Differences

This shows you the differences between two versions of the page.

--- unifi:freeradius [2015/11/01 11:55] – brielle
+++ unifi:freeradius [2017/09/25 10:05] (current) – [Set up the users file] brielle
@@ Line 9: / Line 9: @@
 ===== Set up eap.conf =====
-In ''/etc/freeradius'', you'll find ''eap.conf''.
+Below is an example of what you need to put in ''/etc/freeradius/eap.conf'' to handle the proper authentication methods, as well as enable future functionality.
-Below is an example of what you need to put in ''eap.conf'' to handle the proper authentication methods, as well as enable future functionality.
 <code># -*- text -*-
@@ Line 99: / Line 97: @@
 ===== Set up clients.conf =====
+You'll need a client configuration for each Unifi device (or device group) that will be querying the FreeRADIUS server.
+**Note:** //each device (such as a UAP) will need to have to connectivity to the FreeRADIUS server - this includes both a network route, and TCP/UDP ports 1812 and 1813.//
+In ''/etc/freeradius/clients.conf'', add one group like:
+<code>
+client 192.168.0.0/24 {
+ 	secret		= CHANGEME
+        nastype           = other
+}
+</code>
+You can use single IPs (''192.168.0.2'' or ''2001::beef'') or netblocks (''192.168.0.0/24'' or ''2001:beef::/64''), and the device with that single IP or devices within that netblock will use the password specified as 'CHANGEME'.
+===== Set up the users file =====
+Users can be manually set up with entries in ''/etc/freeradius/users''.
+A basic user example is:
+<code>
+joeuser 	Cleartext-Password := "passwordhere"
+</code>
+A more complex one that also involves setting a VLAN that a user is part of:
+<code>
+joeuser 	Cleartext-Password := "passwordhere"
+		Tunnel-Type = 13,
+		Tunnel-Medium-Type = 6,
+		Tunnel-Private-Group-Id = 2
+</code>
+''Tunnel-Private-Group-Id'' is set to the VLAN ID you wish the user to be assigned when they connect.

The Summit Open Source Development Group

User Tools

Site Tools

Differences

Page Tools