Installing RADIUS-Bridge on a Linux Endpoint
Introduction
RADIUS (Remote Authentication Dial-In User Service) is a protocol that provides centralized authentication, authorization, and accounting (AAA) for users who connect to a network. RADIUS is widely used in various network access technologies, including wireless networks, VPNs, and dial-up services. The protocol enables network administrators to manage access policies and ensure that only authorized users can access network resources. RADIUS operates by securely passing authentication data between the client, the RADIUS server, and the network access device, often using a shared secret for encryption.
Overview
This guide provides detailed instructions for installing and configuring RADIUS-Bridge on a Linux endpoint. Follow these steps carefully to ensure a successful setup.
Prerequisites
- Linux Machine: Ubuntu/Debian recommended
- Access: Root/sudo privileges required
- Network Connectivity: Stable internet connection needed
- Port 1812: Must be available for RADIUS authentication
Installation Process
1. Initial Setup
- Access the AuthNull Dashboard
- Navigate to the Endpoint Page
- Go to RADIUS section
- Select RADIUS under Add Radius Device
2. Shared Secret Configuration
Choose one of the following options:
- Auto-Generate: Let the system create a secure shared secret
- Custom: Create your own shared secret meeting these requirements:
- Minimum 15 characters
- Must include uppercase and lowercase letters
- Must include numbers and special characters
3. Installation Script Deployment
Execute these commands in sequence:
# Download the installation script
sudo wget https://github.com/authnull0/windows-endpoint/raw/linux-agent/agent/linux-agent/install_agent.sh -O install_agent.sh
# Make the script executable
sudo chmod +x install_agent.sh
# Run the installation script
sudo ./install_agent.sh
4. Installation Verification
Check the FreeRADIUS service status:
# Check service status
sudo systemctl status freeradius
Verify configuration in debug mode:
# Run in debug mode
sudo freeradius -XC
5. Local User Testing
i. Add a test user by editing the users file:
# Edit users configuration file sudo nano /etc/freeradius/3.0/users
ii. Add the following configuration:
username ClearText-Password := "password" Reply-Message := "Hello, %{User-Name}"
iii. Test authentication:
# Test local authentication radtest username password localhost 0 testing123
RADIUS Module Configuration
1. Configure RADIUS Client
Edit the clients configuration file:
# Edit RADIUS client configuration
sudo nano /etc/freeradius/3.0/clients.conf
Add this configuration block:
client name {
ipaddr = <IP-ADDRESS>
secret = <SHARED-SECRET>
require_message_authenticator = yes
}
2. AuthNull Module Setup
i. Create the module configuration:
# Create AuthNull module configuration
sudo nano /etc/freeradius/3.0/mods-available/authnull_2fa
ii. Add the following configuration:
exec authnull_2fa {
wait = yes
program = "/usr/local/bin/authnull_2fa '%{User-Name}'"
shell_escape = yes
timeout = 30
delay = 2
}
iii. Enable the module:
# Navigate to mods-enabled directory
cd /etc/freeradius/3.0/mods-enabled
# Create symbolic link
sudo ln -s ../mods-available/authnull_2fa
Verification and Monitoring
System Checks
- Verify service status:
# Check RADIUS service status sudo systemctl status freeradius
- Monitor logs:
# Monitor RADIUS logs in real-time sudo tail -f /var/log/freeradius/radius.log
Security Best Practices
Shared Secret Management
- Store securely
- Rotate regularly
- Use strong encryption
Access Control Measures
- Limit server access
- Monitor logs regularly
- Keep software updated
Network Security
- Configure firewall rules
- Use secure protocols
- Conduct regular security audits
Troubleshooting Guide
Service Issues
If the service won’t start, verify:
- Port availability
- Configuration syntax
- System resources
- Service logs
Authentication Problems
If authentication fails, check:
- Shared secret configuration
- NPS settings
- Network connectivity
- Log files for errors
Connection Problems
Troubleshooting steps:
- Verify network connectivity
- Check port accessibility
- Test local authentication
- Review firewall configuration