FreeRADIUS is a high performance, open source RADIUS server developed under the GNU General Public License. FreeRADIUS is the most used RADIUS server in the world. FreeRADIUS comes with web-based user administration tool and is modular, very scalable and rich sets of features. This is a how to install FreeRADIUS and Daloradius on CentOS 7 / RHEL 7.

RADIUS, which stands for “Remote Authentication Dial In User Service”, is a network protocol – a system that defines rules and conventions for communication between network devices – for remote user authentication and accounting. RADIUS is normally used to provide AAA services; Authorization. Authentication and Accounting.

FreeRADIUS is the most deployed RADIUS server since it supports all common authentication protocols, being open source and simplified user administration made possible by its dialupadmin web GUI. The server also comes with modules for LDAP and database systems integration like MySQL,PostgreSQL,Oracle e.t.c.

Setup Initialization

Update your CentOS / RHEL System

sudo yum -y update
sudo reboot

Set SELinux to permissive mode if you want seamless installation without touching SELinux management tools.

sudo setenforce 0
sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config

Install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7

Let’s start the installation of FreeRADIUS and Daloradius on CentOS 7 and RHEL 7.

Step 1: Install httpd server and Development Tools

sudo yum -y groupinstall "Development Tools"
sudo yum -y install httpd httpd-devel

Start and enable httpd server

sudo systemctl enable --now httpd

Check status of httpd server to make sure it’s running

[[email protected] ~]# systemctl status httpd
  httpd.service - The Apache HTTP Server
 Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
 Active: active (running) since Sat 2016-08-06 22:03:15 UTC; 8s ago

Docs: man:httpd(8)

man:apachectl(8)

Main PID: 3824 (httpd)
 Status: "Processing requests..."
 CGroup: /system.slice/httpd.service

├─3824 /usr/sbin/httpd -DFOREGROUND
 ├─3825 /usr/sbin/httpd -DFOREGROUND
 ├─3826 /usr/sbin/httpd -DFOREGROUND
 ├─3827 /usr/sbin/httpd -DFOREGROUND
 ├─3828 /usr/sbin/httpd -DFOREGROUND
 └─3829 /usr/sbin/httpd -DFOREGROUND

Aug 06 22:03:15 freeradius systemd[1]: Starting The Apache HTTP Server...
Aug 06 22:03:15 freeradius httpd[3824]: AH00558: httpd: Could not reliably determine th...age
Aug 06 22:03:15 freeradius systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.

Step 2: Installing and Configuring MariaDB

We’ll install and configure MariaDB 10, using steps below:

  • Add MariaDB official repo content to CentOS 7 system
sudo tee /etc/yum.repos.d/MariaDB.repo<<EOF 
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.4/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
EOF
  • Install MariaDB to configure Database server
sudo yum -y install MariaDB-server MariaDB-client

You’ll be prompted to install MariaDB GPG Signing key. Just press y to allow installation.

  • Start and enable MariaDB to run on boot
sudo systemctl start --now mariadb

Check if running and if enabled

systemctl status mariadb

Configure initial MariaDB settings to secure it. Here you’ll set root password. For security purposes, consider removing anonymous users and disallowing remote root login. See sample configuration shown below. Key choices are marked with red.

[[email protected] ~]$ sudo mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB

SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
 password for the root user. If you've just installed MariaDB, and
 you haven't set the root password yet, the password will be blank,
 so you should just press enter here.

Enter current password for root (enter for none): 
 OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
 root user without the proper authorisation.

Set root password? [Y/n] Y
 New password: 
 Re-enter new password: 
 Password updated successfully!
 Reloading privilege tables..
 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
 to log into MariaDB without having to have a user account created for
 them. This is intended only for testing, and to make the installation
 go a bit smoother. You should remove them before moving into a
 production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'. This
 ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
 access. This is also intended only for testing, and should be removed
 before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
 will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB
 installation should now be secure.

Thanks for using MariaDB!

Configure Database for freeradius

$ mysql -u root -p

CREATE DATABASE radius;
GRANT ALL ON radius.* TO [email protected] IDENTIFIED BY "StrongradIusPass";
FLUSH PRIVILEGES;
\q

Step 3: Install PHP and required modules

Add EPEL and Remi repositories then install PHP and other extensions required for running Daloradius on CentOS 7.

sudo yum -y install epel-release
sudo yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
sudo yum -y install yum-utils
sudo yum-config-manager --disable remi-php54
sudo yum-config-manager --enable remi-php72
sudo yum -y install php php-{cli,curl,mysqlnd,devel,gd,pear,mcrypt,mbstring,xml,pear}

Check PHP version to confirm

$ php -v
PHP 7.2.23 (cli) (built: Sep 25 2019 07:38:48) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies

Step 4: Installing FreeRADIUS on CentOS 7 / RHEL 7

Now run the following commands in your terminal to install FreeRADIUS on CentOS 7 / RHEL 7.

sudo yum -y install freeradius freeradius-utils freeradius-mysql

You have to start and enable freeradius to start at boot up.

sudo systemctl enable --now radiusd.service

Now you can check the status:

$ systemctl status radiusd.service
● radiusd.service - FreeRADIUS high performance RADIUS server.
    Loaded: loaded (/usr/lib/systemd/system/radiusd.service; enabled; vendor preset: disabled)
    Active: active (running) since Thu 2019-10-10 13:03:52 UTC; 22s ago
   Process: 21754 ExecStart=/usr/sbin/radiusd -d /etc/raddb (code=exited, status=0/SUCCESS)
   Process: 21750 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=0/SUCCESS)
   Process: 21749 ExecStartPre=/bin/chown -R radiusd.radiusd /var/run/radiusd (code=exited, status=0/SUCCESS)
  Main PID: 21757 (radiusd)
    CGroup: /system.slice/radiusd.service
            └─21757 /usr/sbin/radiusd -d /etc/raddb
 Oct 10 13:03:52 cent7.novalocal systemd[1]: Starting FreeRADIUS high performance RADIUS server….
 Oct 10 13:03:52 cent7.novalocal systemd[1]: Started FreeRADIUS high performance RADIUS server..

If you have Firewalld service running, allow radius and http traffic in and out. Radius server uses udp ports 1812 and 1813. This can be confirmed by viewing the contents of the file /usr/lib/firewalld/services/radius.xml

sudo firewall-cmd --add-service={http,https,radius} --permanent

Reload firewalld for changes to take effect

sudo firewall-cmd --reload

Test radius server by running it in debug mode with option -X

$ sudo ss -tunlp | grep radiusd
udp    UNCONN     0      0         *:44132                 *:*                   users:(("radiusd",pid=21757,fd=12))
 udp    UNCONN     0      0      127.0.0.1:18120                 :                   users:(("radiusd",pid=21757,fd=11))
 udp    UNCONN     0      0         *:1812                  *:*                   users:(("radiusd",pid=21757,fd=7))
 udp    UNCONN     0      0         *:1813                  *:*                   users:(("radiusd",pid=21757,fd=8))
 udp    UNCONN     0      0      [::]:33089              [::]:*                   users:(("radiusd",pid=21757,fd=13))
 udp    UNCONN     0      0      [::]:1812               [::]:*                   users:(("radiusd",pid=21757,fd=9))
 udp    UNCONN     0      0      [::]:1813               [::]:*                   users:(("radiusd",pid=21757,fd=10))

Step 5: Configure FreeRADIUS on CentOS 7 / RHEL 7

To Configure FreeRADIUS to use MariaDB, follow steps below.

1 – Import the Radius database scheme to populate radius database

sudo su -
mysql -u root -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql
  1. Configure Radius at this point

2 – Configure Radius at this point

First you have to create a soft link for SQL under /etc/raddb/mods-enabled

sudo ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/

Configure SQL module /raddb/mods-available/sql and change the database connection parameters to suite your environment:

sudo vi /etc/raddb/mods-available/sql
  • sql section should look similar to below.
sql {
driver = "rlm_sql_mysql"
dialect = "mysql"

# Connection info:

server = "localhost"
port = 3306
login = "radius"
password = "StrongradIusPass"

# Database table configuration for everything except Oracle

radius_db = "radius"
}

# Set to ‘yes’ to read radius clients from the database (‘nas’ table)
# Clients will ONLY be read on server startup.
read_clients = yes

# Table to keep radius client info
client_table = "nas"

Then change group right of /etc/raddb/mods-enabled/sql to radiusd:

sudo chgrp -h radiusd /etc/raddb/mods-enabled/sql

Step 6: Install and Configure Daloradius (Optional)

You can use Daloradius to manage radius server. This is optional and should not be done before install FreeRADIUS.

Download daloradius release archive from Github.

sudo yum -y install wget
wget https://github.com/lirantal/daloradius/archive/master.zip
unzip master.zip
mv daloradius-master/ daloradius

Change directory for configuration

cd daloradius

Import Daloradius mysql tables

mysql -u root -p radius < contrib/db/fr2-mysql-daloradius-and-freeradius.sql 
mysql -u root -p radius < contrib/db/mysql-daloradius.sql

Move daloradius folder to path in /var/www/html

cd ..
sudo mv daloradius /var/www/html/

Then change permissions for http folder and set the right permissions for daloradius configuration file.

sudo chown -R apache:apache /var/www/html/daloradius/
sudo chmod 664 /var/www/html/daloradius/library/daloradius.conf.php

You should now modify daloradius.conf.php file to adjust the MySQL database information .

sudo vi /var/www/html/daloradius/library/daloradius.conf.php

Set database name, user and password for connection.

$configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_PORT'] = '3306';
$configValues['CONFIG_DB_USER'] = 'radius';
$configValues['CONFIG_DB_PASS'] = 'StrongradIusPass';
$configValues['CONFIG_DB_NAME'] = 'radius';

To be sure everything works, restart radiusd and httpd services.

sudo systemctl restart radiusd.service httpd
systemctl status radiusd.service httpd

There should be no error is service status output:

Finallu run the commands:

sudo pear install DB
sudo pear install MDB2

Up to this point, we’ve covered complete installation and configuration of daloradius and freeradius, to access daloradius, open the link using your IP address:

http://ip-address/daloradius/login.php

The default login details are:

Username: administrator
Password: radius

This is how daloRADIUS interface looks like.

Conclusion

You have learned how to Install FreeRADIUS, perform simple essential configurations and Installation of Daloradius which is a web-based tool used to administer FreeRADIUS. You may have to consider further reading to be a guru in FreeRADIUS administration.

Tags:

  • install FreeRADIUS on CentOS 7 and RHEL 7
  • install and configure FreeRADIUS on CentOS 7 and RHEL 7
  • install daloradius on CentOS 7 and RHEL 7

For other Linux systems.

Install FreeRADIUS on Ubuntu