FreeRADIUS is an open source, high-performance, and modular RADIUS server that is used for centralized authentication, authorization, and accounting management. In this tutorial, we will show you how to install FreeRADIUS on OpenBSD.
Before we install FreeRADIUS, we need to install some dependencies on our system. Open a terminal and run the following commands to update the system and install the required packages:
$ doas pkg_add -u
$ doas pkg_add -i freeradius3 perl
Once the dependencies have been installed, we need to configure FreeRADIUS. The configuration files for FreeRADIUS are stored in /etc/raddb.
To copy the default configuration files for FreeRADIUS, run the following command:
$ doas cp -R /usr/local/share/freeradius3/raddb /etc
Now, we need to generate a secret key to secure communications between the RADIUS server and clients. We can use the radtest tool to generate the secret key. Run the following command to generate a secret key:
$ doas radtest username password localhost 0 testing123
This command will generate a secret key and output it to the console. Copy the secret key and paste it in the clients.conf file. Open the clients.conf file:
$ doas vi /etc/raddb/clients.conf
And add the following block at the end of the file:
client localhost {
ipaddr = 127.0.0.1
secret = <enter secret key here>
}
Replace <enter secret key here> with the secret key you generated with radtest.
Next, we need to enable the FreeRADIUS service at boot time. Open the /etc/rc.conf.local file:
$ doas vi /etc/rc.conf.local
And add the following line at the end of the file:
radiusd_flags=""
Once the configuration is complete, we can start the FreeRADIUS service. To start the service, run the following command:
$ doas /etc/rc.d/radiusd start
To verify that FreeRADIUS is running, run the following command:
$ doas /etc/rc.d/radiusd status
This command will output the status of the FreeRADIUS service.
To test the installation, we can use the radtest tool to authenticate a user. Run the following command:
$ doas radtest username password localhost 0 testing123
This command will attempt to authenticate the user with the RADIUS server. If the authentication is successful, you will see a message similar to the following:
Sent Access-Request Id 1 from 0.0.0.0:44150 to 127.0.0.1:1812 length 74
User-Name = "username"
User-Password = "password"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "password"
Received Access-Accept Id 1 from 127.0.0.1:1812 to 127.0.0.1:44150 length 20
This indicates that the authentication was successful.
Congratulations! You have successfully installed FreeRADIUS on OpenBSD. Now you can use it to manage centralized authentication, authorization, and accounting.
If you want to self-host in an easy, hands free way, need an external IP address, or simply want your data in your own hands, give IPv6.rs a try!
Alternatively, for the best virtual desktop, try Shells!
