What's new

tutorial Install and Configure FreeRADIUS & daloRADIUS on Debian 9 with MySQL (PART 2)

ah nou nhy mou

Moderator
Staff member
Moderator
Established
Awards
2
  • SikatPInoy Staff
  • medal 1
Install and Configure FreeRADIUS & daloRADIUS on Debian 9 with MySQL (PART 1)

Install LAMP Stack on Debian 9

NOTE: If you already have LAMP Stack installed on your Dabian 9 machine, or don’t want to install the daloRADIUS FreeRADIUS GUI, then feel free to skip to the FreeRADIUS installation
Before anything else, make sure you update & upgrade your system.:
1
2​
$ apt update
$ apt upgrade
Install Apache
1​
$ apt install apache2
Apache should be running right away. To check it’s status run the following:
1
2
3
4
5
6
7
8
9
10
11
12
13
14​
$ systemctl status apache2
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset:
Active: active (running) since Thu 2019-05-16 19:05:47 UTC; 8s ago
Main PID: 29784 (apache2)
CGroup: /system.slice/apache2.service
├─29784 /usr/sbin/apache2 -k start
├─29786 /usr/sbin/apache2 -k start
└─29787 /usr/sbin/apache2 -k start

May 16 19:05:47 debian_radius systemd[1]: Starting The Apache HTTP Server...
May 16 19:05:47 debian_radius apachectl[29773]: AH00558: apache2: Could not reli
May 16 19:05:47 debian_radius systemd[1]: Started The Apache HTTP Server.
...
You can also check that Apache is running by visiting http://your_server_ip_or_domain, and should see something like the following screenshot:

Install MySQL on Debian 9

Install MySQL by running the following command:

1​
$ apt install mysql-server

MySQL comes with a script that helps you change some insecure defaults, such as:

  • setting root password
  • removing anonymous users
  • disallowing remote login
  • removing test database

Run the script with the command:

1​
$ mysql_secure_installation

We recommend you answer the prompts as follows.

First press enter when prompted for the root password:

1​
Enter current password for root (enter for none): Enter

Confirm that you want to set the root password and then set a complicated password for MySQL.

1
2
3
4
5
6
7
8
9​
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] Y
New password: S0me_Str0ng_Passw0rd
Re-enter new password: S0me_Str0ng_Passw0rd
Password updated successfully!
Reloading privilege tables..
... Success!

Confirm removing anonymous users.

1
2​
Remove anonymous users? [Y/n] y
... Success!

Disallow root login remotely.

1
2​
Disallow root login remotely? [Y/n] y
... Success!

Remove the test database.

1
2
3
4
5​
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reload privilege tables.

1
2
3
4​
Reload privilege tables now? [Y/n] y
... Success!

Cleaning up...

At this point, MySQL should be successfully set up on your Debian 9 machine.
Install PHP on Debian 9



Run the following command to install PHP and common extensions:

1​
$ apt install php libapache2-mod-php php-mysql php-common php-gd php-mbstring php-curl php-xml

Now configure Apache so it processes PHP content. Do this by editing the file /etc/apache2/mods-available/dir.conf in your favorite text editor:

1​
$ nano /etc/apache2/mods-available/dir.conf

To configure Apache to process PHP, add index.php as the first value of DirectoryIndex.

1
2
3
4
5​
<IfModule mod_dir.c>
DirectoryIndex index.php index.html index.cgi index.pl index.php index.$
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Save and close the file when you’re done.

Finally restart Apache:

1​
$ systemctl restart apache2
Install FreeRADIUS on Debian 9
Install FreeRADIUS and it’s dependencies:

1​
$ sudo apt install -y freeradius freeradius-utils freeradius-mysql

Enable FreeRADIUS so it runs after you restart the system:

1​
$ systemctl enable freeradius

For now stop FreeRADIUS so you can run it in debug mode and check if everything’s running correctly:

1​
$ systemctl stop freeradius

Next, run FreeRADIUS in debug mode:

1​
$ freeradius -X

If everything’s working OK, the output should be something like this:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19​
...
listen {
type = "acct"
ipv6addr = ::
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on proxy address * port 37669
Listening on proxy address :: port 58519
Ready to process requests

Log into the MySQL console as root:

1
2​
$ mysql -u root -p
Enter Password: S0me_Str0ng_Passw0rd

Create a database and user for RADIUS:

1
2
3
4​
create database radius;
grant all privileges on radius.* to [email protected] identified by '[email protected]';
flush privileges;
quit

Next, import the FreeRADIUS database schema that shipped with FreeRADIUS – it’s located at /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql:

1
2​
$ mysql -u root -p radius < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql
Enter Password: S0me_Str0ng_Passw0rd

Enable the FreeRADIUS SQL module by creating a symbolic link to the sql module from /etc/freeradius/3.0/mods-available/ to mods-enabled:

1​
$ ln -s /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-enabled/

Open /etc/freeradius/3.0/mods-available/sql with your favorite editor…

1​
$ nano /etc/freeradius/3.0/mods-available/sql

Change the following values, as well as uncommenting them by removing the # sign at the beginning of their lines:

1
2
3
4
5
6
7
8​
dialect = "mysql"

server = "localhost"
port = 3306
login = "radius"
password = "[email protected]"

radius_db = "radius"

Look for the line locating read_clients = yes. You’ll probably see that it starts with a # sign, which means that it’s commented out. Delete the # sign to enable FreeRADIUS to read clients from the database. It should look like this after you’re done:

1
2
3
4
5​
...
# Set to 'yes' to read radius clients from the database ('nas' table)
# Clients will ONLY be read on server startup.
read_clients = yes
...

Save and exit the file when you’re done.

Change the ownership and group for the SQL module to freerad with the following command:

1​
$ chown -h freerad.freerad /etc/freeradius/3.0/mods-enabled/sql

Restart FreeRADIUS:

1​
$ systemctl restart freeradius




View attachment 283
 

Attachments

Top