The clients File
First, take a look at the /etc/raddb/clients file. This file lists the hosts authorized to hit the FreeRADIUS server with requests and the secret key those hosts will use in their requests. Some common entries are already included in the /etc/raddb/clients file, so you may wish to simply uncomment the appropriate lines. Make sure the secret key that is listed in the clients file is the same as that programmed into your RADIUS client equipment. Also, add the IP address of a desktop console machine with which you can test your setup using a RADIUS ping utility. A sample clients file looks like this:
# Client Name Key #---------------- ---------- #portmaster1.isp.com testing123 #portmaster2.isp.com testing123 #proxyradius.isp2.com TheirKey localhost testing123 192.168.1.100 testing123 tc-clt.hasselltech.net oreilly
Tip
It’s recommended by the FreeRADIUS developers that users move from the clients file to the clients.conf file. The clients.conf file will be addressed later in Chapter 6, but for the sake of simplicity and startup testing, I will continue using the plain clients file in this introduction.
While it may seem obvious, change the shared secrets from the defaults in the file or the samples listed previously. Failing to do so presents a significant security risk to your implementation and network.