Skip to content

FreeRadius+RestImplement route authentication#


  1. Install freeradius
    sudo apt-get install freeradius freeradius-mysql
  2. Manually close freeradius
    service freeradius stop
  3. Give/etc/Freeradius directory authority
    sudo chmod -R 777 /etc/freeradius
    Restart freeradius if there are prompts:
    "/etc/freeradius/" is globally writable.  Refusing to start due to insecure configuration.
    You need to execute
     sudo chmod -R o-w /etc/freeradius
  4. Modify the file/etc/freeradius/3.0/Users to cancel the following code comments,As a test data
    steve        Cleartext-Password := "testing"
            Service-Type = Framed-User,
            Framed-Protocol = PPP,
            Framed-IP-Address =,
            Framed-IP-Netmask =,
            Framed-Routing = Broadcast-Listen,
            Framed-Filter-Id = "std.ppp",
            Framed-MTU = 1500,
            Framed-Compression = Van-Jacobsen-TCP-IP
  5. Restart freeradius (-X means debugging)
    sudo freeradius -X
  6. Open a new terminal for testing,The parameters are user names、password、IP and port、key(KEY is /etc/freeradius/3.0/clients.Secret in Conf)
    radtest steve testing localhost 1812 testing123
    The client expects the results as follows BnTOMc.png The expected result of the server is as follows BnTPC5.png You can see the successful verificationAccess From the above server output description, the following information can be obtained The above is a Request,Then Radius is verified,Notice,The file he executes is/etc/freeradius/3.0/sites-enabled/default,Among them, the Authorize module is where he reads the authentication configuration information,You can see that here are all false,The description has failed,Then he prompts User-Name=notfound,Explain that the user name is not found,Then returned a information that was certified。

FreeRadiusSupport REST login#

  1. Open/etc/freeradius/3.0/sites-enabled/default file
    Add Auth to Authenticate node-Type
    Auth-Type rest{
  2. Create soft links
    cd /etc/freeradius/3.0/mods-enabled
    ln -s ../mods-available/rest .
  3. exist/etc/freeradius/3.0/In users file,Configure identity verification type
    DEFAULT Auth-Type := rest
  4. Revise/etc/freeradius/3.0/mods-available/rest
    Note the content of the following nodes
    Edit Authorize node
    authorize {
        uri = ""
        method = 'post'
        body = 'json'
        data = '{ "username": "%{User-Name}", "password": "%{User-Password}" }'
    Edit Authenticate node
    authenticate {
        uri = ""
        method = 'post'
        body = 'json'
        data = '{ "username": "%{User-Name}", "password": "%{User-Password}" }'
    Note that the URI in the AUTHORIZE and Authenticate nodes above needs to be replaced with the login address provided by the Radius server plug -in
  5. Open the external network connection Modify the file (/etc/freeradius/3.0/clients.conf),The iPaddr here is the client local IP
    client test_client {
        ipaddr =
        secret = testing123
    At the same time, open port 1812 of the UDP protocol of the cloud server
  6. Start the radius service
    sudo freeradius -X
    If the prompt port is occupied, you can run first
    ps aux | grep radius Find the process
    sudo kill -9 3452 Kill process
  7. Test login
    radtest admin admin localhost 1812 testing123