Post date: Jul 4, 2011 1:41:21 PM
From Andrew Macpherson
A few extra hints on setting up one's own Radius server for Locustworld compatible systems
Simple config
Install freeradius (eg unpack the RPMs of freeradius and freeradius-mysql)
edit /etc/raddb/dictionary to add the Locustworld attribute/value information append the following to the end of the file
# LocustWorld dictionary
ATTRIBUTE LW-class 560 integer
VALUE LW-class Public 3
VALUE LW-class Member 2
VALUE LW-class Owner 1
# End LocustWorld dictionary
Next clients.conf --- you may be able to localise this somewhat
client 0.0.0.0/0 {
secret = testing
shortname = Mesh-Clients
nastype = other
}
The important address is the external uplink address (or the outside of any nating router) ie the nearest point on the visible Internet. If you're not sure log on to wiana and see what address is reported for your connexion, but remember that it might change if you are on a DHCP link.
Configure up radius.conf and sql.conf
Edit user / password in sql.conf, and grant access to your chosen identities eg
mysql radius grant all on radius.* to radius@localhost identified by 'You will never guess' ;
then tell the mysql daemon to reload it's permissions table
mysqladmin reload
Check iptables on your radius server to ensure that you are allowing traffic to your radius program eg
-A INPUT -p udp -m udp --dport 1812 -j ACCEPT -A INPUT -p udp -m udp --dport 1813 -j ACCEPT
Although we don't seem to use the accounting side of Radius at all so the second line may well be redundant.
Now configure WIANA with the address of your radius server for your mesh appliances:
Core Settings menu
External radius: my.ip.addr:1812
The fun part is the Extra features menu the radio button Radius only local Set it to no and the string typed in will be forwarded as the username, set it to yes and I observed a 4 part string seperated by colons ':'
eg CQX:<Radius local Prefix>:<Lock to realm prefix>:username
CQX seems to be entirely arbritary, the Radius local Prefix seems to be configurable and if one sets the Lock to realm prefix to none then the string dummy appears
Given this one probably wants to set radius only local to no