Versions Compared

Old Version 1

changes.mady.by.user Unknown User (swinter)

Saved on

compared with

New Version 2

changes.mady.by.user Unknown User (swinter)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Base configuration / logging / F-Ticks

Client definition

FreeRADIUS defines the connected RADIUS clients in the file /etc/raddb/clients.conf. This file needs to hold all your connected Access Points and/or wired eduroam-enabled switches. You set a shared secret for each client and define these in the config file as follows:

Code Block

 client antarctica-access-point-1 {
    ipaddr         = 172.25.1.55
    netmask        = 32
    secret         = yoursecret12345
    shortname      = southpole-11g
    virtual_server = eduroam
}

There are more (optional) settings for clients; please consult the comments in clients.conf for more detail. One option, the "virtual_server" one, enables your RADIUS server to serve more purposes than only eduroam: you can define several other virtual servers for other RADIUS purposes, and link clients to these. That is beyond the scope of this documentation, though.

If you want to connect your clients over IPv6, the syntax is only slightly different:

Code Block

 client antarctica-access-point-2 {    ipv6addr       = 2001:db8:1:789::56
    netmask        = 128
    secret         = yoursecretABCDE
    shortname      = southpole-11n
    virtual_server = eduroam
}

Request forwarding

FreeRADIUS contains a wealth of options to define how requests are forwarded. These options are defined in the file /etc/proxy.conf. For a single eduroam SP, these may seem overkill, but the required definitions for that purpose are rather static. Assuming you have two upstream servers to forward requests to, the following configuration will set these up - you only need to change the IP addresses and shared secrets in home_server stanzas.

Code Block

proxy server {
        default_fallback        = yes
}

home_server antarctica-flr-1 {
        type                    = auth+acct
        ipaddr                  = 172.20.1.2
        port                    = 1812
        secret                  = secretstuff
        status_check            = status-server
}

home_server antarctica-flr-2 {
        type                    = auth+acct
        ipv6addr                = 172.25.9.3
        port                    = 1812
        secret                  = secretstuff
        status_check            = status-server
}

home_server_pool EDUROAM {
        type                    = fail-over
        home_server             = antarctica-flr-1
        home_server             = antarctica-flr-2}

realm DEFAULT {
        pool                    = EDUROAM
        nostrip
}

Goodies

Caveats