freeRADIUS is exactly what is says it is, an open source RADIUS server, however it can only be configured through text and configuration files on the host machine. DaloRADIUS have created a free web front end for freeRADIUS to make configuration easier.
Adding RADIUS User
User accounts are used for equipment authentication. These are the users that need to log into switches, web server etc. The equipment will need to be configured to use your RADIUS server for logins to work.
To add a user, log into a manager account (http://<ip-address>/daloradius/app/operators) and select Management -> Users -> New User. Enter a username and password, ensuring you select MD5-Password as the Password Type. Leaving this field as ClearText Password will mean that the user’s password is saved and displayed in plain text on all the web pages. To enable authentication for Cisco equipment, ensure the group Cisco Privilege 15 is applied to the user. See below if the group is missing.
Once you have created the user, ensure you enable the user in the User Listing.
Adding New Operators
Operators are the administration accounts for DaloRADIUS and can have a different password to the user accounts above. Navigate to Config -> Operators -> New Operator and add a username and password.
Cisco Authentication Attributes
Cisco equipment expects to be told a users privilege level by the RADIUS server when a user is authenticated. This is done by adding a attributes to users and groups on the RADIUS server. For Cisco equipment, this is achieved by adding a profile for Cisco users (it’s called Cisco Privilege 15 in this example) and adding an attribute called Cisco-AVpair with the value shell:priv-lvl=15
Repeat this process to set the session idle timeout in minutes.
Leave a Reply