What's new

tutorial INSTALL FREE RADIUS ON CENTOS 7 (PART1)

ah nou nhy mou

Moderator
Staff member
Moderator
Established
Awards
2
  • SikatPInoy Staff
  • medal 1
Install freeradius.png RADIUS & Additional Modules on CentOS 7 (part 1)

How to set up a RADIUS server

Install FreeRADIUS & Additional Modules on CentOS 7
Run the following command to update the system’s package index:

$ sudo yum -y update
We want to install the following packages:

freeradius
freeradius-utils
freeradius-mysql
freeradius-perl
We normally can install the above mentioned packages from the CentOS YUM repository.

With the following line we’ll perform a quick search for all the available freeRADIUS packages, to make sure they’re available:



$ sudo yum search all freeradius
The output should look something like this:



Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: ftpmirror.your.org
* epel: mirror.layeronline.com
* extras: ftpmirror.your.org
* updates: ftpmirror.your.org
============================================================================================================ Matched: freeradius =============================================================================================================
freeradius-devel.i686 : FreeRADIUS development files
freeradius-devel.x86_64 : FreeRADIUS development files
freeradius-doc.x86_64 : FreeRADIUS documentation
freeradius-krb5.x86_64 : Kerberos 5 support for freeradius
freeradius-ldap.x86_64 : LDAP support for freeradius
freeradius-mysql.x86_64 : MySQL support for freeradius
freeradius-perl.x86_64 : Perl support for freeradius
freeradius-postgresql.x86_64 : Postgresql support for freeradius
freeradius-python.x86_64 : Python support for freeradius
freeradius-sqlite.x86_64 : SQLite support for freeradius
freeradius-unixODBC.x86_64 : Unix ODBC support for freeradius
freeradius-utils.x86_64 : FreeRADIUS utilities
freeradius.x86_64 : High-performance and highly configurable free RADIUS server
radcli-compat-devel.x86_64 : Development files for compatibility with radiusclient-ng and freeradius-client
pam_radius.x86_64 : PAM Module for RADIUS Authentication
radcli.x86_64 : RADIUS protocol client library
Looking through the output we can see the packages we want to install are available so we can go through with the installation.


freeradius.x86_64 : High-performance and highly configurable free RADIUS server
freeradius-utils.x86_64 : FreeRADIUS utilities
freeradius-mysql.x86_64 : MySQL support for freeradius
freeradius-perl.x86_64 : Perl support for freeradius
With the following line we’ll install freeradius, freeradius-utils, freeradius-mysql and freeradius-perl:

1
$ sudo yum -y install freeradius freeradius-utils freeradius-mysql freeradius-perl
After the installation’s finished, start and enable freeRADIUS so it’s running and so it also starts up on boot:

1
2
$ systemctl start radiusd.service
$ systemctl enable radiusd.service
Output for enable radiusd.service:

1
Created symlink from /etc/systemd/system/multi-user.target.wants/radiusd.service to /usr/lib/systemd/system/radiusd.service.
Check the status of radiusd.service:

1
$ systemctl status radiusd.service
Output:




● radiusd.service - FreeRADIUS high performance RADIUS server.
Loaded: loaded (/usr/lib/systemd/system/radiusd.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2019-05-04 15:28:42 UTC; 1min 8s ago
Main PID: 1687 (radiusd)
CGroup: /system.slice/radiusd.service
└─1687 /usr/sbin/radiusd -d /etc/raddb

May 04 15:28:42 dracula_backup systemd[1]: Starting FreeRADIUS high performance RADIUS.....
May 04 15:28:42 dracula_backup systemd[1]: Started FreeRADIUS high performance RADIUS .....
Hint: Some lines were ellipsized, use -l to show in full.
Configure CentOS 7 Firewall for freeRADIUS
We’ll configure firewalld to allow radius and httpd packets.

RADIUS server uses UDP ports 1812 and 1813. You can check this by issuing the following command:

1

$ cat /usr/lib/firewalld/services/radius.xml
Output:



<?xml version="1.0" encoding="utf-8"?>
<service>
<short>RADIUS</short>
<description>The Remote Authentication Dial In User Service (RADIUS) is a protocol for user authentication over networks. It is mostly used for modem, DSL or wireless user authentication. If you plan to provide a RADIUS service (e.g. with freeradius), enable this option.</description>
<port protocol="tcp" port="1812"/>
<port protocol="udp" port="1812"/>
<port protocol="tcp" port="1813"/>
<port protocol="udp" port="1813"/>
</service>
Start, enable firewalld and check it’s status



$ systemctl enable firewalld
$ systemctl start firewalld
$ systemctl status firewalld
Output of status check:



● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2019-05-04 13:39:12 UTC; 8h ago
Docs: man:firewalld(1)
Main PID: 1775 (firewalld)
CGroup: /system.slice/firewalld.service
└─1775 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

May 04 13:39:10 guest systemd[1]: Starting firewalld - dynamic firewall daemon...
May 04 13:39:12 guest systemd[1]: Started firewalld - dynamic firewall daemon.
Check to make sure firewalld is running


$ firewall-cmd --state
running
Create permanent rules to default zone to allow http, https and radius services

1
$ firewall-cmd --add-service={http,https,radius} --permanent
Reload firewalld for the changes to take effect

1
$ firewall-cmd --reload
Confirm that the services were successfully added to default zone

$ firewall-cmd --get-default-zone
public

$ firewall-cmd --list-services --zone=public
dhcpv6-client http https radius ssh
The services that we just allowed (http, https & radius) are all listed in the output, which means we can proceed.


Install FreeRADIUS & Additional Modules on CentOS 7 (part 2)

Test RADIUS Server
We’ll test the RADIUS server in debug mode, which means we’ll have to run the service. The problem is that the server’s already running from earlier, and running in debug mode will fail to bind ports, as such we’ll have to kill the radius service first:


$ pkill radius
Now run the RADIUS server in debug mode to check if everything’s working:

1
$ radiusd -X
You should see a long output ending in:

Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on proxy address * port 57424
Listening on proxy address :: port 44958
Ready to process requests
The basic installation of FreeRADIUS seems to have been successful.

Now we’ll proceed with configuring our RADIUS server to use MariaDB or MySQL ( depending on which you prefer ).

Step 2 – Install & Configure MariaDB 10 on CentOS 7
NOTE: MariaDB 5.5 is the default database engine in CentOS at the time of writing. Installing MySQL should be somewhat similar. Should you want us to add instructions for MySQL, then just hit us up and we’ll add in the instructions for MySQL.

MariaDB 10 is not the default version on CentOS, as such we’ll add the official MariaDB repositories to our system.

Create a new file, we’ll call it /etc/yum.repos.d/MariaDB.repo using your favorite text editor:

$ nano /etc/yum.repos.d/MariaDB.repo
Add the following content to it, and save and exit the file when you’re done:


[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
Update the package index:

1
$ yum -y update
And install MariaDB:

1
$ yum install -y mariadb-server mariadb
After the installation is finished, start MariaDB and enable it so it runs on boot:


$ systemctl start mariadb
$ systemctl enable mariadb
Check to make sure it’s running and enabled:

$ systemctl status mariadb
$ systemctl is-enabled mariadb.service
enabled
Securing MariaDB / MySQL
MariaDB/MySQL comes with a script that helps you conveniently secure it and remove some insecure defaults. Some important things it allows you to do:

set the root password
remove anonymous users
disallow remote login
Run it with the following command and you’ll be guided through the process.

1
$ mysql_secure_installation
We recommend you proceed as follows:

Enter current password for root (enter for none): ENTER
Set root password? [Y/n] y
New password: Enter password
Re-enter new password: Repeat password

You’ll also be prompted to answer some questions to remove/keep some defaults:

Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y
 
Top