3.3 Configuring a FreeRADIUS Server

Perform the following steps to configure the FreeRADIUS server:

Download and install the RADIUS server 3.x version on a Linux^® machine.
Modify the text allow_vulnerable_openssl = no in /usr/local/etc/raddb/radiusd.conf to the following:
```
"allow_vulnerable_openssl= 'CVE-2016-6304' 
```
Open the file /usr/local/etc/raddb/client.conf and provide the same AP IP address and shared key as mentioned in Authenticator - AP Configuration.
```
For Example:
        client WINC1500 {
            ipaddr = 192.168.1.1
            secret = 123456789
        }
```
Generate the certificates and keys as mentioned in the Generating Certificates using openssl and copy to the /usr/local/etc/raddb/certs path.
Select EAP security for phase 1 authentication in /usr/local/etc/raddb/mods-available/eap file and modify the following in the EAP mode.
- For TTLS
```
default_eap_type = ttls
```
- For TLS
```
default_eap_type = tls
```
- For PEAP
```
default_eap_type = peap
```
Search for the string tls-config tls-common in the /usr/local/etc/raddb/mods-available/eap file and map the proper key file and certificate file as shown below. This is common for TLS, TTLS and PEAP.
```
private_key_file = ${certdir}/server.key
 certificate_file = ${certdir}/server.crt
 ca_file = ${cadir}/radius_root.crt
```
For phase 2 authentication.
- For TTLS in ttls mode
```
default_eap_type = mschapv2
```
- For PEAP in peap mode
```
default_eap_type = mschapv2
```
Configure the EAP users for the phase 2 authentication in the file mods-config/files/authorize used for MSCHAPv2.
```
DEMO_USER Cleartext-Password := “DemoPassword”
DEMO_AP Cleartest-Password := “12345678”
```
Run the RADIUS server using the radius –x command.