How to configure/test freeradius with TCP
Freeradius is running by default on port 2083. It is configured to use the same certificate as haproxy. There are no additional steps necessary for TCP to run with freeradius..
In order to integrated an external service, the following needs to be done:
take the password for the integration
grep secret /opt/veridiumid/freeradius/etc/raddb/sites-available/tls
if necessary, disable require_client_cert = no in /opt/veridiumid/freeradius/etc/raddb/sites-enabled/tls.
configure in /opt/veridiumid/freeradius/etc/raddb/sites-enabled/tls specific client in clients radsec (map the source IP to the client)
define in websecadmin in freeradiusconfig.json, allowed methods
"radseclocalhost": {
"authentication_methods_allowed": [
"OTP",
"PUSH"
]
}