Skip to content
/ FR-RADS Public

FreeRadius Script to build and integrate PEAP MS-CHAP and MAC Based auth with IPSK support

License

Unlicense license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fumatchu/FR-RADS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

174 Commits
EASY_INSTALL
EASY_INSTALL
 
 
FR-Installer.sh
FR-Installer.sh
 
 
LICENSE
LICENSE
 
 
README
README
 
 
install.sh
install.sh
 
 

Repository files navigation

FreeRADIUS (R)ocky (A)ctive (D)irectory (S)cript Builder
A walk-thrgouh can also be seen here:
https://youtu.be/C85jCjzI6-Q

This is a script to allow a Rocky (RHEL) Server (9.x) to become an integrated Radius server to read from AD for 802.1x
The installer will integrate this server into a pre-existing AD environment, via winbind (realmd) and configure itself for
8021.x, local MAC Auth and MAC Auth IPSK in the users file. 


####Pre-requisites
You should install Rocky from scratch. 
You should make sure the server has a static IP (the script will check).
During your setup, the hostname and domain name that you specify in the GUI installer of Rocky be what you want (pointing to your AD environment).
You do not need to (nor should you) install anything. Just a fresh, minimal install. The insatller will do the rest for you. 


The Script will do the following:
  Validate that you have a static IP setup. If you do not it will guide you through changing it.
  Sets SElinux
  Adds Firewall allowances
  Enable the Rocky REPOS needed to build 
    EPEL
    CRB 
    Install the requirements
    Modify chrony to point to your AD environment
    Download and install all updates
    Prompt you for time syncronization
    Join the Server to the AD domain
    Ask for an AD testing user and password 
    Configure all files for ntlm_auth and winbind (permissions)
    Test with wbinfo -t for RPC calls 
    Validate it can see AD users and groups 
    Confirm that it can auth against AD with test user 
    Validate that MSCHAP is working from localhost. 
    Bootstrap local certificates for testing 
    Add examples for MAC auth format and IPSK at the top of the users file 
    Clean up all the install files (We like to be tidy)

####Sounds great! How do I get it?

Installing
Please see the EASY_INSTALL File 

#Installing
#Install Rocky Minimal
#https://rockylinux.org/download/
#Make sure you specify the domain name you want to use for AD.
#After the GUI install: 
#(Just copy and paste the following lines on the Rocky terminal)

cd /root/
dnf -y install wget 
wget https://raw.githubusercontent.com/fumatchu/FR-RADS/main/FR-Installer.sh
chmod 700 ./FR-Installer.sh
/root/FR-Installer.sh

About

FreeRadius Script to build and integrate PEAP MS-CHAP and MAC Based auth with IPSK support

Topics

automation scripting freeradius freeradius-setup rockylinux

Resources

Readme

License

Unlicense license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages