Running radsecproxy service on Windows
| Warning |
|---|
| (community |
...
| note: |
...
| this |
...
| page |
...
| is |
...
| still |
...
| under |
...
| construction |
...
| and |
...
| subject |
...
| to |
...
| changes) |
Currently, when deploying eduroam, you require a RADIUS (or RADIUS/TLS) server. Traditionally, deploying a Linux or BSD server has been the standard option. This gives you access to a variety of products that speak RADIUS (and RADIUS/TLS).
...
The Linux-native code for radsecproxy currently includes some functionality that is used by more advanced operators (notably eduroam national operators) who want to use DNS-based dynamic peer discovery. That part of the code is currently not Windows compatible and won't build on Cygwin either. Additional work to add alternative code for Windows is in progress. A A pull request to exclude the Linux-native dynamic peer discovery code on Windows is here: https://github.com/radsecproxy/radsecproxy/pull/161
...
Running instructions (basics)
- Unzip zip file into
C:\radsecproxy - Copy
C:\radsecproxy\radsecproxy.conf-exampletoradsecproxy.conf - Edit configuration in
radsecproxy.conf - Run
cmd.exe(as user or admin) cd C:\radsecproxy- Execute
c:\radsecproxy\radsecproxy.exe -c ./radsecproxy.confIt'll take a little while to start, but then should return to command-line. You might see two warnings about secret length if you used short secrets (like 'testing' or 'testing123'). - Close cmd.
- Open your Task Manager, search for radsecproxy... it should be there
Windows Firewall
Windows servers come with an application firewall. On Windows 2019 in particular, a bug prevents NPS from properly accepting (and sending) packets over RADIUS (see Meraki Community and Microsoft topics on this). You should probably define four new policies (two inbound, two outbound) in the Windows Firewall:
...
Most functionality in radsecproxy remains unchanged. If you are familiar with radsecproxy configuration files, then this should be easy to deploy. On Windows, as documented in existing code, the CACertificatePath option is unavailable. Use a certificate bundle with the CACertificateFile option instead.
To point to paths, use the file:///C:/This/Windows/Path/To/File.ext format instead (for a drive-less path, you will end up with file://// instead). This is particularly important for the radsecproxy log file and any certificates that you may have.
...
To see how to set up a heartbeat for Windows, look at the Jisc topic here: https://communitysupport.jisc.aceduroam.uk/community/library/network-and-technology-service-docs/configuring-eduroam-heartbeat-your-visitor-network