Install FreeRADIUS and configure it to use PAM for EAP authentication in a way that is compatible with eduroam.
This role is designed to be played on Ubuntu. It has been tested with Ubuntu 16.04 LTS.
Users will need RADIUS detail from their own eduroam national roaming operator.
FreeRADIUS config is largely in accordance with GÉANT's documentation, available at https://wiki.geant.org/display/H2eduroam/freeradius-idp
eduroam_flr_servers- a list of eduroam federation-level RADIUS servers. For each server, the following should be provided (defaults to using the South African eduroam FLR servers):name- hostname of the FLR serverip- IP address of the FLR serverport- port of the FLR serversecret- the RADIUS secret negotiated with the NRO/FLR operator
radius_realm- the Realm to use for your users, typically your primary DNS domain name (defaults toexample.ac.za)radius_local_users- a list of local "files" users to create. For each user, the following should be provided (defaults to creating an nren_radius_test user):usernamepassword
- Pluggable Authentication Module (PAM)
use_pam- set toyesto enable use of PAM for authentication (defaults tono)pam_service_name- the name of the PAM service we should install (defaults toradiusd)
send_cui- whether to send Chargeable-User-Identity (defaults toyes)send_username- whether to send a real User-Name back (defaults tono). Setting this toyeshas privacy implications, but can be useful for debugging.
Since Ubuntu 16.04 LTS still uses FreeRADIUS 2.2.8, this role installs a FreeRADIUS 3.0.x series package from an Ubuntu PPA.
See https://github.com/safire-ac-za/eduroam-imap-playbook/
MIT https://github.com/safire-ac-za/eduroam-imap-playbook/LICENSE
Guy Halse http://orcid.org/0000-0002-9388-8592, Tertiary Education and Research Network of South Africa.