Skip to content
View in the app

A better way to browse. Learn more.
Gear Crushers

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

How to install FreeRadius Server on Ubuntu Server 12.04

wildweaselmi
in DEB based

Featured Replies

Here are the commands I used to get the Free Radius Server installed on my Ubuntu Server 12.04 for the purpose of authenticating on my Cisco Hardware using RADIUS credentials.



Install the necessary applications



sudo apt-get install mysql-client mysql-server

sudo apt-get install freeradius freeradius-utils freeradius-mysql

sudo apt-get install php5 php-pear php5-gd php-DB






Test Radius

radtest [user] localhost testing123

radtest user1 supersecret localhost 1812 testing123[/code]


[i](of course it will fail because you haven't added any users yet)[/i]



[b]Add Radius User[/b]

sudo nano /etc/freeradius/users




ADD:

user1 Cleartext-password := "supersecret"

Service-Type = NAS-Prompt-User,

cisco-avpair = "shell:priv-lvl=15"

sudo service freeradius restart




(go to test radius section and try again)



Add Clients

sudo nano /etc/freeradius/clients.conf




ADD @ END:

client 192.168.1.30 {

secret=network

shortname=router

nastype=cisco

}

sudo service freeradius restart




(NOTES: secret=pre-shared key, shortname=can be anything, nastype=other,cisco,livingston,etc)



Configure Cisco IOS Client (192.168.1.30) to authenticate with Radius Server (192.168.1.21)

config t

username ciscoadmin secret ciscopwd

aaa new-model

aaa authentication login AUTH group radius local enable


aaa authentication login default radius local

aaa authorization exec default radius local

enable secret pass#1234

radius-server host 192.168.1.21 auth-port 1812 key network

line vty 0 5

login authentication AUTH

copy run start

exit

aaa authentication banner x

@@@@@@@@@@@@@@@@@@@@@@@@@@@

ACCESS RESTRICTED

@@@@@@@@@@@@@@@@@@@@@@@@@@@

aaa authentication username-prompt USER=>

aaa authentication password-prompt PASSWORD=>

aaa authentication fail-message Login Incorrect L

@@@@@@@@@@@@@@@@@@@@@@@@@@@

INCORRECT

@@@@@@@@@@@@@@@@@@@@@@@@@@@

aaa authentication fail-message # Login Incorrect #

copy run start


  • Moderators

So close... I had only a few objectives

  1. Central user management for Cisco control = RADIUS or TACACS (which I prefer RADIUS because it works on more than Cisco stuff)
  2. Set and Pass on privilege set (0-15) per user = RADIUS or TACACS
  3. Show who logged in where and what commands where issued (All I see is TACACS doing that, not so much RADIUS)


  • Author

You may want to check out TACACS...





Believe me, I would love RADIUS to work as well since so many applications utilize RADIUS for authentication but honesty you can't beat TACACS (or tac_plus) for authentication for Cisco hardware. Especially when you want to limit what commands can be used. TACACS goes way above and beyond just using the privilege level set.



Create an account or sign in to comment
Go to topic listing

Important Information

By using this site, you agree to our Terms of Use.

I accept

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.