Professional Documents
Culture Documents
http://support.automation.siemens.com/WW/view/en/103156513
This entry is from the Siemens Industry Online Support. The general terms of use
(http://www.siemens.com/terms_of_use) apply.
Security Siemens provides products and solutions with industrial security functions that
informa- support the secure operation of plants, solutions, machines, equipment and/or
tion networks. They are important components in a holistic industrial security
concept. With this in mind, Siemens products and solutions undergo continuous
development. Siemens recommends strongly that you regularly check for
product updates.
For the secure operation of Siemens products and solutions, it is necessary to
take suitable preventive action (e.g. cell protection concept) and integrate each
component into a holistic, state-of-the-art industrial security concept. Third-party
products that may be in use should also be considered. For more information
about industrial security, visit http://www.siemens.com/industrialsecurity.
To stay informed about product updates as they occur, sign up for a product-
specific newsletter. For more information, visit
http://support.automation.siemens.com.
Table of Contents
1 Introduction ........................................................................................................ 3
Siemens AG 2014 All rights reserved
1 Introduction
1.1 About This Document
This document describes how to configure Free Radius server.
Acronym
RF Radio Frequency
CPE Subscriber station
BS Base Station
System RUGGEDCOM WIN BS and RUGGEDCOM WIN CPE
AAA server Authentication, Authorization and Accounting server
RADIUS Remote Authentication Dial In User Service. The protocol is in use
between various networking devices and AAA and is needed for
user authentication purposes.
X.509 Standard format for security certificates
NAI Network Access Identifier
The first time after installation, you should run the server as "root". This will cause
the server to create the certificates it needs for EAP. These certificates will be
further replaced by the relevant server certificates (see chapter 3.1).
After first run, the server can be run from an unprivileged user account.
Siemens AG 2014 All rights reserved
All the relevant configuration files will be located in the raddb directory.
In Free Radius 2.0.3 the directory path is: /usr/local/etc/raddb
The certificates shall be located in the certs directory: /usr/local/etc/raddb/certs
3.2.2 Clients.conf
Clients.conf file shall be configured with the expected radius client IP address and
secret.
Radius client IP and secret shall be according to the values configured in the BS (in
SA mode) or ASNGW (in ASN mode).
For example:
client localhost {
ipaddr = 192.168.101.11 // BS IP
netmask = 32
secret = Cisco // The password must be the same as configured in the BS.
}
To test that the FreeRadius is functioning correctly, use the local radclient that
simulates ASNGW Radius request. Issue the following command as an example:
[root@ raddb]# echo User-Name = username,Password=password |
/usr/bin/radclient localhost:1812 auth radclient_secret -x
Expected output:
Sending Access Request of id 133 to 127.0.0.1 port 1812
User-Name = username
Password = password
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=133, length=20
3.3.2 Logging