FreeRadius-Configuration-with-DaloRadius-CentOS 7

   

Q. How to Install FreeRadius on CentOS 7 with DaloRadius ?

Q. Step by Step Free Radius Server Configuration on Linux ?

Q. OpenSource Radius server   

FreeRADIUS is the most popular open source & most widely deployed RADIUS server in the world. It supports all common authentication protocols. It’s Used PHP-based web user administration tool called dialupadmin.

FreeRADIUS supports LDAP, MySQL, PostgreSQL, Oracle, and many other databases. Also supports all popular EAP authentication types, including PEAP and

EAP-TTLS.

Step 1:

Disable SELinux

setenforce 0

vi /etc/selinux/config

# SELINUX= can take one of these three values:

#     enforcing - SELinux security policy is enforced.

#     permissive - SELinux prints warnings instead of enforcing.

#     disabled - No SELinux policy is loaded.

SELINUX=disabled

Step 2:

Install MariaDB/MySQL

vi /etc/yum.repos.d/MariaDB.repo

[mariadb]

name=MariaDB

baseurl=http://yum.mariadb.org/10.1/centos7-amd64

gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB

gpgcheck=1

Step 3:

Update Server & Install Required Package

yum update -y

yum -y install freeradius freeradius-utils freeradius-mysql httpd httpd-devel mariadb-server mariadb

Step 4:

Enable FreeRadius, httpd & Mariadb

systemctl enable radiusd.service

systemctl enable httpd

systemctl enable mariadb

Start Service

systemctl start httpd

systemctl start mariadb

Step 5:

Setup MariaDB and set ROOT password

mysql_secure_installation

Configure database :

mysql -u root -p

CREATE DATABASE radius

GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radiuspassword";

FLUSH PRIVILEGES;

\q

Import Database

mysql -u root -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql

Create a Soft Link for SQL:

ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/

Step 6 :

Install PHP 7

yum -y install http://rpms.famillecollet.com/enterprise/remi-release-7.rpm

vi /etc/yum.repos.d/remi-php71.repo

[remi-php71]
name=Remi's PHP 7.1 RPM repository for Enterprise Linux 7 - $basearch
#baseurl=http://rpms.remirepo.net/enterprise/7/php71/$basearch/
mirrorlist=http://rpms.remirepo.net/enterprise/7/php71/mirror
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

yum -y install php mod_php php-cli php-mysqlnd php-devel php-gd php-mcrypt php-mbstring php-xml php-pear

pear install DB

apachectl restart

Step 7:

configure the SQL module and change the database connection:

vi /etc/raddb/mods-available/sql

sql {

driver = "rlm_sql_mysql"

dialect = "mysql"

# Connection info:

server = "localhost"

port = 3306

login = "radius"

password = "radiuspassword"

# Database table configuration for everything except Oracle

radius_db = "radius"

}

# Set to ‘yes’ to read radius clients from the database (‘nas’ table)

# Clients will ONLY be read on server startup.

read_clients = yes

# Table to keep radius client info

client_table = “nas”

ln -sf /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/

Change the group for the SQL folder to radiusd:

chgrp -h radiusd /etc/raddb/mods-enabled/sql

Installing Daloradius:

cd /tmp

wget https://github.com/lirantal/daloradius/archive/master.zip

unzip master.zip

mv daloradius-master/ daloradius

cd daloradius

Step 8:

Import Daloradius MySQL:

mysql -u root -p radius < contrib/db/fr2-mysql-daloradius-and-freeradius.sql

mysql -u root -p radius < contrib/db/mysql-daloradius.sql

cd ..

mv daloradius /var/www/html

Step 09:

change permissions for httpd:

chown -R apache:apache /var/www/html/daloradius/

chmod 664 /var/www/html/daloradius/library/daloradius.conf.php

Step 10:

Modify configuration for MySQL:

vi /var/www/html/daloradius/library/daloradius.conf.php

CONFIG_DB_USER

CONFIG_DB_PASS

CONFIG_DB_NAME

Step 11:

To make sure everything works restart all services:

systemctl restart radiusd.service

systemctl restart mariadb.service

systemctl restart httpd

Step 12:

Allow Port in Firewall

firewall-cmd --zone=public --add-service=radius --permanent

firewall-cmd –reload

Step 13:

Access the web interface:

    http://FQDN_IP_OF_SERVER/daloradius/login.php

Default Login:

User: administrator

Pass: radius

Create user :

Management ---> New User

User        lokesh

PWD        server32

List User :

Step 14:

Define Client:

vi /etc/raddb/clients.conf

client NAME {
 ipaddr = IPADDRESS
 secret = SECRET
}

Testing

radtest lokesh password localhost 0 server32

Here :

radtest     = command for testing

lokesh     = User

password    = User password

server32    = secret key

Note: we will run Radius in debug mode to make sure it runs correctly:

radiusd -X

Error 1:

Failed binding to authentication address * port 1812: Address already in use

/etc/freeradius/radiusd.conf[240]: Error binding to port for 0.0.0.0 port 1812

Solution

ps -ef | grep radius

OR

ps ef | grep free

kill -9 <PID>

Error 2: 

tail -f /var/log/httpd/error_log

PHP Warning: session_start(): open(/var/lib/php/session/sess_2bf357c7717eae8f1b9159deef9c912e6, O_RDWR) failed: Permission denied (13) in /var/www/html/daloradius/dologin.php on line 41, referer: http://172.17.25.200/daloradius/login.php

Solution :

chown apache:apache var/lib/php/session