What's new

tutorial INSTALL FREE RADIUS ON CENTOS 7 (PART2)

ah nou nhy mou

Moderator
Staff member
Moderator
Established
Awards
2
  • SikatPInoy Staff
  • medal 1
INSTALL FREE RADIUS ON CENTOS 7 (PART2)


Step 3 – Install PHP 7 on CentOS 7
CentOS 7 ships with PHP 5.4 at the time of writing, which has been officially EOL for some time.

By using PHP 7 applications will load faster and use up less resources.

PHP 7.x is available from various repositories. For our purposes, we’ll use the Remi Repository, which provides newer versions of applications.

The Remi Repository depends on the EPEL repository. With the following line we’ll add both EPEL and Remi:

$ sudo yum install epel-release yum-utils
$ sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
We’ll install PHP 7.3, which is the latest stable release at the time of writing.

Enable the PHP 7.3 Remi repository:

1
$ sudo yum-config-manager --enable remi-php73
And run the following command to install PHP 7.3 along with some of the most common PHP modules:

1
$ sudo yum install php php-common php-opcache php-mcrypt php-cli php-gd php-curl php-mysqlnd
You may be asked during the installation if you’re ok with importing a GPG Key. Answer y and hit enter.

With the following command we can check the PHP version, to make sure the installation was successful:

1
$ php -v
Step 4 – Configure FreeRADIUS to use MariaDB/MySQL
To configure FreeRADIUS to use MariaDB / MySQL, we’ll have to create a database with tables to be used by the FreeRADIUS server for finding RADIUS users and to store accounting data.

The FreeRADIUS MySQL package ships with the necessary query to create these tables, making our job a lot easier.

To begin, we’ll log into MariaDB or MySQL and create and configure a database that we’ll call radius:

1
$ mysql -u root -p
Enter your password at the prompt.

Once you’re logged in, run the following commands to create and configure the database:

MariaDB [(none)]> CREATE DATABASE radius;
MariaDB [(none)]> GRANT ALL ON radius.* TO [email protected] IDENTIFIED BY "radiuspassword";
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> quit;
Next import the RADIUS database scheme to populate the radius database:

1
$ mysql -uroot -pYOUR_PASSWORD radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql
And create a soft link for SQL under /etc/raddb/mods-enabled:

1
$ ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/
Now we’ll configure the freeRADIUS server to use the database server. Do this by opening the configuration file /raddb/mods-available/sql using your favorite text editor:

1
$ nano /etc/raddb/mods-available/sql
The sql section should look something like the following, although yours will be a longer document due to explanations and other lines that are commented out.


sql {

driver = "rlm_sql_mysql"
dialect = "mysql"

# Connection info:

server = "localhost"
port = 3306
login = "radius"
password = "radiuspassword"

# Database table configuration for everything except Oracle

radius_db = "radius"
}

# Set to ‘yes’ to read radius clients from the database (‘nas’ table)
# Clients will ONLY be read on server startup.
read_clients = yes

# Table to keep radius client info
client_table = “nas”
The steps to follow here are:

Change driver = "rlm_sql_null" to driver = "rlm_sql_mysql"

Change dialect = "sqlite" to dialect = "mysql"

Uncomment server, port, login and password by removing # from the beginning of the line, as well as changing password = "radpass" to password = "radiuspassword".

To exemplify, here is how the lines look initially:


# server = "localhost"
# port = 3306
# login = "radius"
# password = "radpass"
And here is how they look after:

server = "localhost"
port = 3306
login = "radius"
password = "radiuspassword"
Uncomment the read_clients = yes line, by removing the # at the beginning of the line.

The other lines should be already set up according to our needs, so you can save and close the file when you’re done. ( You can check to make sure that everything’s in order, however )

Finally, change the group rights of /etc/raddb/mods-enabled/sql to radiusd:

1
$ chgrp -h radiusd /etc/raddb/mods-enabled/sql
Now let’s run FreeRADIUS in debug mode again, since we’ve made some changes.

If the RADIUS server is running, first kill the deamon:

1
pkill radiusd
And run the server in debug mode:

1
radiusd -X
Output:


Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on proxy address * port 59387
Listening on proxy address :: port 51874
Ready to process requests

Step 5 – GUI WebPanel
There are a few freeRADIUS web panels available for easier user creation and management. We’re currently using daloRADIUS. You can follow our tutorial to installing daloRADIUS WebPanel on a RADIUS server on CentOS 7, and then return to this page.

daloradius_preview

NOTE: Should you be looking for a ready-made solution complete with FreeRADIUS + daloRADIUS installed, we offer FreeRADIUS Servers that you can deploy in a few minutes. Additionally you can opt, any time after you’ve ordered, for priority support which ensures you get help when you encounter issues.

Step 6 – Create a NAS Client & User
For other computers to connect to the RADIUS server, they need to be added to the NAS client table in the RADIUS database.

First we need to add the NAS. Do this in daloRADIUS by navigating to Management > Nas > New Nas.

daloradius_create_nas_table

After adding the NAS, you can add new Users in daloRADIUS by going to Management > Users > New Users.

daloradius_add_new_user

There are more attributes that you can set to users and user groups, however that is beyond the scope of this tutorial.

Now that we’ve added a new NAS and new User, we should test them. Every time a new NAS is added, you’ll need to reload FreeRADIUS so it fetches the refreshed table. To test that everything is OK, stop the freeradius server and start it in debug mode and move on to the next step.

First we’ll kill the daemon:

1
$ pkill radiusd
And start it in debug mode:

1
$ radiusd -X
Step 7 – Testing with NTRadPing
A great tool we can use to test our radius servers is NTRadPing. You can download it here: ntradping.

Unzip and run the executable, and in fill out the fields with the credentials you created earlier when adding the new NAS and new User. Here’s how we fill it, according to the credentials we created in this tutorial. Also keep in mind that RADIUS users port 1812, so that’s the port you want to fill in.

RADIUS Server/port: your_server_ip / 1812
RADIUS Secret Key: strongsecret!
Password: Strongpassword

Now click Send and you should receive a reply that looks something like this:

Sending authentication request to server xx.xx.xx.xx.:1812
transmiting Packet, code=1 id=2 length=50
recieved response from the server in 145 milliseconds
replay packet code=3 id=2 length=20
response: Access-Accept
-------------------attribute dump------------------
The output for FreeRADIUS debug mode when a user is successfully authenticated should look something like this:


(0) sql: SQL-User-Name set to 'test_user1'
(0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:packet-Type}', '%S')
(0) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test_user1', '0x61a8a6390c46259cf64b56697fd5d78ad5', 'Access-Accept', '2019-05-06 19:00:56.660290')
(0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test_user1', '0x61a8a6390c46259cf64b56697fd5d78ad5', 'Access-Accept', '2019-05-06 19:00:56.660290')
(0) sql: SQL query returned: success
(0) sql: 1 record(s) updated
rlm_sql (sql): Released connection (6)
(0) [sql] = ok
(0) [exec] = noop
(0) policy remove_reply_message_if_eap {
(0) if (&reply:EAP-Message && &reply:Reply-Message) {
(0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(0) else {
(0) [noop] = noop
(0) } # else = noop
(0) } # policy remove_reply_message_if_eap = noop
(0) } # post-auth = ok
(0) Sent Access-Accept Id 3 from 108.61.203.68:1812 to 213.136.66.127:56372 length 0
(0) Finished request
Waking up in 4.9 seconds.
(0) Cleaning up request packet ID 3 with timestamp +6110
Ready to process requests
Step 8 – Conclusion
If you’ve made it this far then you should have your FreeRADIUS server up and running with daloRADIUS WebPanel on a CentOS 7 machine. Well done.

Should you have issues with setting up RADIUS servers, then do keep in mind that we offer a solution for deploying instant FreeRADIUS Servers.

Our servers come with FreeRADIUS + daloRADIUS + phpMyAdmin readily installed, and you can have them up in minutes! Additionally, you can opt for our Professional Support addon at a later time, should you find yourself needing priority support when things get more complex. To find out more info, please check our FreeRADIUS Servers Offer.

Additional tutorials you may be interested in:

Creating Radius Profiles with Bandwidth Limits
If you prefer to use FreeRADIUS on Ubuntu 18.04, then check out our tutorial on installing FreeRADIUS with MySQL on Ubuntu 18.04

FREE RADIUS KVM OPEN THIS LINK;

RADIUS 2.jpg
 
Top