Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • Download the latest version of Freeradius 3 (FR3)

    Code Block
    [[email protected] ~]# wget
  • Extract the FR3 source code

    Code Block
    [[email protected] ~]# tar -jxf freeradius-server-3.0.15.tar.bz2
  • Compile and install FR3


    If you are using edushib vm image, you may need to install some additional libraries:

    Code Block
    [[email protected] ~]# yum install -y libtalloc-devel libtool libtool-ltdl-devel net-snmp-devel net-snmp-utils readline-devel libpcap-devel libcurl-devel openldap-devel python-devel mysql-devel sqlite-devel unixODBC-devel freetds-devel samba4-devel json-c-devel
    Code Block
    [[email protected] ~]# cd freeradius-server-3.0.15
    [[email protected] freeradius-server-3.0.15]# ./configure --prefix=/opt/freeradius-server-3.0.15
    [[email protected] freeradius-server-3.0.15]# make
    [[email protected] freeradius-server-3.0.15]# make install
  • Download and run the installation kit

    Code Block
    [[email protected] raddb]# cd /root
    [[email protected] ~]# wget http
    [[email protected] ~]# cd eduroam-my-freeradius-config
    [[email protected] eduroam-my-freeradius-config-test]# ./setup_irs 
    ======= Setup .my IRS configuration =======
    1) Input your reaml (e.g. ' :
    2) Input your secret key (e.g. 'eduroamkey') : eduroammy
    3) Input your Freeradius 3 installation directory (e.g. '/opt/freeradius-server-3.0.15') : /opt/freeradius-server-3.0.15
    4) Input your host certificate private key file (e.g. '/etc/letsencrypt/live/') : /etc/letsencrypt/live/
    5) Input your host certificate public key file (e.g. '/etc/letsencrypt/live/') : /etc/letsencrypt/live/
  • Test run


    You must turn off the radsecproxy and freeradius(2) service and inform the NRO admin before you proceed with the following steps

    Code Block
    [[email protected] eduroam-my-freeradius-config-test]# cd /opt/freeradius-server-3.0.15/etc/raddb
    [[email protected] raddb]# ../../sbin/radiusd -X
  • Should there is no error/misconfigure, you could link back the FR3 with the user database/directory service. For AD user you could perform the following commands:

    Code Block
    [[email protected] raddb]# cp /etc/raddb/modules/mschap /opt/freeradius-server-3.0.15/etc/raddb/mods-available
    [[email protected] raddb]# ln -s /opt/freeradius-server-3.0.15/etc/raddb/mods-available/mschap /opt/freeradius-server-3.0.15/etc/raddb/mods-enabled/mschap

    , while for LDAP user, you could perform the following commands:

    Code Block
    [[email protected] raddb]# cp /etc/raddb/modules/ldap /opt/freeradius-server-3.0.15/etc/raddb/mods-available
    [[email protected] raddb]# vi /opt/freeradius-server-3.0.15/etc/raddb/mods-available/ldap
    add the following config:
    user {
       		base_dn = "ou=users,dc=idp,dc=university,dc=edu,dc=my" <- change with your base_dn
    		filter = "(eduPersonPrincipalName=%{Stripped-User-Name})"	<- change the eduPersonPrincipalName with your user ID attribute
    update {
    		control:Password-With-Header    += 'userPassword'
    		control:NT-Password     		:= 'sambaNTPassword'		
    		control:LM-Password				:= 'sambaLMPassword'
    [[email protected] raddb]# ln -s /opt/freeradius-server-3.0.15/etc/raddb/mods-available/ldap /opt/freeradius-server-3.0.15/etc/raddb/mods-enabled/ldap
  • To run the FR3 in the background, perform the following commands:

    Code Block
    [[email protected] raddb]# cp /opt/freeradius-server-3.0.15/sbin/rc.radiusd /etc/rc.d/init.d/
    [[email protected] raddb]# service rc.radiusd start