How to install and Activate FreeRADIUS on PFSense

Currently All devices in the internet service provider network have functions that have been determined in a network design. The person who holds access rights to network devices is someone who understands the design topology and functions in the network.

Therefore, one of the most important things to ensure that all devices function properly is to ensure that these devices can only be accessed by authorized people. The access right is authentication and valid authorization to gain access to the device. In the device software, users and their authority are defined based on company policies. So, in each device memory is stored database users.

Freeradius or RADIUS is an abbreviation for Remote Access Dial, which is used in User Services. Freeradius was first developed by Livingston Enterprises. Radius is a computer security network protocol used to create controlled access management on large networks. RADIUS is defined in RFC 2865 and RFC 2866. RADIUS is commonly used by companies to manage internet access for clients.

The RADIUS protocol is a rule that supports various method mechanisms for sending sensitive user data to and from the authentication server. In the context of countermeasures Disasters make it possible to develop many information systems and information technology applications. Because the development is not designed to be integrated with each other, it is possible for duplication of user information to occur so that optimizing the server radius for the PHP-based multi-web application login process becomes an alternative solution that makes it easier to manage users in many separate applications.

In this article, we will explain the installation and configuration process of Freeradius on a PFSense 2.7.2-RELEASE (amd64).


1. Install Freeradius

Freeradius pada PFSense memiliki paket PKG khusus. Jadi, Anda langsung dapat memasang Freeradius. Tapi sebelum Anda memasang Freeradius, kami menyarankan untuk melakukan update paket PKG PFSense. Agar lebih mudah, proses update akan kita lakukan dengan perintah shell. Pastikan SSH telah anda aktifkan. Berikut ini cara update paket PKG PFSense dengan peritnah shell.

Update package PKG PFSense
[2.7.2-RELEASE][root@ns3.kursor.my.id]/root: pkg update
[2.7.2-RELEASE][root@ns3.kursor.my.id]/root: pkg upgrade
After that, you can immediately install Freeradius with a GUI display. Click System ->> Package Manager. After that you select "Available Packages". In the Search term menu, type "freeradius". Click the Install button to start the installation process. Look at the following image.




2. Freeradius Configuration Process

The next step is the configuration process. This process is very important, because it will determine whether the Freeradius server is running or not. To start configuration, you click Services ->> FreeRADIUS, you will be displayed the main Freeradius configuration page.

The first process you have to do is create a Freeradius user. Click the "Add" button on the users menu. In this example, we will create:
user: steve
password: testing

Fill in the columns according to the image below. Others just leave it at default.



After that, click the NAS / Clients menu. In the General Configuration option, you fill in according to your needs. In this example we will create a client as follows:
Client IP Address: 192.168.7.1 (LAN Network IP address)
Client Shortname: radiuslocal
Client Shared Secret: testing123

For more details, pay attention to the following image, leave the rest as default.



We continue in the "Interfaces" section. It's easier for you to just follow the instructions in the following image.




3. Create Ownership and Testing

By default the Freeradius application in PFSense has the user and group "freeradius". We will give file ownership rights to the Freeradius application. Run the chown command to grant file ownership rights, as in the example below.

Create Ownership
[2.7.2-RELEASE][root@ns3.kursor.my.id]/root: chown -R freeradius:freeradius /usr/local/etc/raddb/
[2.7.2-RELEASE][root@ns3.kursor.my.id]/root: chown -R freeradius:freeradius /var/log/radius.log
[2.7.2-RELEASE][root@ns3.kursor.my.id]/root: chown -R freeradius:freeradius /var/run/radiusd/
In the Settings, EAP, SQL, LDAP menu, just leave the default, no need to change it. Then the next step is to check Freeradius, whether it is running or not. Run the command below to find out whether Freeradius is running or not?.

Test Freeradius
[2.7.2-RELEASE][root@ns3.kursor.my.id]/root: radtest steve testing 192.168.7.1 1812 testing123
Sent Access-Request Id 152 from 0.0.0.0:b460 to 192.168.7.1:1812 length 75
	User-Name = "steve"
	User-Password = "testing"
	NAS-IP-Address = 192.168.7.1
	NAS-Port = 1812
	Message-Authenticator = 0x00
	Cleartext-Password = "testing"
Received Access-Accept Id 152 from 192.168.7.1:714 to 192.168.7.1:46176 length 20
If it says "Received Access-Accept", it means that your Freeradius server is running normally and is ready to use.
Iwan Setiawan

I Like Adventure: Mahameru Mount, Rinjani Mount I Like Writer FreeBSD

Post a Comment

Previous Post Next Post