius-cistron-1.6.6*
3.Now you must untar the file with the following command: tar –xvf radius-cistron*
4.This creates a directory radius-cistron-1.6.6. Type cd radius-cistron-1.6.6/src From this directory, type cp Makefile.lnx ./Makefile When prompted cp: overwrite ‘./Makefile’? type y.
6.Type make install
7.Type cd ../redhat From here you need to edit two lines in rc.radiusd-redhat. Type vi rc.radiusd-redhat Use the arrow keys to move the cursor down to the line RADIUSD=/usr/sbin/radiusd. Place the cursor on the s of sbin and hit the i key. This will allow you to insert text. Add local/ and hit the Esc key. Move down to the next line and edit the line RADRELAY. Again, move the cursor on the s of sbin, and hit the i key. Type local/ and hit Esc. To save you changes, type :wq and hit enter. If you make any mistakes, type Esc and then type :q! which allows you to quit without writing any changes to the file.
8.You now need to copy this file to another directory. Type cp ./rc.radiusd-redhat /etc/rc.d/init.d/radiusd
9.Now type cd /etc Type vi inittab In this file there is a line id:x:initdefault where the x is a number representing the default run level of the system. This number tells us which directory to install radius as a service. Remember the number, and type :q to quit.
10.Type cd rc.d/rcx.d where x is the number from the inittab file. In this directory, type ln /etc/rc.d/init.d/radiusd S27radiusd (The first two characters are LN, but they must be lower case.)
11.The configuration files for radius are stored in /etc/raddb There are two files that you need to edit, users and clients. First, edit the clients. This file controls what servers are allowed to attach to the radius server for authentication. There are a couple of default entries already in the file. If you are running the radius server on the vpn server, then keep the client localhost, but change the testing123 to a different key. When you setup the vpn server, make sure you give it the server address localhost, and the new secret key.
12.To add users, edit the users file. To add a user, you need to add the following two lines:
Userid Auth-Type = Local, Password = “password”
Service-Type = Framed-User
13.To start and stop the service, cd /etc/rc.d/rcx.d where x is your run level. Type ./S27radiusd start/stop to start or stop the service. You will need to restart the service after changes are made to the clients or users files in /etc/raddb.
If anyone has interest in setting LDAP on W2K, just send me a message. I had the joy of setting that up about 6 months ago. Like anything else I do, I document the hell out of it.
Hope this helps.