FreeRADIUS and Daloradius installation on CentOS 7

we will see how to install FreeRADIUS server with Daloradius on Centos 7 and RHEL 7. So first of all we should know what is RADIUS and Daloradius?

What is RADIUS?

RADIUS, which stands for “Remote Authentication Dial In User Service”.RADIUS authentication and accounting protocols, which are UDP-based protocols. During the RADIUS authentication phase a network client connects to a network access server (NAS) and provides authentication credentials. The NAS then uses the authentication credentials to issue a RADIUS authentication request to the RADIUS server. The RADIUS server and the NAS will then exchange RADIUS authentication messages.

Once the authentication completes, the RADIUS server passes an “Accept” or “Reject” message to the NAS. The NAS will then permit or reject connection of the client to the network.

FreeRADIUS is a open source RADIUS server developed under the GNU General Public License. FreeRADIUS comes with web-based user administration tool and is modular, very scalable and rich sets of features.

What is Daloradius?

DaloRADIUS is an advanced RADIUS web management application aimed at managing hotspots and general-purpose ISP deployments. It features user management, graphical reporting, accounting, a billing engine and integrates with Google Maps for Geo-locating.

Now let’s start installation process of FreeRADIUS and DaloRADIUS

SELINUX Setting:-

Before installations, I recommend turning off SELinux or setting it in permissive mode:-

[[email protected] ~]# setenforce 0
[[email protected] ~]# sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config
[[email protected] ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
[[email protected] ~]#

Prerequisites:-

Update your CentOS 7 and install Deployment Tool. You can run this commands to update your CentOS and for Deployment Tool installation.

[[email protected] ~]# yum -y update
[[email protected] ~]# yum groupinstall "Development Tools" -y

Install httpd server

[[email protected] ~]# yum -y install httpd httpd-devel

After installation you can enable and start your HTTPD service using below commands. You can also check running status of HTTPD service using below commands.

[[email protected] ~]# systemctl enable httpd
[[email protected] ~]# systemctl start httpd
[[email protected] ~]# systemctl status httpd

Installing and Configuring MariaDB

Now we are going to install and configure MariaDB 10.1.33, using below steps:-

Add MariaDB official repo content to CentOS 7 system

Add the below content in MariaDB.repo file and save the file.

[[email protected] ~]#vi /etc/yum.repos.d/MariaDB.repo
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDBgpgcheck=1

Update system and install MariaDB to configure Database server

[[email protected] ~]# yum -y update
[[email protected] ~]# yum install -y mariadb-server mariadb

You will get prompted to install MariaDB GPG Signing key. Just press y to allow installation.

Start and enable MariaDB

[[email protected] ~]# systemctl start mariadb
[[email protected] ~]# systemctl enable mariadb

Check running and enabled status of MariaDB

[[email protected] ~]# systemctl status mariadb
[[email protected] ~]# systemctl is-enabled mariadb.service
 enabled

Configure initial MariaDB settings to secure it.

Here we will set root password. For security purposes, consider removing anonymous users and disallowing remote root login. You can see below example configuration. Key choices has been marked in bold.

[[email protected] ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
[[email protected] ~]#

Allow only local connection to mysql server. This is a security mechanism.

[[email protected] ~]# vi /etc/my.cnf
 [mysqld]
 bind-address=127.0.0.1

Configure Database for freeradius

[[email protected] ~]# mysql -u root -p -e " CREATE DATABASE radius"
[[email protected] ~]# mysql -u root -p -e "show databases"
[[email protected] ~]# mysql -u root -p
MariaDB [(none)]> GRANT ALL ON radius.* TO [email protected] IDENTIFIED BY "radiuspassword";
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> \q
Bye
[[email protected] ~]#

Installing php 7 on CentOS 7

[[email protected] ~]# cd ~
[[email protected] ~]# curl 'https://setup.ius.io/' -o setup-ius.sh
[[email protected] ~]# bash setup-ius.sh
[[email protected] ~]# yum remove php-cli mod_php php-common
[[email protected] ~]# yum -y install mod_php70u php70u-cli php70u-mysqlnd php70u-devel php70u-gd php70u-mcrypt php70u-mbstring php70u-xml php70u-pear
[[email protected] ~]# apachectl restart

After installation you can check php version to confirm using below commands:-

[[email protected] ~]# php -v

If php 7 fails to work for you, then you can install php 5 by running below commands. You have to first uninstall php 7 then you can try with php 5.

[[email protected] ~]# yum -y install php-pear php-devel php-mysql php-common php-gd php-mbstring php-mcrypt php php-xml

Installing FreeRADIUS

[[email protected] ~]# yum -y install freeradius freeradius-utils freeradius-mysql

You have to start and enable freeradius with below commands, after successfully installation.

[[email protected] ~]# systemctl start radiusd.service
[[email protected] ~]# systemctl enable radiusd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/radiusd.service to /usr/lib/systemd/system/radiusd.service.

Now you can check the status:-

[[email protected] ~]# systemctl status radiusd.service

Now we have to configure firewalld to allow radius and httpd packets in and out.
Radius server use udp ports 1812 and 1813. This can be confirmed by viewing the contents of the file /usr/lib/firewalld/services/radius.xml. You can cat this file and see.

[[email protected] ~]# cat /usr/lib/firewalld/services/radius.xml

First start and enable firewalld for security

[[email protected] ~]# systemctl enable firewalld
[[email protected] ~]# systemctl start firewalld
[[email protected] ~]# systemctl status firewalld

Confirm firewalld is running or not

[[email protected] ~]# firewall-cmd --state
running

Add permanent rules to default zone to allow http,https and radius services

[[email protected] ~]# firewall-cmd --get-services | egrep 'http|https|radius'
[[email protected] ~]# firewall-cmd --add-service={http,https,radius} --permanent

Reload firewalld for changes to take effect

[[email protected] ~]# firewall-cmd --reload

We can confirm that services were successfully added to default zone

[[email protected] ~]# firewall-cmd --get-default-zone
public
[[email protected] ~]# firewall-cmd --list-services --zone=public
dhcpv6-client http https radius ssh

You can see the three services present hence we are good to proceed.

[[email protected] ~]# ss -tunlp | grep radiusd

If you want to run radius server in debug mode. You can run this command radiusd -X If debug mode is going to fail to bind to ports, you may have to kill radius server daemon first.

In this case you have to kill radius daemon first then you can start radiusd -X

[[email protected] ~]# pkill radius

Then you can start radius server in debugging mode and you will see below massage if your radius service successfully run in debug mode.

[[email protected] ~]# radiusd –X
----------------------------
----------------------------------
--------------------------------------
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on proxy address * port 39556
Listening on proxy address :: port 52609
Ready to process requests

Configure FreeRADIUS

To Configure FreeRADIUS to use MariaDB, you can follow steps below:-

Import the Radius database scheme to populate radius database

[[email protected] ~]# mysql -u root -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql

Configure Radius at this point

First of all we have to create a soft link for SQL under /etc/raddb/mods-enabled

[[email protected] ~]# ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/

Then we can configure SQL module /raddb/mods-available/sql and change the database connection parameters to suitable our environment like this:-

sql section should be look similar to below.

[[email protected] ~]# vi /etc/raddb/mods-available/sql
sql {
driver = "rlm_sql_mysql"
dialect = "mysql"
# Connection info:
server = "localhost"
port = 3306
 login = "radius"
 password = "radiuspassword"
# Database table configuration for everything except Oracle
radius_db = "radius"
}
# Set to ‘yes’ to read radius clients from the database (‘nas’ table)
# Clients will ONLY be read on server startup.
read_clients = yes
# Table to keep radius client info
client_table = “nas”

Then change group right of /etc/raddb/mods-enabled/sql to radiusd:-

[[email protected] ~]# chgrp -h radiusd /etc/raddb/mods-enabled/sql

Installing and Configuring Daloradius

Installing Daloradius

We can use Daloradius to manage our radius server. This is optional and should not be done before install FreeRADIUS. There are two ways to download daloradius, either from github or sourceforge.

Github method:-

[[email protected] ~]# wget https://github.com/lirantal/daloradius/archive/master.zip
[[email protected] ~]# unzip master.zip
[[email protected] ~]# mv daloradius-master/ daloradius

Sourceforge way:-

[[email protected] ~]# wget http://liquidtelecom.dl.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz
[[email protected] ~]# tar zxvf daloradius-0.9-9.tar.gz
[[email protected] ~]# mv daloradius-0.9-9 daloradius

Change directory for configuration

[[email protected] ~]# cd daloradius

Configuring daloradius

Now import Daloradius mysql tables

[[email protected] ~]# mysql -u root -p radius < contrib/db/fr2-mysql-daloradius-and-freeradius.sql
[[email protected] ~]# mysql -u root -p radius < contrib/db/mysql-daloradius.sql

Configure daloRADIUS database connection details

[[email protected] ~]# cd ..
[[email protected] ~]# mv daloradius /var/www/html/

We need to change permissions for http folder and set the right permissions for daloradius configuration file.

[[email protected] ~]# chown -R apache:apache /var/www/html/daloradius/
[[email protected] ~]# chmod 664 /var/www/html/daloradius/library/daloradius.conf.php

Now we have to modify daloradius.conf.php file to adjust the MySQL database information . So let’s open the daloradius.conf.php and add the database username, password and db name.

[[email protected] ~]# vi /var/www/html/daloradius/library/daloradius.conf.php

Especially relevant variables to configure are:

CONFIG_DB_USER

CONFIG_DB_PASS

CONFIG_DB_NAME

Make sure everything works, restart radiusd, httpd and mysql:

[[email protected] ~]# systemctl restart radiusd.service
[[email protected] ~]# systemctl restart mariadb.service
[[email protected] ~]# systemctl restart httpd

If you have install php 7 then you can ignore php-pear installation. And you have to only run pear install DB.

[[email protected] ~]# yum install php-pear
[[email protected] ~]# pear install DB

We have completed installation and configuration of daloradius and freeradius. To access daloradius, open the link using your IP address, then you will get your radius dashboard.

http://ip-address/daloradius/login.php

Default login details are:
Username: administrator
Password: radius

In this tutorial we have seen how to install FreeRADIUS and DaloRADIUS in CentOS 7.

7 thoughts on “FreeRADIUS and Daloradius installation on CentOS 7

  1. Hi, I do believe this is a great website. I stumbledupon it 😉 I willcome back once again since I du an safira khang dien – canhosafira.com.vn it.Money and freedom is the best way to change, mayyou be rich and continue to guide other people.

  2. great publish, very informative. I wonder why the other experts of this sector don’t realize this. You should proceed your writing. I am confident, you’ve a great readers’ base already!

  3. Pretty portion of content. I simply stumbled upon your blog and in accession capital to assert that I get actually enjoyed account your weblog posts. Anyway I’ll be subscribing in your feeds and even I fulfillment you get admission to consistently quickly.

  4. I am regular reader, how are you everybody?
    This post posted at this web site is really fastidious.

  5. Thanks designed for sharing such a good opinion, piece of
    writing is good, thats why i have read it entirely

  6. Hi mates, how is everything, and what you desire to
    say regarding this paragraph, in my view its really awesome
    designed for me.

  7. My brother suggested I might like this blog. He was entirely right.
    This post actually made my day. You can not imagine simply how much time I had spent for this information! Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *