FreeRadius Server

Content

About

FreeRADIUS includes a RADIUS server, a BSD licensed client library, a PAM library, and an Apache module. In most cases, the word FreeRADIUS refers to the RADIUS server. FreeRADIUS is the most widely deployed RADIUS server in the world. It is the basis for multiple commercial offerings. It supplies the AAA needs of many Fortune-500 companies and Tier 1 ISPs. It is also widely used for Enterprise Wi-Fi and IEEE 802.1X network security, particularly in the academic community, including eduroam. The server is fast, feature-rich, modular, and scalable.
Version for Windows was dowloaded from http://www.freeradius.net/
Linux version according your Linux distribution (e.g. command "sudo apt-get install freeradius")

Version 3.0

Tested functions

2N IP Intercom	FreeRADIUS	TP-Link T1500G-10PS	MD5 Authentication	TLS Authentication
2.27.0.36.6	3.0.16

2N IP Intercom Settings

MD5 Authentication

Use an account configured at FreeRADIUS Server

TLS Authentication

You can use up to three Trusted Certificates or up to three User Certificates for different purposes on 2N IP Intercom and one of them is TLS Authentication 802.11x.

Import Certification Authority used on your FreeRADIUS server to the 2N IP Intercom. Navigate to menu System / Certificates / and click on one of free Load buttons in Trusted Certificates area, chose your file and upload it.

Import Certificate and Key prepared for FreeRADIUS server connection with the 2N IP Intercom. Navigate to menu System / Certificates / and click on the Load button in User Certificates area, chose your file with certificate, key, type the password to unlock the key and upload it.

FreeRADIUS server settings - MD5 Authentication

Allow your switch to communicate with the FreeRADIUS server in configuration file /etc/freeradius/3.0/clients.conf.

client 10.0.27.0/8 {
    secret        = switch
    shortname     = pepa
}

Prepare Device Identify and MD5 Authentication for your 2N IP Intercom in file /etc/freeradius/3.0/mods-config-files/authorize or shortcut /etc/freeradius/3.0/users.

helios75    Cleartext-Password := "hip75"

FreeRADIUS server settings - TLS Authentication

You must have prepared the clients.conf file for your switch to make it working.

Prepare your Radius Server certificates by a certificate generator and export them to PEM format. You will need Certification Authority of generated certificates, Radius server certificate and Key with password.

Edit the eap configuration file: /etc/freeradius/3.0/mods-enabled/eap and set correct path to you certificates. Pay attention to correct permitions for freeradius.service.

eap {
	default_eap_type = tls
	tls-config tls-common {
		private_key_password = YourKeyPassword
		private_key_file = /etc/ssl/private/radius.tt2n-key.pem
        certificate_file = /etc/ssl/custom/radius.tt2n-cert.pem
        ca_file = /etc/ssl/custom/2N_Test-team_CA-cacert.pem
	}
}

Version 1.1.7

Tested functions

2N IP Intercom	FreeRADIUS	Cisco SF302-08P	MD5 Authentication
2.13.0.22.1	1.1.7-r0.0.2

Configuration Guide

2N IP Intercom Settings

Use an account configured at FreeRADIUS Server

FreeRADIUS Server Settings

Configure files at \FreeRADIUS.net\etc\raddb\

Create an account for the intercom - file users.conf

helios75    User-Password == "hip75"

Allow communication with the switch - file clients.conf

client 10.0.27.0/8 {
    secret        = switch
    shortname     = pepa
}

Switch configuration is described at Cisco SF302-08P

Used Symbols

- Compatible

- Work with limitation

- Incompatible