This article demonstrates how to install and configured FreeRadius for basic authentication. By “basic authentication”, I mean we’re going to configure local users in clear text. This is the simplest way to configure FreeRadius. We’re installing this on CentOS 8.
Install the software:
yum install freeradius freeradius-utils
Add the client configuration. This allows this client only to use the radius server for authentication. We can add multiples but we’re sticking with one for now.
Edit the file “/etc/raddb/clients.conf”:
client localhost { ipaddr = 127.0.0.1 secret = password123 }
Add a user by editing the “/etc/raddb/users” file:
"testuser" Cleartext-Password := "password321"
Enable and start the service:
systemctl enable radiusd systemctl restart radiusd
Test the configuration form the localhost:
radtest testuser password321 127.0.0.1 100 password123
Enable the firewall (assuming you’re using firewalld):
firewall-cmd --add-port=1812/udp -permanent firewall-cmd --add-port=1813/udp -permanent
Alter your “client.conf” file to allow remote systems to authenticate:
client localnet { ipv4addr = * secret = password123 }
And restart the service:
systemctl restart radiusd
Issue the following command form a remote system. Make sure you install the “freeradius-utils” package on the remote system first:
# Where 10.1.2.3 is the Radius server. radtest testuser password321 10.1.2.3 100 password123