Radiator Setup and Configuration Example
Radiator RC.D File Example# Commands for Release 3.6 on RedHat 9 # Last updated 08-25-2003 # By Bret Jordan # # Items in RED need to be configured for your setup at a minimum # http://www.open.com.au/radiator/index.html # --------------------------- # Fix LANG variable on RH9 # --------------------------- edit /etc/sysconfig/i18n change line LANG="en_US.UTF-8" to LANG="en_US" logout and log back in # --------------------------- # Update Perl Modules # --------------------------- perl -MCPAN -e shell install Bundle::CPAN reload cpan install MD5 install Digest::HMAC_MD5 install Digest::HMAC_SHA1 In order to install the Net::SSLeay module you need to get the RPM http://www.rpmfind.net//linux/RPM/contrib/libc6/i386/perl-Net-SSLeay-1.22-2.i386.html http://www.bacus.pt/Net_SSLeay/ rpm -ivh perl-Net-SSLeay-1.22-2.i386.rpm # --------------------------- # Make Directories and Copy Files # --------------------------- mkdir /usr/local/radiator mkdir /usr/local/radiator/etc mkdir /usr/local/radiator/etc/cert mkdir /var/log/radiator cp Radiator-3.6.tgz.tar /usr/local/radiator/ cp patches-3.6.tar.gz.tar /usr/local/radiator/ # --------------------------- # Unpack Files # --------------------------- cd /usr/local/radiator mv Radiator-3.6.tgz.tar Radiator-3.6.tgz mv patches-3.6.tar.gz.tar patches-3.6.tar.gz gunzip Radiator-3.6.tgz gunzip patches-3.6.tar.gz tar -xvf Radiator-3.6.tar rm Radiator-3.6.tar -f mv patches-3.6.tar Radiator-3.6/ cd Radiator-3.6/ tar -xvf patches-3.6.tar rm patches-3.6.tar -f # --------------------------- # Build Files # --------------------------- cd /usr/local/radiator/Radiator-3.6/ perl Makefile.PL make # --------------------------- # Create User to run Radiator # --------------------------- adduser radius -u 400 -s /sbin/nologin # --------------------------- # Change file permissions # --------------------------- cd /usr/local chown -R radius radiator/ chgrp -R radius radiator/ chmod 500 radiator/ cd /usr/local/radiator chmod 500 * cd /usr/local/radiator/Radiator-3-6 chmod -R go-rwx * chmod -R u-w * cd /var/log chown radius radiator/ chgrp radius radiator/ chmod 700 radiator/ # --------------------------- # Copy certs # --------------------------- # Add root CA cert and server cert to /usr/local/radiator/etc/cert # --------------------------- # Edit Configuration File # --------------------------- # Edit /usr/local/radiator/etc/radius.cfg # ---------------------------------------- # Allow the following traffic on the local firewall (iptables) # ---------------------------------------- # Allow my APs 10.0.0.0/24 to auth to my Radius Server 10.0.1.1 -A INPUT -p udp -i eth0 -s 10.0.0.0/24 -d 10.0.1.1 --dport 1812 -j ACCEPT -A INPUT -p udp -i eth0 -s 10.0.0.0/24 -d 10.0.1.1 --dport 1813 -j ACCEPT # Allow my server 10.0.1.1 to auth against another Radius Server 192.168.1.1 -A INPUT -p udp -i eth0 -s 192.168.1.1 --sport 1812 -d 10.0.1.1 --dport 1814 -j ACCEPT -A INPUT -p udp -i eth0 -s 192.168.1.1 --sport 1813 -d 10.0.1.1 --dport 1814 -j ACCEPT # Allow another Radius Server 192.168.1.1 to auth against my server 10.0.1.1 -A INPUT -p udp -i eth0 -s 192.168.1.1 --sport 1814 -d 10.0.1.1 --dport 1812 -j ACCEPT -A INPUT -p udp -i eth0 -s 192.168.1.1 --sport 1814 -d 10.0.1.1 --dport 1813 -j ACCEPT # ---------------------------------------- # Allow the following traffic on the outbound interface for the VLAN # ---------------------------------------- # Allow my APs 10.0.0.0/24 to auth to my Radius Server 10.0.1.1 permit udp 10.0.0.0 0.0.0.255 host 10.0.1.1 eq 1812 permit udp 10.0.0.0 0.0.0.255 host 10.0.1.1 eq 1813 # Allow my server 10.0.1.1 to auth against another Radius Server 192.168.1.1 permit udp host 192.168.1.1 eq 1812 host 10.0.1.1 eq 1814 permit udp host 192.168.1.1 eq 1813 host 10.0.1.1 eq 1814 # Allow another Radius Server 192.168.1.1 to auth against my server 10.0.1.1 permit udp host 192.168.1.1 eq 1814 host 10.0.1.1 eq 1812 permit udp host 192.168.1.1 eq 1814 host 10.0.1.1 eq 1813 # --------------------------- # Start Server or use Following rc.d file # --------------------------- /usr/bin/perl radiusd -config_file /usr/local/radiator/etc/radius.cfg
