Local user and password can be kept clear-text or hash in Freeradius. Or, if desired, it can be defined as an user on the Linux server.
I prefer to keep the password information as a hash on freeradius without creating any user in linux.
Let the user password be hello_buddy. With the radcrypt command, we can obtain the MD5 hash of our password.
For the same password can be created for the same password, don’t be surprised.
radius# radcrypt –md5 ‘hello_buddy‘
radius# $1$5bSRqmel$Paji0b5JV4gRC.uAmqlGA1
I am creating an users for Cisco devices (we can use the same in Brocade and HPE Aruba):
For the password, “” (quotes) must be placed at the beginning and at the end of the hash.
radius# vi /etc/freeradius/3.0/users
network-admin Crypt-Password := “$1$5bSRqmel$Paji0b5JV4gRC.uAmqlGA1“
cisco-avpair = “shell:priv-lvl=15“,
Service-Type = Administrative-User
# For Enterasys switches:
admin-enterasys Crypt-Password := “$1$5bSRqmel$Paji0b5JV4gRC.uAmqlGA1“
Filter-ID := “Enterasys:version=1:mgmt=su”
PS:
To enable following lines shouldbe added to freeradius configuration.
$enab15$ Cleartext-Password := “ENABLE_PASS”
I define the IP subnet of the network devices that will be used in Freeradius. I define MySecretKey*2020 as the secret key. I will also use this secret key on network devices.
radius# vi /etc/freeradius/3.0/clients.conf
client network-1 {
ipaddr = 10.0.0.0/8
secret = MySecretKey*2020
}
client network-2 {
ipaddr = 192.168.0.0/16
secret = MySecretKey*2020
}
Restart Freeradius services:
radius# systemctl restart freeradius
If necessary for troubleshooting something you can run freeradius in debug mode:
radius# freeradius -X
CISCO switch configurations::
The switch will first look at the radius server, and if it cannot reach it, it will try the local database.
aaa new-model
aaa authentication login default group radius local
aaa authentication login console group radius local
aaa authentication enable default group radius enable
aaa authorization console
aaa authorization exec default group radius local
Notes to Myself 