Install and set up FreeRADIUS on CentOS 5/6 and Ubuntu 11.10

Simple tutorial for setup and configuration FreeRADIUS On CentOS 5/6 and Ubuntu 11.10 .

Just follow the instructions below FreeRADIUS When used with the WHMCS module, the installer is ready and we have distinguished the difference between CentOS commands and Ubuntu commands:

CentOS 5:

                      yum install freeradius2 freeradius2-mysql freeradius2-utils mysql-server -y
                    

CentOS 6:

                      yum install freeradius freeradius-mysql freeradius-utils mysql-server -y
                    

Ubuntu:

                      apt-get install freeradius freeradius-mysql freeradius-utils mysql-server
                    

They should install without any issues.

To set up MySQL, run the following command to set the password:

                      /usr/bin/mysql_secure_installation
                    

Common problems usually appear on the cPanel server, but please check our knowledge base to solve the problem on the cPanel server. Next we need to create the radius database and type:

                      mysql
                    

Either

                      mysql -uroot -p
                    

Then enter your mysql root password to continue …

Now create the database and grant all privileges to the user radius:

                      CREATE DATABASE radius;
                    
                      GRANT ALL PRIVILEGES ON radius.* TO [email protected] IDENTIFIED BY "radpass";
                    
                      flush privileges;
                    

In some cases, you may need to grant remote access to mysql, for this, follow these guidelines:

At this point, we want to import the radius table:

                      mysql> use radius;
                    

CentOS:

                      SOURCE /etc/raddb/sql/mysql/schema.sql
                    

Ubuntu:

                      SOURCE /etc/freeradius/sql/mysql/schema.sql
                    
                      exit
                    

Open CentOS now: /etc/raddb/sql.conf Ubuntu: /etc/freeradius/sql.conf And enter the details of the mysql database just created, for example:

                      # Connection info:
server = "localhost"
#port = 3306
login = "radius"
password = "radpass"

# Database table configuration for everything except Oracle
radius_db = "radius"
                    

In /etc/raddb/radiusd.conf, make sure the line says:

                      $INCLUDE sql.conf
                    

no comment.

Edit / etc / raddb / sites-available / default and uncomment the lines that contain “sql” in the authorize {} section and “sql” in the accounting {} section, and uncheck the “sql” under the session {} Comments.

Also, edit / etc / raddb / sites-available / inner-tunnel and uncomment the lines containing “sql” under “authorize {}” and session {}.

Open /etc/raddb/clients.conf and set your secret to something more random, for example:

change:

                      secret = testing123
                    

like this:

                      secret = 3c23498n349c3yt290y93b4t3
                    

Now check if Radius works:

CentOS:

                      service radiusd restart
                    
                      service radiusd stop
                    

Ubuntu:

                      service freeradius restart
                    
                      service freeradius stop
                    

To add a client (external VPN server), you can edit CentOS: /etc/raddb/clients.conf Ubuntu: /etc/freeradius/clients.conf And directly under this line:

                      # coa_server = coa
}
                    

Add a block like this:

                      client VPN_SERVER_IP {
secret = YOUR SECRET HERE
shortname = yourVPN
nastype = other
}
                    

To allow external servers and software to authenticate your FreeRADIUS, you must do this every time you set up an external server to use this FreeRADIUS database.

Every time you add a client or change the value in the configuration file, you need to restart radius like this:

CentOS:

                      service radiusd restart
                    

Ubuntu:

                      service freeradius restart
                    

To add test users to the radius database, you first need to log in to your mysql radius database:

                      mysql -uroot -pyourrootpass
                    

Switch to the radius database:

                      use radius;
                    

Once you execute the following command:

                      mysql> INSERT INTO `radcheck` (`id`, `username`, `attribute`, `op`, `value`) VALUES (1,'test','User-Password',':=','test');
                    

Next, test the user using radtest.

                      radtest test test 127.0.0.1 0 mysecret
                    

If you see “rad_recv: Access-Accept”, the installation is normal.

If FreeRADIUS encounters any problems, you can run FreeRADIUS in debug mode to help pinpoint any problems, just do the following:

CentOS:

                      service radiusd stop
                    
                      radiusd -X
                    

Ubuntu:

                      service freeradius stop
                    
                      freeradius -X
                    

You can now see in real time whether the authentication query actually reached the server or why some users might be denied authentication.

Related Posts