How to Install FreeRADIUS on OpenBSD

FreeRADIUS is an open source, high-performance, and modular RADIUS server that is used for centralized authentication, authorization, and accounting management. In this tutorial, we will show you how to install FreeRADIUS on OpenBSD.

Prerequisites

  • OpenBSD installed on your system
  • A user account with sudo privileges

Step 1: Installing Dependencies

Before we install FreeRADIUS, we need to install some dependencies on our system. Open a terminal and run the following commands to update the system and install the required packages:

$ doas pkg_add -u
$ doas pkg_add -i freeradius3 perl

Step 2: Configuring FreeRADIUS

Once the dependencies have been installed, we need to configure FreeRADIUS. The configuration files for FreeRADIUS are stored in /etc/raddb.

To copy the default configuration files for FreeRADIUS, run the following command:

$ doas cp -R /usr/local/share/freeradius3/raddb /etc

Now, we need to generate a secret key to secure communications between the RADIUS server and clients. We can use the radtest tool to generate the secret key. Run the following command to generate a secret key:

$ doas radtest username password localhost 0 testing123

This command will generate a secret key and output it to the console. Copy the secret key and paste it in the clients.conf file. Open the clients.conf file:

$ doas vi /etc/raddb/clients.conf

And add the following block at the end of the file:

client localhost {
  ipaddr = 127.0.0.1
  secret = <enter secret key here>
}

Replace <enter secret key here> with the secret key you generated with radtest.

Next, we need to enable the FreeRADIUS service at boot time. Open the /etc/rc.conf.local file:

$ doas vi /etc/rc.conf.local

And add the following line at the end of the file:

radiusd_flags=""

Step 3: Starting FreeRADIUS

Once the configuration is complete, we can start the FreeRADIUS service. To start the service, run the following command:

$ doas /etc/rc.d/radiusd start

To verify that FreeRADIUS is running, run the following command:

$ doas /etc/rc.d/radiusd status

This command will output the status of the FreeRADIUS service.

Step 4: Testing the Installation

To test the installation, we can use the radtest tool to authenticate a user. Run the following command:

$ doas radtest username password localhost 0 testing123

This command will attempt to authenticate the user with the RADIUS server. If the authentication is successful, you will see a message similar to the following:

Sent Access-Request Id 1 from 0.0.0.0:44150 to 127.0.0.1:1812 length 74
User-Name = "username"
User-Password = "password"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "password"
Received Access-Accept Id 1 from 127.0.0.1:1812 to 127.0.0.1:44150 length 20

This indicates that the authentication was successful.

Congratulations! You have successfully installed FreeRADIUS on OpenBSD. Now you can use it to manage centralized authentication, authorization, and accounting.