Install and set up FreeRADIUS on CentOS 5/6 and Ubuntu 11.10

Simple tutorial for setup and configuration FreeRADIUS On CentOS 5/6 and Ubuntu 11.10 .

Just follow the instructions below FreeRADIUS When used with the WHMCS module, the installer is ready and we have distinguished the difference between CentOS commands and Ubuntu commands:

CentOS 5:

                      yum install freeradius2 freeradius2-mysql freeradius2-utils mysql-server -y

CentOS 6:

                      yum install freeradius freeradius-mysql freeradius-utils mysql-server -y


                      apt-get install freeradius freeradius-mysql freeradius-utils mysql-server

They should install without any issues.

To set up MySQL, run the following command to set the password:


Common problems usually appear on the cPanel server, but please check our knowledge base to solve the problem on the cPanel server. Next we need to create the radius database and type:



                      mysql -uroot -p

Then enter your mysql root password to continue …

Now create the database and grant all privileges to the user radius:

                      CREATE DATABASE radius;
                      GRANT ALL PRIVILEGES ON radius.* TO [email protected] IDENTIFIED BY "radpass";
                      flush privileges;

In some cases, you may need to grant remote access to mysql, for this, follow these guidelines:

At this point, we want to import the radius table:

                      mysql> use radius;


                      SOURCE /etc/raddb/sql/mysql/schema.sql


                      SOURCE /etc/freeradius/sql/mysql/schema.sql

Open CentOS now: /etc/raddb/sql.conf Ubuntu: /etc/freeradius/sql.conf And enter the details of the mysql database just created, for example:

                      # Connection info:
server = "localhost"
#port = 3306
login = "radius"
password = "radpass"

# Database table configuration for everything except Oracle
radius_db = "radius"

In /etc/raddb/radiusd.conf, make sure the line says:

                      $INCLUDE sql.conf

no comment.

Edit / etc / raddb / sites-available / default and uncomment the lines that contain “sql” in the authorize {} section and “sql” in the accounting {} section, and uncheck the “sql” under the session {} Comments.

Also, edit / etc / raddb / sites-available / inner-tunnel and uncomment the lines containing “sql” under “authorize {}” and session {}.

Open /etc/raddb/clients.conf and set your secret to something more random, for example:


                      secret = testing123

like this:

                      secret = 3c23498n349c3yt290y93b4t3

Now check if Radius works:


                      service radiusd restart
                      service radiusd stop


                      service freeradius restart
                      service freeradius stop

To add a client (external VPN server), you can edit CentOS: /etc/raddb/clients.conf Ubuntu: /etc/freeradius/clients.conf And directly under this line:

                      # coa_server = coa

Add a block like this:

                      client VPN_SERVER_IP {
shortname = yourVPN
nastype = other

To allow external servers and software to authenticate your FreeRADIUS, you must do this every time you set up an external server to use this FreeRADIUS database.

Every time you add a client or change the value in the configuration file, you need to restart radius like this:


                      service radiusd restart


                      service freeradius restart

To add test users to the radius database, you first need to log in to your mysql radius database:

                      mysql -uroot -pyourrootpass

Switch to the radius database:

                      use radius;

Once you execute the following command:

                      mysql> INSERT INTO `radcheck` (`id`, `username`, `attribute`, `op`, `value`) VALUES (1,'test','User-Password',':=','test');

Next, test the user using radtest.

                      radtest test test 0 mysecret

If you see “rad_recv: Access-Accept”, the installation is normal.

If FreeRADIUS encounters any problems, you can run FreeRADIUS in debug mode to help pinpoint any problems, just do the following:


                      service radiusd stop
                      radiusd -X


                      service freeradius stop
                      freeradius -X

You can now see in real time whether the authentication query actually reached the server or why some users might be denied authentication.

Related Posts