Installation Of FreeRADIUS On CentOS And Ubuntu

FreeRADIUS is a modular, high performance free RADIUS suite developed and distributed under the GNU General Public License on its second version. It is a free and open source tool. The FreeRADIUS Suite includes a RADIUS server, a BSD-licensed RADIUS client library, a PAM library, an Apache module, and numerous additional RADIUS related utilities and development libraries

In this article we will show you how you can install and setup the FreeReadius tool in a centOS and Ubuntu systems.

Features of FreeRadius

FreeRADIUS is the most popular open source RADIUS server and the most widely deployed RADIUS server in the world. It supports all common authentication protocols, and the server comes with a PHP-based web user administration tool called dialupadmin.

Modules included with the server core support LDAP, MySQL, PostgreSQL, Oracle, and many other databases. It supports all popular EAP authentication types, including PEAP and EAP-TTLS.

FreeRADIUS is also the only open source RADIUS server to support virtual servers. The use of virtual servers means that complex implementations are simplified and ongoing support and maintenance costs for network administrators are greatly reduced.

Installation of FreeRadius

For the installation we will not use the same command with centOS and Ubuntu. So with CentOS 5 we use the following command:

yum install freeradius2 freeradius2-mysql freeradius2-utils mysql-server –y

with centOS 6 we use the following command:

yum install freeradius freeradius-mysql freeradius-utils mysql-server -y

While with Ubuntu we use the following command:

apt-get install freeradius freeradius-mysql freeradius-utils mysql-server

then we will setup the MySQL by using the following commands:

For CentOS:
service mysqld start
For Ubuntu:
service mysql start

And to set a new password and the security settings we will use the following commands:

/usr/bin/mysql_secure_installation

Generally, the common issues are from the cPanel servers, so it is important to check the knowledge base to fix the problems coming from cPanel servers. And to create the Radius database we will use the following command:

mysql

Or

mysql -uroot -p

Later you will be asked to give your MySQL root password, so enter your password and now use the following command to create the database:

CREATE DATABASE radius;
GRANT ALL PRIVILEGES ON radius.* TO [email protected] IDENTIFIED BY "radpass";
flush privileges;

Now after making the installation, we will import the tables for radius using the following command:

mysql> use radius;
For CentOS:
SOURCE /etc/raddb/sql/mysql/schema.sql
For Ubuntu :
SOURCE /etc/freeradius/sql/mysql/schema.sql

And don’t forget to exit using the following command:

exit

Now open up using the following commands:

For CentOS:
 /etc/raddb/sql.conf
 For Ubuntu:
 /etc/freeradius/sql.conf

You have to enter your mysql database details already created, you find in following command an example:

# Connection info:
       server = "localhost"
       #port = 3306 login = "radius"
       password = "mypassword"

       # Database table configuration for everything except Oracle
       radius_db = "radius"

Then you have to check that in /etc/raddb/radiusd.conf directory the following line is uncommented:

$INCLUDE sql.conf

Then edit the /etc/raddb/sites-available/default and uncomment the line containing ‘sql’ in theauthorize{} section and ‘sql’ in the accounting {} section, also uncomment ‘sql’ under session{}.

Also, edit the /etc/raddb/sites-available/inner-tunnel and uncomment the line containing ‘sql’ under “authorize {}” and under session {}

Open the file /etc/raddb/clients.conf enter your secret fo example:

Change:

secret = testing123

To something like this that will be more secure:

secret = anismolkkijbsn123365

Now we will restart Radius and check if it is working:

For CentOS:
service radiusd restart
service radiusd stop
For Ubuntu:
service freeradius restart 
service freeradius stop

And to add clients (External VPN Servers) you have to use the following command:

For CentOS:
 /etc/raddb/clients.conf
For  Ubuntu:
 /etc/freeradius/clients.conf

under the following command:

# coa_server = coa
}

Add the following line:

  client VPN_SERVER_IP { 
              secret          = YOUR SECRET 
              shortname       = yourVPN 
       nastype        = other
   }

To give access to authenticate for external servers on your FreeRADIUS, you have to do a redondant task to make this. So you have to add a client or change a value in the config files. You will do as fellow:

For CentOS:
service radiusd restart
For Ubuntu:
service freeradius restart

Then add a test user to the radius database, so you have to login to your mysql radius database using the following command:

mysql -uroot –pyourrootpass

Later switch to the radius database using the following command:

use radius;

Then:

mysql> INSERT INTO `radcheck` (`id`, `username`, `attribute`, `op`, `value`) VALUE

So test the test user with radtest as fellow:

radtest test test 127.0.0.1 0 mysecret

You will be convinced that you installation is working well if you see something like: “rad_recv: Access-Accept”

And if you have any problems with FreeRADIUS you can run FreeRADIUS in debug mode to fix any issues, you have just to do as fellow:

For CentOS:
service radiusd stop
radiusd –x
For Ubuntu:
service freeradius stop
freeradius –x

Every thing is fine now we will open the file /etc/raddb/sql.conf on CentOS and /etc/freeradius/sql.conf on Ubuntu and uncomment the following line:

#readclients = yes

To

readclients = yes

Conclusion:

Your FreeRadius now is ready for being used. This tool is widely used for Enterprise Wi-Fi and IEEE 802.1X network security, particularly in the academic community, including eduroam.

  • John

    On Ubuntu there is no /etc/raddb, all files can be found and edited in /etc/freeradius.

  • John

    On Ubuntu 14.04 there is no /etc/raddb, all files can be found and edited in /etc/freeradius.

  • napalmgod

    What’s needed is a “How to test” section.