• Clone the repository from Github

    git clone https://github.com/ubuntunet/eduroam_radius.git
  

• Change into the newly created directory

    cd eduroam_radius
  

• Copy the inventory template

    cp inventories/template inventories/<tld_institution>
  

• Open your new inventory and replace

 - FQDN or IP with the actual URL/IP of your server

• <tld_institution> with your actual inventory file name

• Copy the group_vars template

    cp group_vars/template group_vars/<tld_institution>
  

• Adopt the variables in group_vars/<tld_institution> to your liking

• Copy the clients template, where you'll be adding the information about the clients that are connecting to your Radius server

    cp group_vars/clients.yml.example group_vars/clients.yml
  

• Create the secret.yml file that contains your sensitive information. Add your credentials.

    cp group_vars/secrets.yml.example group_vars/secrets.yml
  

• Run the playbook and make sure it finishes without error messages. Whenever you change something in the playbook, just replay this command.

    ansible-playbook -i inventories/<tld_institution> eduroam_idp.yml
  

• Open group_vars/clients.yml

• Copy/Paste the client entry MyOtherAP

• Change the name, IP address and shared secret

• Re-run the playbook with the clients tag, which will only copy the clients.conf file making for a faster deployment

    ansible-playbook -i inventories/<tld_institution> --tags "clients" eduroam_idp.yml
  

    radtest [user] [password] localhost:[port (default is 1812)][nas-port-number(default 0)][shared_secret]

and check for an "Access-Accept" in the response.

• Run radtest remotely if you have enabled the static test user

    ansible radius -i inventories/<tld_institution> -a "radtest test mySecret localhost:1812 0 testing123"
  

• Run the Freeradius service manually to see what is happening at the server side

  • Log into your machine

  • Stop the freeradius daemon

        sudo service freeradius stop 
    

  • Start it manually in debug mode

        sudo freeradius -X
    

See also http://deployingradius.com/scripts/eapol_test

• Enable eapol_test role in your group_vars file

      play_eapol: True
  

• Re-run playbook

      ansible-playbook -i inventories/<tld_institution> eduroam_idp.yml          
  

• Log into the server

• Have a look at the configuration test file in your home folder

      vi ~/peap-mschapv2.conf
  

• Run the test

      eapol_test -c ~/peap-mschapv2.conf -s testing123