Situatie
FreeRADIUS is a free open source server for UNIX and Unix-like operating systems that allows one to set up a RADIUS protocol server. You also need a correctly configured client that communicates with the server when you want to use it, which could be used for authentication or accounting various types of network access. Sample applications are hotspots, VPN protocols such as OpenVPN, Strongswan, or SoftEther (Wireshark) on an Android smartphone.
What is the RADIUS Protocol?
Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that manages user authentication, authorization, and accounting by providing centralized AAA management. These are some short descriptions of what each term in AAA means, but they do not all mean the same thing:
- Authentication: The process of determining whether the client (which can be a user, device or process) is authorized to utilize the system.
- Authorization: The process of determining how much usage and when to provide this information so that power usage costs may be calculated.
- Accounting: This is the sum-up report on activity on the network for billing purposes.
The command-line interface for managing FreeRADIUS can be confusing even for expert system administrators. To ease their problem, we can use daloRADIUS which is a web-based GUI version of FreeRADIUS.
What is daloRADIUS?
daloRADIUS is a web-based GUI for managing FreeRADIUS and enables you to manage multiple servers from your browser with ease. And it works with major Linux distributions–CentOS, Red Hat Enterprise Linux, Ubuntu, OpenWrt etc., as long as they are running the latest version of Redis or Memcached and have SSL support.
Prerequisites
- A server running an Ubuntu 20.04, with a minimum of 512MB RAM, a minimum of 300MB storage space and minimum of 1.4 GHz 64-bit CPU
- Being logged in as a root user or user with sudo privileges.
Updating your System
To keep your system up-to-date, start by running the update command on your terminal to download and install the latest packages and security updates:
sudo apt update -y
sudo apt upgrade -y
The -y flag is used by the update command to automatically answer yes when asked if you want to continue with the changes.
apt update command will update the list of available packages from their sources. apt upgrade command will download and install the updates.
Sample output:
After the update process is complete, you might want to reboot your system. To do so, run the command below in your terminal:
sudo reboot now
Installing Dependencies
Dependencies are software requirements that need to be fulfilled in order for another program to work. The next thing to do is install the necessary dependencies. Ubuntu Server comes with Apache installed, but there are some related packages that must be added. To install the dependencies, run the command below in your terminal:
sudo apt-get install apache2 mariadb-server php libapache2-mod-php php-mail php-mail-mime php-mysql php-gd php-common php-pear php-db php-mbstring php-xml php-curl unzip wget -y
You can check the version of php installed on your system by running the command below in your terminal:
php -v
The output should be similar to one below:
Installing FreeRADIUS
Once all the prerequisites and dependencies are met, we can now install FreeRADIUS. You can view versions of FreeRADIUS available in your Ubuntu by typing the command below in your terminal:
sudo apt policy freeradius
To install FreeRADIUS and the various utilities that come with it on Ubuntu 20.04, execute the following command:
sudo apt -y install freeradius freeradius-mysql freeradius-utils
To quickly check that FreeRADIUS and up and running, we need to run FreeRADIUS in debug mode.
First stop the FreeRADIUS service by running the command below in your terminal:
sudo systemctl stop freeradius.service
Then run the following command to run FreeRADIUS debug mode:
sudo freeradius -X
The output should be similar to the one below:
We can see the last line says “Ready to process requests”, that means FreeRADIUS is now up and running on your server.
Creating a database
FreeRADIUS needs a database to store its settings and other information about users, clients and network connections. You can create a database for FreeRADIUS by logging into MariaDB server via the terminal:
sudo mysql -u root
Now create a database named radius:
CREATE DATABASE radius;
Next grant access to the radius database:
GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "yourpassword ";
The flush privileges and quit MariaDB command to update your privileges:
FLUSH PRIVILEGES;
QUIT;
We can see the radius database is created by running the following command in terminal:
mysql -u root -p -e "show databases;"
You should be able to see the radius database listed as shown in the screenshot below:
Installing Daloradius
Daloradius is required to access FreeRADIUS’s web administration interface. First we will download the latest version of daloRADIUS from the git repository usin the wget command:
wget https://github.com/lirantal/daloradius/archive/master.zip
After the download is complete, extract the zip archive using unzip utility as shown below:
unzip master.zip
Next move the daloradius-master folder using the mv utility as shown below:
mv daloradius-master daloradius
Next move into the daloradius directory for configuration:
cd daloradius
Now we need to populate the database with the daloRADIUS schema. The .sql file is located in the ‘/contrib/db/’ folder. You might have to change this path if you didn’t install it in the root destination.
To import, run:
sudo mysql -u root -p radius < contrib/db/fr2-mysql-daloradius-and-freeradius.sql
sudo mysql -u root -p radius < contrib/db/mysql-daloradius.sql
Next move out of the daloradius directory, and move the daloradius folder into the document root:
cd
sudo mv daloradius /var/www/html/
Then rename the sample file by removing the .example extension using the mv utility as shown below:
sudo mv /var/www/html/daloradius/library/daloradius.conf.php.sample /var/www/html/daloradius/library/daloradius.conf.php
Then run the following command to assign ownership of the daloRADIUS web configuration files to Apache:
sudo chown -R www-data:www-data /var/www/html/daloradius/
Next, configure the permissions of your main configuration file to 664 as shown below:
sudo chmod 664 /var/www/html/daloradius/library/daloradius.conf.php
To allow the DaloRADIUS web interface to access FreeRADIUS, we need to provide its database details in the configuration file for DaloRADIUS. Open the .daloradius.conf.php found in ./www/library/daloradius.conf.php and add the database details(username, password and db name):
sudo nano /var/www/html/daloradius/library/daloradius.conf.php
Change the following values to match your database details:
$configValues['FREERADIUS_VERSION'] = '2'; $configValues['CONFIG_DB_ENGINE'] = 'mysqli'; $configValues['CONFIG_DB_HOST'] = 'localhost'; $configValues['CONFIG_DB_PORT'] = '3306'; $configValues['CONFIG_DB_USER'] = 'howtoforge'; $configValues['CONFIG_DB_PASS'] = 'Str0ngpass@howtoforge'; $configValues['CONFIG_DB_NAME'] = 'howtoforge';
Save and exit the file to make sure that everything is correctly configured. Restarting FreeRADIUS and Apache will ensure that everything is working properly:
sudo systemctl restart freeradius
sudo systemctl restart apache2
Leave A Comment?