Ansible Playbook for an eduroam IdP/Radius server

Provisioning

Clone the repository from Github

  git clone https://github.com/ubuntunet/eduroam_radius.git

Change into the newly created directory
```
  cd eduroam_radius
```

Copy the inventory template

  cp inventories/template inventories/<tld_institution>

Open your new inventory and replace

- FQDN or IP with the actual URL/IP of your server

<tld_institution> with your actual inventory file name

Copy the group_vars template

  cp group_vars/template group_vars/<tld_institution>

Adopt the variables in group_vars/<tld_institution> to your liking
Copy the clients template, where you'll be adding the information about the clients that are connecting to your Radius server
```
  cp group_vars/clients.yml.example group_vars/clients.yml
```
Create the secret.yml file that contains your sensitive information. Add your credentials.
```
  cp group_vars/secrets.yml.example group_vars/secrets.yml
```
Run the playbook and make sure it finishes without error messages. Whenever you change something in the playbook, just replay this command.
```
  ansible-playbook -i inventories/<tld_institution> eduroam_idp.yml
```

Adding a new client/access point (AP)

Open group_vars/clients.yml
Copy/Paste the client entry MyOtherAP
Change the name, IP address and shared secret
Re-run the playbook with the clients tag, which will only copy the clients.conf file making for a faster deployment
```
  ansible-playbook -i inventories/<tld_institution> --tags "clients" eduroam_idp.yml
```

How do I check if it works?

Using radtest

    radtest [user] [password] localhost:[port (default is 1812)][nas-port-number(default 0)][shared_secret]

and check for an "Access-Accept" in the response.

Run radtest remotely if you have enabled the static test user

  ansible radius -i inventories/<tld_institution> -a "radtest test mySecret localhost:1812 0 testing123"

Run the Freeradius service manually to see what is happening at the server side
- Log into your machine
- Stop the freeradius daemon
```
    sudo service freeradius stop 
```
- Start it manually in debug mode
```
    sudo freeradius -X
```

Using eapol_test

See also http://deployingradius.com/scripts/eapol_test

Enable eapol_test role in your group_vars file
```
    play_eapol: True
```

Re-run playbook

    ansible-playbook -i inventories/<tld_institution> eduroam_idp.yml

Log into the server
Have a look at the configuration test file in your home folder
```
    vi ~/peap-mschapv2.conf
```

Run the test

    eapol_test -c ~/peap-mschapv2.conf -s testing123

Name		Name	Last commit message	Last commit date
Latest commit History 141 Commits
group_vars		group_vars
inventories		inventories
roles		roles
.gitignore		.gitignore
.gitmodules		.gitmodules
.travis.yml		.travis.yml
CHANGELOG.md		CHANGELOG.md
README.mdown		README.mdown
Vagrantfile		Vagrantfile
ansible.cfg		ansible.cfg
clients.yml.enc		clients.yml.enc
eduroam_idp.yml		eduroam_idp.yml
secrets.yml.enc		secrets.yml.enc

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Ansible Playbook for an eduroam IdP/Radius server

Provisioning

Adding a new client/access point (AP)

How do I check if it works?

Using radtest

Using eapol_test

About

Releases

Packages

Contributors 2

ubuntunet/eduroam_radius

Folders and files

Latest commit

History

Repository files navigation

Ansible Playbook for an eduroam IdP/Radius server

Provisioning

Adding a new client/access point (AP)

How do I check if it works?

Using radtest

Using eapol_test

About

Topics

Resources

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Packages