Radius Server
Installing FreeRadius
Installing freeradius in Ubuntu 16.10:
Source: blog.moatazthenervous.com
sudo apt-get install freeradius
Configuration
Edit the freeradius users:
sudo nano /etc/freeradius/users
Uncomment the user 'John Doe':
"John Doe" Auth-Type := Local, User-Password == "hello" Reply-Message = "Hello, %u"
Test teh connectivity from local machine:
sudo radtest "John Doe" hello 127.0.0.1 0 testing123
Remote access to the radius server
sudo nano /etc/freeradius/clients.conf
And add the following snippet:
client 0.0.0.0/0 { secret = "mysecret" shortname = name }
Now from another machine, try the following:
radtest "John Doe" "hello" example.com 0 "mysecret"
You will get Access-Accept packet and "Hello, John Doe" messages.
Logging
The "log" section of the radiusd.conf file is where the primary logging configuration for the FreeRADIUS server is located.
log { destination = files file = ${logdir}/radius.log # If Server is running in debugging mode, this file is NOT used. # requests = ${logdir}/radiusd-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d.log syslog_facility = daemon stripped_names = no auth = no auth_badpass = no auth_goodpass = no # msg_goodpass = "" # msg_badpass = "" }
Destination options:
files - log to "file", as defined below. syslog - send log messages to syslog stdout - log to standard output. stderr - log to standard error.
GUI
DaloRadius
sudo apt-get install php5-common php5-gd php-pear php-db libapache2-mod-php5 php-mail
Install freeradius using the following command
sudo apt-get install freeradius freeradius-mysql freeradius-utils
Create Freeradius Database
You can use the following command to create freeradius database
sudo mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 5 Server version: 5.6.24-0ubuntu2 (Ubuntu)
Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.
Type ‘help;' or ‘\h' for help. Type ‘\c' to clear the current input statement.
mysql> create database radius;
mysql> grant all on radius.* to radius@localhost identified by "password";
Query OK, 0 rows affected (0.00 sec)
Insert the freeradius database scheme using the following commands
sudo mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql
Enter password:
sudo mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sql
Enter password:
Create new user for radius database
sudo mysql -u root -p
mysql> use radius;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES (‘sqltest', ‘Password', ‘testpwd');
Query OK, 1 row affected (0.04 sec)
mysql> exit
Bye
Freeradius Configuration
You need to edit /etc/freeradius/sql.conf file
sudo vi /etc/freeradius/sql.conf
Make sure you have the following details
database = mysql login = radius password = password
Uncomment the following
readclients = yes
Save and Exit the file
Now you need to edit the /etc/freeradius/sites-enabled/default file
sudo vi /etc/freeradius/sites-enabled/default
Uncomment the sql option in the following sections
accounting
- See “Authorization Queries” in sql.conf
sql
session
- See “Authorization Queries” in sql.conf
sql
Post-Auth-Type
- See “Authorization Queries” in sql.conf
sql
Save and Exit the file
Now edit /etc/freeradius/radiusd.conf file
sudo vi /etc/freeradius/radiusd.conf
- Uncomment the following option
$INCLUDE sql.conf
Save and exit the file
Now you can stop the free radius server using the following command
sudo /etc/init.d/freeradius stop
Run freeradius in debugging mode. If there is no error, you are ready to go.
sudo freeradius -X
Start the freeradius using the following command
sudo /etc/init.d/freeradius start
Test the radius server using the following command
sudo radtest sqltest testpwd localhost 18128 testing123
Ouput as follows
Sending Access-Request of id 68 to 127.0.0.1 port 1812 User-Name = "sqltest" User-Password = "testpwd" NAS-IP-Address = 127.0.1.1 NAS-Port = 18128 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=68, length=20
Daloradius Installation
You can download the Daloradius latest version from here
Once you downloaded the daloradius-0.9-9.tar.gz file you need to extract using the following command
$ tar xvfz daloradius-0.9-9.tar.gz
$ mv daloradius-0.9-9 daloradius
$ mv daloradius /var/www
Change Permissions
sudo chown www-data:www-data /var/www/daloradius -R
sudo chmod 644 /var/www/daloradius/library/daloradius.conf.php
Mysql database need to setup for daloradius.We need to do is to import the daloradius scheme into our existing radius database.
$ cd /var/www/daloradius/contrib/db
sudo mysql -u root -p radius < mysql-daloradius.sql configure the following daloradius setting. sudo vi /var/www/daloradius/library/daloradius.conf.php Change the database password $configValues['CONFIG_DB_PASS'] = 'password'; Save and exit the file Now you need to configure daloradius website under /etc/apache2/sites-available
sudo vi /etc/apache2/sites-available/daloradius.conf
add the following lines
Alias /daloradius "/var/www/daloradius/"
< Directory /var/www/daloradius/> Options None Order allow,deny allow from all < /Directory>
Save and exit the file
Enable daloradius website using the following command
sudo a2ensite daloradius
Enabling site daloradius.
To activate the new configuration, you need to run:
sudo service apache2 reload
Daloradius Web GUI
you can access daloradius GUI using http://server-ip/daloradius and the login screen as follows
Use the following login details
username: administrator password: radius
- References
{{#widget:DISQUS
|id=networkm
|uniqid=Radius Server
|url=https://aman.awiki.org/wiki/Radius_Server
}}