From 0c40732dd361c6fc39a77373b33f4c54cebd2c02 Mon Sep 17 00:00:00 2001 From: sspencerwire Date: Mon, 16 Sep 2024 09:41:02 -0500 Subject: [PATCH] Light editing `freeradius_server.md` (#2384) * Replace "we" with "you" universally * reword all passive voice to active voice * Some sentence simplification * replace conjunctions with words --- .../security/freeradius_radius_server.md | 21 +++++++++---------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/docs/guides/security/freeradius_radius_server.md b/docs/guides/security/freeradius_radius_server.md index 5578dc7bd3..1e854a5cb3 100644 --- a/docs/guides/security/freeradius_radius_server.md +++ b/docs/guides/security/freeradius_radius_server.md @@ -1,7 +1,7 @@ --- title: FreeRADIUS RADIUS Server author: Neel Chauhan -contributors: +contributors: Steven Spencer tested_with: 9.4 tags: - security @@ -13,17 +13,16 @@ tags: RADIUS is an AAA (authentication, authorization and accounting) protocol to manage network access. [FreeRADIUS](https://www.freeradius.org/) is the de-facto RADIUS server for Linux and other Unix-like systems. - ## Prerequisites and assumptions -The following are minimum requirements for using this procedure: +The following are minimum requirements for this procedure: * The ability to run commands as the root user or use `sudo` to elevate privileges * A RADIUS client, such as a router, switch or Wi-Fi access point ## Installing FreeRADIUS -We can install FreeRADIUS from the `dnf` repositories: +You can install FreeRADIUS from the `dnf` repositories: ```bash dnf install -y freeradius @@ -53,9 +52,9 @@ user Cleartext-Password := "password" Replace `user` and `password` with the respective desired username and password. -Keep in mind that the password isn't hashed so if an attacker gets hold of the `users` file they could gain unauthorized access to your protected network. +Know that the password is not hashed, so if an attacker gets hold of the `users` file they could gain unauthorized access to your protected network. -You could also do an `MD5`-hashed or `Crypt`-hashed password. To generate an MD5-hashed password, run: +You can also do an `MD5`-hashed or `Crypt`-hashed password. To generate an MD5-hashed password, run: ```bash echo -n password | md5sum | awk '{print $1}' @@ -69,7 +68,7 @@ You will get a hash of `5f4dcc3b5aa765d61d8327deb882cf99`. In `users` file, inse user MD5-Password := "5f4dcc3b5aa765d61d8327deb882cf99" ``` -We will also need to define clients. This is to prevent unauthorized access to our RADIUS server. Edit the `clients.conf` file: +You will also need to define clients. This is to prevent unauthorized access to our RADIUS server. Edit the `clients.conf` file: ```bash vi clients.conf @@ -83,11 +82,11 @@ client 172.20.0.254 { } ``` -Replace `172.20.0.254` and `secret123` with the IP address and secret value to be used by the client. This can be repeated for multiple clients. +Replace `172.20.0.254` and `secret123` with the IP address and secret value the clients will use. Repeat this for many clients. ## Enabling FreeRADIUS -After the initial configuration is completed, we can start `radiusd`: +After the initial configuration, you can start `radiusd`: ```bash systemctl enable --now radiusd @@ -95,7 +94,7 @@ systemctl enable --now radiusd ## Configuring RADIUS on a switch -After setting up the FreeRADIUS server, we will configure a RADIUS client on the author's MikroTik switch as a wired 802.1X client: +After setting up the FreeRADIUS server, you will configure a RADIUS client on the author's MikroTik switch as a wired 802.1X client: ```bash /radius @@ -104,4 +103,4 @@ add address=172.20.0.12 secret=secret123 service=dot1x add interface=combo3 ``` -Replace `172.20.0.12` with the FreeRADIUS server's IP address and `secret123` with the secret we set earlier. +Replace `172.20.0.12` with the FreeRADIUS server's IP address and `secret123` with the secret you set earlier.