Differences

This shows you the differences between two versions of the page.

--- en:dpi:dpi_components:freeradius:local_auth [2025/12/18 07:37] – created elena.krasnobryzh
+++ en:dpi:dpi_components:freeradius:local_auth [2025/12/18 07:39] (current) – elena.krasnobryzh
@@ Line 7: / Line 7: @@
 ===== FreeRADIUS configuration =====
   - **Disabling EAP.** within this build, disabling is not strictly required, but EAP may cause errors when enabling the ''radiusd'' unit, so it is recommended to disable it. go to the directory ''/etc/raddb/sites-available/default
-/etc/raddb/sites-enabled/inner-tunnel''\\
+/etc/raddb/sites-enabled/inner-tunnel''\\ Disable EAP in the following sections:<code bash>
-Disable EAP in the following sections:
-<code bash>
 authorize {
  #  eap {
@@ Line 19: / Line 17: @@
 post-proxy {
 #  eap
-</code>
+</code>If necessary, also remove EAP files from the modules ''/etc/raddb/mods-available/eap'' and ''/etc/raddb/mods-enabled/eap''.
-If necessary, also remove EAP files from the modules ''/etc/raddb/mods-available/eap'' and ''/etc/raddb/mods-enabled/eap''.
+  - **Client/NAS configuration.** clients here refer to RADIUS clients, in this case — fastPCRF.\\ If the FreeRADIUS server is deployed on the same node as fastPCRF, no additional configuration is required — it is enough to verify the default configuration in the file ''/etc/raddb/clients.conf''.\\ If a remote NAS needs to be defined, use the same file and add a client description, for example:<code bash>
-  - **Client/NAS configuration.** clients here refer to RADIUS clients, in this case — fastPCRF.\\
-If the FreeRADIUS server is deployed on the same node as fastPCRF, no additional configuration is required — it is enough to verify the default configuration in the file ''/etc/raddb/clients.conf''.\\
-If a remote NAS needs to be defined, use the same file and add a client description, for example:
-<code bash>
 client fastpcrf1 {
   ipaddr          = < IP >
   secret          = < SECRET >
   require_message_authenticator = yes
-}
+}</code>
-</code>
+  - **Subscriber authorization.** it is required to configure an Access-Accept template that will be generated by FreeRADIUS. to do this, add configuration to the file ''/etc/raddb/users'', explicitly allowing authorization of all requests regardless of attributes, username, or authorization type.<code bash>DEFAULT Auth-Type := Accept
-  - **Subscriber authorization.** it is required to configure an Access-Accept template that will be generated by FreeRADIUS. to do this, add configuration to the file ''/etc/raddb/users'', explicitly allowing authorization of all requests regardless of attributes, username, or authorization type.
-<code bash>
-DEFAULT Auth-Type := Accept
       User-name = "%{User-name}",
       VasExperts-L2-User = 1,
@@ Line 44: / Line 35: @@
       VasExperts-DHCP-DNS = "8.8.8.8",
       VasExperts-DHCP-DNS = "8.8.4.4"
-</code>
+</code>This template is suitable for all authorization types (DHCP, IPoE static L2, PPPoE). if the Framed-IP-Address attribute is absent in the Access-Request, FreeRADIUS sends Access-Accept with Framed-IP-Address = 0.0.0.0. fastPCRF ignores an attribute with this value, and IP address assignment is performed based on the Framed-Pool attribute. to allocate addresses from Framed-Pool, a local DHCP server must be installed and configured on the server. [[en:dpi:bras_bng:ip_pool|more details]]
-This template is suitable for all authorization types (DHCP, IPoE static L2, PPPoE). if the Framed-IP-Address attribute is absent in the Access-Request, FreeRADIUS sends Access-Accept with Framed-IP-Address = 0.0.0.0. fastPCRF ignores an attribute with this value, and IP address assignment is performed based on the Framed-Pool attribute. to allocate addresses from Framed-Pool, a local DHCP server must be installed and configured on the server. [[en:dpi:bras_bng:ip_pool|more details]]
+  - **fastPCRF settings.** configure the RADIUS server. when using a standby server, specify it after the line with the primary ''radius_server''.<code bash>radius_server=secret@127.0.0.1%lo:1812;acct_port=1813</code>
-  - **fastPCRF settings.** configure the RADIUS server. when using a standby server, specify it after the line with the primary ''radius_server''.
+  - **Verification.** first, check the FreeRADIUS configuration using the command ''radiusd –CX''.\\Then start RADIUS in debug mode using ''radiusd –X'' — all message processing will be shown in the CLI and errors will be clearly visible.\\Check authorization from the PCRF side in the file ''/var/log/dpi/fastpcrf_ap2.log''. if the system operates correctly, start FreeRADIUS in normal mode and enable autostart:<code bash>systemctl start radiusd
-<code bash>
+systemctl enable radiusd</code>
-radius_server=secret@127.0.0.1%lo:1812;acct_port=1813
-</code>
-  - **Verification.** first, check the FreeRADIUS configuration using the command ''radiusd –CX''.\\
-Then start RADIUS in debug mode using ''radiusd –X'' — all message processing will be shown in the CLI and errors will be clearly visible.\\
-Check authorization from the PCRF side in the file ''/var/log/dpi/fastpcrf_ap2.log''. if the system operates correctly, start FreeRADIUS in normal mode and enable autostart:
-<code bash>
-systemctl start radiusd
-systemctl enable radiusd
-</code>
 ===== Access-Accept template variants for different authorization types (L3, DHCP, PPPoE) =====

Profile

Settings

Differences

Differences

What were you trying to find?