note from :
https://wiki.freeradius.org/guide/Getting%20Started
Installing the Server
we assume that you can install the server via something like yum install freeradius, or apt-get install freeradius.
Note that in Debian-based systems, the server daemon is called
freeradius /instead of radiusd
The configuration files are also located in
/etc/freeradius/ instead of /etc/raddb/.
Starting the server
When the server has been installed on a new machine, the first step is to start it in debugging mode, as user root:
# radiusd -X
If the output says Ready to process requests, then all is well.
Starting the server When the server has been installed on a new machine, the first step is to start it in debugging mode, as user root:
radiusd -X
This step demonstrates that the server is installed and configured properly. If the output says Ready to process requests, then all is well.
Initial Tests
Testing authentication is simple. Edit the users file
etc/raddb/mods-config/files/authorize
and add the following line of text at the top of the file, before anything else:
testing Cleartext-Password := "password"
Start the server in debugging mode (radiusd -X), and run radtest from another terminal window:
$ radtest testing password 127.0.0.1 0 testing123
format is :
$ radtest
Usage: radtest [OPTIONS] user passwd radius-server[:port] nas-port-number secret
You should see the server respond with an
Access-Accept
then congratulations, the following authentication methods now work for the testing user:
PAP, CHAP, MS-CHAPv1, MS-CHAPv2, PEAP, EAP-TTLS, EAP-GTC, EAP-MD5.
and test123 in command line is secret defined in
etc/raddb/client.conf
like as :
secret = testing123
Adding a client
When we discuss clients, we mean clients of the RADIUS server, e.g.
- wireless access point,
- network switch or
- other form of NAS.
NOT the network clients - such as laptops, tablets etc - they do not talk directly to the RADIUS server.
The above test runs radtest from localhost. It is useful to add a new client, which can be done by editing the
etc/raddb/clients.conf
file. Add the following content:
client new {
ipaddr = 192.0.2.1
secret = testing123
}
You should change the IP address 192.0.2.1 to be the address of the client which will be sending Access-Request packets.
The client should also be configured to talk to the RADIUS server, by using the IP address of the machine running the RADIUS server. The client must use the same secret as configured above in the client section.
Then restart the server in debugging mode, and run a simple test using the testing user. You should see an Access-Accept in the server output
The following steps outline the best known method for configuring the server. Following them lets you create complex configurations with a minimum of effort. Failure to follow them leads to days of frustration and wasted effort.
Configuring the Server
Changing the server configuration should be done via the following steps:
- Start with a "known working" configuration, such as supplied by the default installation.
- Make one small change to the configuration files.
- Start the server in debugging mode (radiusd -X).Verify that the results are what you expect
The debug output shows
- any configuration changes you have made.
- Databases (if used) are connected and operating.
- Test packets are accepted by the server.
The debug output shows that the packets are being processed as you expect.
If anything goes wrong,double-check the configuration; read the entire debug output, looking for words like error or warning. These messages usually contain descriptions of what went wrong, and suggestions for how it can be fixed. Also see an explanation of the debug output and the debug form;
on Mac OS X
first search radius by brew search
brew search radius
result :
==> Formulae
freeradius-server ✔
then install by :
brew install freeradius-server
setup site :
/usr/local/Cellar/freeradius-server/3.0.19_1
stop service :
open ActivityMonitor kill radiusd
