Monday, February 8, 2016

Install FreeRadius with Web Based Management Daloradius on CentOS/RHEL, Debian, Ubuntu

On CentOS/RHEL 5
1
yum install freeradius2 freeradius2-mysql freeradius2-utils mysql-server mysql php-mysql php php-gd php-pear-DB
On CentOS/RHEL 6
1
yum install freeradius freeradius-mysql freeradius-utils mysql-server mysql php-mysql php php-gd php-pear-DB
Ubuntu or Debian
1
apt-get install freeradius freeradius-mysql freeradius-utils mysql-server mysql chkconfig php5 php5-mysql php5-db php5-pear
Start the MySQL instance
1
2
chkconfig mysqld on
/etc/init.d/mysqld start
Next we need to create the radius database, so execute
1
mysql -uroot -p
Create the database and grant all privileges to user radius
1
2
3
4
CREATE DATABASE radius;
GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY “radius@123″;
flush privileges;
exit
Now we need to build the schema for radius database
On CentOS/RHEL
1
mysql -uradius -p radius < /etc/raddb/sql/mysql/schema.sql
On Debian/Ubuntu
1
mysql -uradius -p radius < /etc/freeradius/sql/mysql/schema.sql
Now edit the sql.conf file and populate the database credentials.
On CentOS/RHEL
1
vi /etc/raddb/sql.conf
On Debian, Ubuntu
1
vi /etc/freeradius/sql.conf
Enter your mysql database details you just created
1
2
3
4
5
6
7
# Connection info:
    server = “localhost”
    port = 3306
    login = “radius”
    password = “radius@123″
# Database table configuration for everything except Oracle
    radius_db = “radius”
Next open /etc/raddb/radiusd.conf
On CentOS/RHEL
1
vi /etc/raddb/radiusd.conf
On Debian, Ubuntu
1
vi /etc/freeradius/radiusd.conf
Uncomment Line 700 to include sql.conf
1
$INCLUDE  sql.conf
Next edit /etc/raddb/sites-available/default and uncomment the line 177 containing ‘sql’ under the authorize {} section and line 406 ‘sql’ under the accounting {} section, also uncomment ‘sql’ under session {} line 454.
On CentOS/RHEL
1
vi /etc/raddb/sites-available/default
On Debian, Ubuntu
1
vi /etc/freeradius/sites-available/default
Now, edit /etc/raddb/sites-available/inner-tunnel and uncomment the line 131 and line 255 containing ‘sql’ under authorize {} and under session {}.
On CentOS/RHEL
1
vi /etc/raddb/sites-available/inner-tunnel
On Debian, Ubuntu
1
vi /etc/freeradius/sites-available/inner-tunnel
Open up /etc/raddb/clients.conf
On CentOS/RHEL
1
vi /etc/raddb/clients.conf
On Debian, Ubuntu
1
vi /etc/freeradius/clients.conf
To add NAS clients that will use RADIUS server for AAA you have to add the following to the clients.conf file. Append a block such as this, replace 192.168.209.1 with the ip address of your NAS client that will use FreeRADIUS for AAA.
1
2
3
4
client 192.168.209.1 {
    secret        = 91982650d89
        nastype         = other
}
Restart FreeRADIUS for the new configuration to take effect.
On CentOS/RHEL
1
service radiusd restart
On Ubuntu, Debian
1
service freeradius restart
If you encounter any problems you can run FreeRADIUS in debug mode to find any authentication issues. To run FreeRADIUS in debug mode execute
On CentOS/RHEL
1
radiusd -X
On Ubuntu, Debian
1
freeradius -X
Update:
Radius use MySQL to store usernames and passwords. To manage radius server daloradius is a good choice. To install daloradius
1
2
3
wget http://sourceforge.net/projects/daloradius/files/latest/download?source=files
tar zxvf daloradius-0.9-9.tar.gz
mysql -uradius -p radius < daloradius-0.9-9/contrib/db/fr2-mysql-daloradius-and-freeradius.sql
Next open the daloradius.conf.php
1
vi daloradius-0.9-9/library/daloradius.conf.php
Add the database username, password and db name.
1
2
3
4
5
6
7
• $configValues['DALORADIUS_VERSION'] = ’0.9-9′;
• $configValues['FREERADIUS_VERSION'] = ’2′;
• $configValues['CONFIG_DB_ENGINE'] = ‘mysql’;
• $configValues['CONFIG_DB_HOST'] = ‘localhost’;
• $configValues['CONFIG_DB_USER'] = ‘radius’;
• $configValues['CONFIG_DB_PASS'] = ‘radius@123′;
• $configValues['CONFIG_DB_NAME'] = ‘radius’;
Move daloradius to the web root directory
On Debian, Ubuntu
1
mv daloradius-0.9-9 /var/www/daloradius
On CentOS/RHEL
1
mv daloradius-0.9-9 /var/www/html/daloradius
Point your browser to http://ip-address-or-hostname/daloradius
Login using
Username administrator
Password radius
You can add new groups and users to the database and manage the radius server.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)