Enabling RadSec on FreeRADIUS Server

Follow the below steps to enable RadSec on FreeRADIUS Server:

1. This is a basic FreeRADIUS configuration example added for reference only.

   Caution:

   Consult your vendor documentation or your IT team to enable and configure RadSec on your RADIUS server.
2. Before making any configuration changes, stop the radiusd service:

   systemctl stop radiusd

3. Enable the TLS virtual server:

   cd /etc/raddb/sites-enabled
   ln -s ../sites-available/tls

4. Copy your certificates under default directory (for example: /etc/raddb/certs/ directory).
5. Edit the /etc/raddb/sites-available/tls configuration file and add the certificate paths for private_key_file, certificate_file, ca_file inside the tls {} block under both the sections: listen {} and home_server tls {}.
6. Edit the tls virtual server configuration in the /etc/raddb/sites-available/tls file, in order to add definitions for the clients by extending the clients radsec {} section.

   vi /etc/raddb/sites-available/tls

   ...
    
   clients radsec {
      ...
      ...
          client _CLIENT_NAME {
                  ipaddr = _OCOM_IP
                  proto = tls
                  virtual_server = default
          }
   }
    
   ...
   

7. Replace:
   1. _CLIENT_NAME with any name of your choice
   2. Replace _OCOM_IP with the IP address of your OCOM
   3. A secret does not have to be specified for RadSec clients, as the default is radsec. If you specify a secret, then that will be used instead of radsec
8. Start radiusd service:

   systemctl start radiusd

9. Now your radius server accepts RadSec request from the Operations Monitor.

   Caution:

   Refer to the following official link for enabling RadSec with Enable RadSec.