Monitoring, Management & Location Tracking

Configuring FreeRADIUS to authenticate AWMS Users

This document describes configuring AWMS and FreeRADIUS so that AWMS users are authenticated against a FreeRADIUS server. The process involes making 3 configuration changes on FreeRADIUS, and defining that FreeRADIUS server as an auth server for the AWMS.

CONFIGURING FREERADIUS:

I. For each user, add an Aruba-Admin-Role attribute:

Syntax:

<username> User-Password := "<password>"
Aruba-Admin-Role = "<name of awms role>

Examples:

jane User-Password := "password123"
Aruba-Admin-Role = "AMP Administration" 

john User-Password := "topsecret"
Aruba-Admin-Role = "ResNet AP Monitoring" 
Framed-IP-Address = 192.168.1.1
Framed-IP-Netmask = 255.255.255.0

II. Define a shared secret (which also must be added on the AWMS):

In /etc/raddb/clients.conf add a section allowing the AWMS (or a network) to be a RADIUS client:

Syntax:

client <ip address or network> {
secret = <secret>
shortname = <label>
}

Example:

client 10.2.32.0/24 {
secret = airwave
shortname = corp_dev_net
}

III. Copy dictionary.aruba from the AWMS's filesystem to the FreeRADIUS server:

Location on AWMS: /opt/airwave/share/freeradius/dictionary.aruba 
Copy to this directory on FreeRADIUS: /usr/share/freeradius/dictionary.aruba

CONFIGURING AWMS:

On the AMP Setup -> Authentication page, enable RADIUS Auth, and provide the ip addresses, ports and secrets for your FreeRADIUS servers.

Version History
Revision #:
1 of 1
Last update:
‎06-06-2014 03:38 PM
Updated by:
 
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.