FreeRADIUS is the most popular open source RADIUS server and the most widely deployed RADIUS server in the world. It supports all common authentication protocols, and the server comes with a PHP-based web user administration tool called dialup admin . It is the basis for many commercial RADIUS products and services, such as embedded systems, RADIUS appliances that support Network Access Control, and WiMAX. It supplies the AAA needs of many Fortune-500 companies, telcos, and Tier 1 ISPs. It is also widely used in the academic community, including eduroam. The server is fast, feature-rich, modular, and scalable. The currently shipping stable version is 2.2.0.
Install FreeRadius with Web Based Management Daloradius on CentOS/RHEL
On CentOS/RHEL 5
# yum install freeradius2 freeradius2-mysql freeradius2-utils mysql-server mysql php-mysql php
On CentOS/RHEL 6
# yum install freeradius freeradius-mysql freeradius-utils mysql-server mysql php-mysql php
Start the MySQL instance
# chkconfig mysqld on # /etc/init.d/mysqld start
Next we need to create the radius database, so execute
# mysql -uroot -p
Next create the database and grant all privileges to user radius
mysql> CREATE DATABASE radius; mysql> GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radius@123"; mysql> flush privileges; mysql> exit
Now we need to build the schema for radius database
# mysql -uradius -p radius < /etc/raddb/sql/mysql/schema.sql
Now edit the sql.conf file and populate the database credentials.
# vi /etc/raddb/sql.conf
Enter your mysql database details you just created
# Connection info: server = "localhost" port = 3306 login = "radius" password = "radius@123" # Database table configuration for everything except Oracle radius_db = "radius"
Next open /etc/raddb/radiusd.conf
# vi /etc/raddb/radiusd.conf
Uncomment Line 700 to include sql.conf
$INCLUDE sql.conf
Next edit /etc/raddb/sites-available/default and uncomment the line 177 containing ‘sql’ under the authorize {} section and line 406 ‘sql’ under the accounting {} section, also uncomment ‘sql’ under session {} line 454.
# vi /etc/raddb/sites-available/default
Now, edit /etc/raddb/sites-available/inner-tunnel and uncomment the line 131 and line 255 containing ‘sql’ under authorize {} and under session {}.
# vi /etc/raddb/sites-available/inner-tunnel
Open up /etc/raddb/clients.conf
# vi /etc/raddb/clients.conf
To add NAS clients that will use RADIUS server for AAA you have to add the following to the clients.conf file. Append a block such as this, replace 192.168.209.1 with the ip address of your NAS client that will use FreeRADIUS for AAA.
client 192.168.209.1 {
secret = 91982650d89
nastype = other
}
Restart FreeRADIUS for the new configuration to take effect.
# service radiusd restart
If you encounter any problems you can run FreeRADIUS in debug mode to find any authentication issues. To run FreeRADIUS in debug mode execute
# radiusd -X
Radius use MySQL to store usernames and passwords. To manage radius server daloradius is a good choice. To install daloradius
# wget http://sourceforge.net/projects/daloradius/files/latest/download?source=files # tar zxvf daloradius-0.9-9.tar.gz # mysql -uradius -p radius < daloradius-0.9-9/contrib/db/fr2-mysql-daloradius-and-freeradius.sql
Next open the daloradius.conf.php
# vi daloradius-0.9-9/library/daloradius.conf.php
Add the database username, password and db name.
• $configValues['DALORADIUS_VERSION'] = '0.9-9'; • $configValues['FREERADIUS_VERSION'] = '2'; • $configValues['CONFIG_DB_ENGINE'] = 'mysql'; • $configValues['CONFIG_DB_HOST'] = 'localhost'; • $configValues['CONFIG_DB_USER'] = 'radius'; • $configValues['CONFIG_DB_PASS'] = 'radius@123'; • $configValues['CONFIG_DB_NAME'] = 'radius';
Move daloradius to the web root directory
# mv daloradius-0.9-9 /var/www/html/daloradius
Point your browser to http://ip-address-or-hostname/daloradius
Login using
Username administrator
Password radius
You can add new groups and users to the database and manage the radius server.
