What's new

tutorial Install and Configure FreeRADIUS & daloRADIUS on Debian 9 with MySQL (PART 3)

ah nou nhy mou

Moderator
Staff member
Moderator
Established
Awards
2
  • SikatPInoy Staff
  • medal 1
Install and Configure FreeRADIUS & daloRADIUS on Debian 9 with MySQL (PART 3)
Install daloRADIUS
Download the latest version of daloRADIUS from the daloRADIUS Project page on SourceForge.
The current latest version of daloRADIUS available there is daloRADIUS 0.9-9. To download it run the following command:
Once downloaded, extract the archive using the following command:
1​
$ tar -xzf daloradius-0.9-9.tar.gz
And move the daloRADIUS folder to the root directory of your server:
1​
$ mv daloradius-0.9-9 /var/www/html/daloradius
Add the daloRADIUS SQL schema:
1
2​
$ mysql -u root -p radius < /var/www/html/daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql
$ mysql -u root -p radius < /var/www/html/daloradius/contrib/db/mysql-daloradius.sql
Change the owner of the daloRADIUS configuration files:
1​
$ chown -R www-data:www-data /var/www/html/daloradius
Change the permissions of the main daloRADIUS configuration file to 664:
1​
$ chmod 664 /var/www/html/daloradius/library/daloradius.conf.php
Open the daloRADIUS configuration file and change the database connection parameters as follows:
1​
$ nano /var/www/html/daloradius/library/daloradius.conf.php
1
2
3
4
5
6
7
8
9
10​
...
$configValues['DALORADIUS_VERSION'] = '0.9-9';
$configValues['FREERADIUS_VERSION'] = '2';
$configValues['CONFIG_DB_ENGINE'] = 'mysqli';
$configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_PORT'] = '3306';
$configValues['CONFIG_DB_USER'] = 'radius';
$configValues['CONFIG_DB_PASS'] = '[email protected]';
$configValues['CONFIG_DB_NAME'] = 'radius';
...
Do make sure you’ve changed $configValues['CONFIG_DB_ENGINE'] = 'mysql'; to $configValues['CONFIG_DB_ENGINE'] = 'mysqli';, or else you may get an error when trying to log into daloRADIUS:
1​
Error Message: DB Error: extension not found
Save and close the file when you’re finished, and restart freeRADIUS:
1​
$ systemctl restart freeradius
Verifying daloRADIUS Installation
At this point daloRADIUS should be installed on your Debian 9 machine.
To test and use it, visit http://domain_or_server_IP/daloradius in your browser. In my case, I’m visiting:
1​
http://my_server_ip/daloradius

The default login credentials are:

Username: Administrator

Password: radius



Testing FreeRADIUS

FreeRADIUS and daloRADIUS should now be installed and configured. To make sure that the server works, we’ll create a user from the web panel and then send an Authentication request to the server.
Create NAS Client & User


For another computer to connect to our RADIUS server, it needs to be added to the NAS Client Table in the RADIUS database.

We’re just starting, so we’ll need to add a new NAS. Do this by first navigating to Management > NAS > New NAS.



Now add a new User by navigating to Management > Users > New Users and filling the form similarly to the following:


There are more attributes you can add to users and groups, but that’s beyond the scope of this tutorial.

Now we should test the NAS and User. Remember that every time a NAS is added, you need to restart FreeRADIUS so it fetches the updated table.

To test our setup, we’ll have to run in debug mode to check out the output. However, FreeRADIUS is probably still running. So to run it in debug mode we’ll have to stop the running service and start it in debug mode using the -X flag:

1
2​
$ service freeradius stop
$ freeradius -X

You’ll see something like this:

1
2
3
4
5
6
7
8
9​
...
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on proxy address * port 46000
Listening on proxy address :: port 59411
Ready to process requests
Test with NTRadPing


To test our server we can use a nice tool called NTRadPing. You can download it here:
ntradping.
To run it, just unzip the archive and run the executable. Fill it with the credentials you created earlier, while keeping in mind that the port RADIUS uses is 1812:
RADIUS Server/port: your_server_ip / 1812
RADIUS Secret Key: strongsecret!
Password: Strongpassword
And check the CHAP checkbox.

Now click send in NTRadPing. The output in NTRadPing should look something like this:

1
2
3
4
5
6​
Sending authentication request to server xx.xx.xx.xx.:1812
transmiting Packet, code=1 id=2 length=50
recieved response from the server in 145 milliseconds
replay packet code=3 id=2 length=20
response: Access-Accept
-------------------attribute dump------------------

The output on the RADIUS server should look something like this:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22​
(0) sql: SQL-User-Name set to 'test_user1'
(0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:packet-Type}', '%S')
(0) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test_user1', '0x61a8a6390c46259cf64b56697fd5d78ad5', 'Access-Accept', '2019-05-06 19:00:56.660290')
(0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test_user1', '0x61a8a6390c46259cf64b56697fd5d78ad5', 'Access-Accept', '2019-05-06 19:00:56.660290')
(0) sql: SQL query returned: success
(0) sql: 1 record(s) updated
rlm_sql (sql): Released connection (6)
(0) [sql] = ok
(0) [exec] = noop
(0) policy remove_reply_message_if_eap {
(0) if (&reply:EAP-Message && &reply:Reply-Message) {
(0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(0) else {
(0) [noop] = noop
(0) } # else = noop
(0) } # policy remove_reply_message_if_eap = noop
(0) } # post-auth = ok
(0) Sent Access-Accept Id 3 from 108.61.203.68:1812 to 213.136.66.127:56372 length 0
(0) Finished request
Waking up in 4.9 seconds.
(0) Cleaning up request packet ID 3 with timestamp +6110
Ready to process requests

Pre-Installed FreeRADIUS Servers

Automatic FreeRADIUS 3 + daloRADIUS Set Up

Instantly deploy machines with FreeRADIUS + MySQL + daloRADIUS GUI Panel already set up, receive the credentials and take over from there! You also get our custom WHMCS Module to help you manage it from our dashboard.

Link here:


https://draculaservers.com/freeradius.php#choose-plan
ANY DONATION ACCEPTED:
09388407503 (GCASH)

ENJOY MGA TOL!

#ahnounhymou

RADIUS 4.png
 
Top