This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
unifi:freeradius [2015/11/01 11:50] – brielle | unifi:freeradius [2015/11/01 12:02] – brielle | ||
---|---|---|---|
Line 2: | Line 2: | ||
These are example configuration files for use with FreeRADIUS 2.2.5 on a Debian Jessie system. | These are example configuration files for use with FreeRADIUS 2.2.5 on a Debian Jessie system. | ||
- | **1)** | + | ===== Create Necessary Certificates ===== |
+ | |||
+ | Follow guide [[http:// | ||
+ | |||
+ | You'll need to put the '' | ||
+ | |||
+ | ===== Set up eap.conf ===== | ||
+ | Below is an example of what you need to put in ''/ | ||
+ | |||
+ | < | ||
+ | ## | ||
+ | ## eap.conf -- Configuration for EAP types (PEAP, TTLS, etc.) | ||
+ | ## | ||
+ | |||
+ | eap { | ||
+ | default_eap_type = md5 | ||
+ | timer_expire | ||
+ | ignore_unknown_eap_types = no | ||
+ | cisco_accounting_username_bug = no | ||
+ | max_sessions = ${max_requests} | ||
+ | |||
+ | md5 { | ||
+ | } | ||
+ | |||
+ | leap { | ||
+ | } | ||
+ | |||
+ | gtc { | ||
+ | # | ||
+ | auth_type = PAP | ||
+ | } | ||
+ | |||
+ | tls { | ||
+ | certdir = ${confdir}/ | ||
+ | cadir = ${confdir}/ | ||
+ | private_key_password = whatever | ||
+ | private_key_file = ${certdir}/ | ||
+ | certificate_file = ${certdir}/ | ||
+ | CA_file = ${cadir}/ | ||
+ | dh_file = ${certdir}/ | ||
+ | random_file = / | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | CA_path = ${cadir} | ||
+ | # | ||
+ | # | ||
+ | cipher_list = " | ||
+ | # | ||
+ | make_cert_command = " | ||
+ | ecdh_curve = " | ||
+ | cache { | ||
+ | enable = no | ||
+ | lifetime = 24 # hours | ||
+ | max_entries = 255 | ||
+ | } | ||
+ | |||
+ | verify { | ||
+ | #tmpdir = / | ||
+ | #client = "/ | ||
+ | } | ||
+ | ocsp { | ||
+ | enable = no | ||
+ | override_cert_url = yes | ||
+ | url = " | ||
+ | # use_nonce = yes | ||
+ | # timeout = 0 | ||
+ | # softfail = no | ||
+ | } | ||
+ | } | ||
+ | |||
+ | ttls { | ||
+ | default_eap_type = md5 | ||
+ | copy_request_to_tunnel = no | ||
+ | use_tunneled_reply = yes | ||
+ | virtual_server = " | ||
+ | # | ||
+ | } | ||
+ | peap { | ||
+ | default_eap_type = mschapv2 | ||
+ | copy_request_to_tunnel = no | ||
+ | use_tunneled_reply = yes | ||
+ | # | ||
+ | virtual_server = " | ||
+ | #soh = yes | ||
+ | # | ||
+ | } | ||
+ | |||
+ | mschapv2 { | ||
+ | # | ||
+ | } | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | ===== Set up clients.conf ===== | ||
+ | You'll need a client configuration for each Unifi device (or device group) that will be querying the FreeRADIUS server. | ||
+ | |||
+ | **Note:** //each device (such as a UAP) will need to have to connectivity to the FreeRADIUS server - this includes both a network route, and TCP/UDP ports 1812 and 1813.// | ||
+ | |||
+ | In ''/ | ||
+ | < | ||
+ | client 192.168.0.0/ | ||
+ | | ||
+ | nastype | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | You can use single IPs ('' |