This guide will tell you how to install a daloRADIUS & FreeRADIUS Server. As TechTarget says, a RADIUS server is:
Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service. RADIUS allows a company to maintain user profiles in a central database that all remote servers can share. It provides better security, allowing a company to set up a policy that can be applied at a single administered network point. Having a central service also means that it’s easier to track usage for billing and for keeping network statistics. Created by Livingston (now owned by Lucent), RADIUS is a de facto industry standard used by a number of network product companies and is a proposed IETF standard.
daloRADIUS is free to use software and works as the front-end. FreeRADIUS works as the back-end. Both are free and do not require any purchase.
Before we start the installation of daloRADIUS. We need to make sure we have the following:
- An operating system as Ubuntu, Debian or Raspbian. Other operating systems can be used, but please keep in mind the commands used might not work on your OS. So if needed, tweak them a bit for the corresponding OS.
- This software requires you to have a static IP address on your device. Citricks created a guide to do so on CentOS. See other guides for how to set a static IP address on your device.
- Basic knowledge about how Linux operating system work is recommended, but not needed. It will help you to better understand what’s going on.
- Time: around 30 minutes – 1 hour!
Dependencies is software that is required to make another software work. To make daloRADIUS work we need to run the following command:
sudo apt-get install apache2 php5 libapache2-mod-php5 mysql-server mysql-client php5-mysql php-pear php5-gd php-db
Once the dependencies are installed we can continue to the next step!
To install FreeRADIUS, use the following command:
sudo apt-get install freeradius freeradius-mysql
As you can see FreeRADIUS is available on a repository. If you wish to use a manual install, you can download it here.
As daloRADIUS is a front-end application, we need to move it to a place where people can view it. To make this possible we will move daloRADIUS to the root website folder. In case you already have a website running, move it to another location (subfolder).
First we move to the current users home folder and start the download of daloRADIUS:
cd / sudo wget http://downloads.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz
Now we tar the downloaded file to the website root folder. If you’re hosting another website already, please change the location of the destination.
sudo tar xvfz daloradius-0.9-9.tar.gz -C /var/www
Optionally I will move the files from the temporary folder to the root folder and delete the temporary folder.
sudo mv /var/www/daloradius-0.9-9/* /var/www/ sudo rmdir -rf daloradius-0.9-9
Configuring MySQL for daloRADIUS
daloRADIUS is using a database to store its content. So we need to configure a database user, database and set it up for dalo. Log-in to MySQL with the correct credentials:
mysql -u root -p
Once you’re in, create a database:
CREATE DATABASE radius; quit
Now we need to import the .sql script into the database. The .sql file is located in the ‘/contrib/db/’ folder. If you didn’t install daloRADIUS in the root destination, you might need to change the location of the .sql down below. To import the file run:
mysql -u root -p radius < /var/www/contrib/db/fr2-mysql-daloradius-and-freeradius.sql
To strengthen our security, we will use a new MySQL account to connect to the database. In case there is a security breach and someone manages to access your database configuration file, they will only be able to open the database ‘radius’ with the user we will create now. If you use the root account in the configuration files there is a chance more information will be compromised. Please note that you still need to add your own password in the command below. To create a new user and allow him to access the database run:
mysql -u root -p CREATE USER radius@localhost; SET PASSWORD FOR radius@localhost = PASSWORD('CHANGEYOURPASSWORDHERE'); GRANT ALL ON radius.* to radius@localhost; quit
You’ve now created a new user with your own password and granted the new user access to the newly created database and all its tables.
First we will configure daloRADIUS so it points to the database. To do so we need to edit a configuration file found on ‘./www/library/daloradius.conf.php’. For editing text on the CLI I prefer to use nano. Edit the file by running:
sudo nano /var/www/library/daloradius.conf.php
Change the following values to your own credentials:
$configValues['CONFIG_DB_HOST'] = 'localhost'; $configValues['CONFIG_DB_PORT'] = '3306'; $configValues['CONFIG_DB_USER'] = 'radius'; $configValues['CONFIG_DB_PASS'] = 'YOURPASSWORDSHOULDGOHERE!'; $configValues['CONFIG_DB_NAME'] = 'radius';
Press ‘CTRL-O’ to save your file, following with ‘CTRL-X’ to close the document.
Just like daloRADIUS, we need FreeRADIUS to point to our database. We need to change the config file(s) again. With FreeRADIUS we also need to edit another file which allows the software to check the database. This config file is located in ‘/etc/freeradius’. To edit the file run:
sudo nano /etc/freeradius/radiusd.conf
Remove the ‘#’ from the following lines, don’t remove anything else:
# $INCLUDE sql.conf # $INCLUDE sql/mysql/counter.conf
Once you’re done editing press ‘CTRL-O’ to save the document and press ‘CTRL-X’ to close.
Because the database doesn’t know how to connect to the correct database, we need to change the configuration file so he will be able to do so. Edit the ‘sql.conf’ file located in the same folder by running:
sudo nano /etc/freeradius/sql.conf
Remove the ‘#’ in font of ‘port’ and change the following information to your database settings:
#Connection info: server = "localhost" port = 3306 login = "radius" password = "YOURUSERPASSWORD" # Database table configuration for everything except Oracle radius_db = "radius"
Once done, save and close your document.
To start using FreeRADIUS we need to enable a user. This line is blocked out in the config file so we need to unblock it. The configuration file is located in ‘/etc/freeradius’. To edit the file run:
sudo nano /etc/freeradius/users
Delete the ‘#’ on the last two lines shown in the above picture. This means the line with ‘John Doe’ and ‘Reply-Message’. If you can’t find these lines, press ‘CTRL-W’ to search the current document. Once edited press ‘CTRL-O’ to save the document and press ‘CTRL-X’ to close.
Now open the ‘default’ config file located at ‘/etc/freeradius/sites-enabled/’ by running:
sudo nano /etc/freeradius/sites-enabled/default
Now remove every ‘#’ in front of every sql row in the following sections:
authorize accounting session post-auth
To make sure everything is applied correctly, we will reboot our system:
sudo reboot now
Your RADIUS server is now up and running! Please leave a comment down below if you have any questions or suggestions.