Home‎ > ‎SSO Single Sign-On‎ > ‎

Using Freeradius server to authenticate with Google as IdP (No hotspot method)

Using Freeradius server to authenticate with Google as IdP (No hotspot method)
This guide shows how to configure freeradius server in order to allow wifi devices to authenticate with Google Apps credentials. This guide was written using a Debian based ( e.g. Ubuntu ) linux distribution. In other distributions just change the "apt-get" to their respective package manager tool., Freeradius only runs over Linux based operating systems.

Please replace appsedudemo.com with your domain , 23.251.152.8 with your freeradius server IP address and 72.14.226.9 with you wireless device public IP address.


Prerequisites:


  • Linux distribution

  • Freeradius installed

  • Google Apps domain

  • UDP ports ( 1812 , 1813 and 1814 ) opened on the firewall


Instructions:

  • Install Freeradius follow the Installing Freeradius guide
  • You will need root permissions.
    • $ su
  • Go to /etc/freeradius folder
    • $ cd /etc/freeradius
  • Download the auth-google.sh script and give execution permissions to freerad user and group.
    • $ wget http://sso.appsedudemo.com/auth-google.sh
    • $ chown freerad:freerad auth-google.sh 
    • $ chmod +x auth-google.sh
  • Edit the users file, and append the following lines to bottom.
    • $ nano users
DEFAULT Auth-Type := Accept
        Exec-Program-Wait = "/etc/freeradius/auth-google.sh %{User-Name} %{User-Password} %{client:secret} %{%{Called-Station-Id}:-Missing} %{%{NAS-IP-Address}:-Missing} %{%{Calling-Station-Id}:-Missing} %{%{NAS-Port-Type}:-Missing} %{Vendor-Specific}" ,
        Fall-Through = no

  • Configure the clients.conf file append the following lines to bottom (replace the IP address).
    • you will need to get the client public IP of the wireless device that will connect to server. If you are on the same network that the device you can check from this page http://www.whatismyip.com/ or directly from the device on the WAN IP address. Please replace this IP on the given example.
    • And replace the domain with yours (you can add more than one domain or subdomain with a comma without a space, example: @appsedudemo,@gfunze.com).
    • $ nano clients.conf
client 72.14.226.9  {
secret:=@appsedudemo.com
}
  • Server side is now ready to work, now follow one of the WiFi devices set-up.
    • Configure a Wifi device to authenticate with Google Apps accounts via WAP.


Comments