This guide is to help you install FreeRADIUS and Daloradius on Ubuntu LTS servers. FreeRADIUS is an open source, high-performance, modular, scalable and feature-rich RADIUS server. It ships with both server and radius client, development libraries and numerous additional RADIUS related utilities.

FreeRADIUS supports request proxying, with fail-over and load balancing, as well as the ability to access many types of back-end databases.

RADIUS, which stands for “Remote Authentication Dial-In User Service“, is a network protocol used for remote user authentication and accounting. It provides AAA services; namely Authorization, Authentication, and Accounting.

Features of FreeRADIUS

  • Flexible Configuration through a wide range of methods to select user configurations.
  • Complete support for RFC 2865 and RFC 2866 attributes.
  • EAP with EAP-MD5, EAP-SIM, EAP-TLS, EAP-TTLS, EAP-PEAP, and Cisco LEAP EAP sub-types
  • Vendor Specific Attributes for almost one hundred vendors, including BinTec, Foundry, Cisco, Juniper, Lucent/Ascend, HP ProCurve, Microsoft, USR/3Com, Acc/Newbridge and many more.

What is daloRADIUS?

On the other side, daloRADIUS is an advanced RADIUS web management platform written in PHP and JavaScript. It is mainly aimed at managing Hotspots and general-purpose ISP deployments powered by FreeRADIUS server. Some good features of daloRADIUS include:

  • Has a database abstraction layer with support for many database systems – MySQL, SQLite, PostgreSQL, MsSQL and Oracle
  • Advanced user management
  • Powerful graphical reporting and accounting
  • Integrates with GoogleMaps for geo-location
  • Has a  billing engine

1. Update system

Start by updating your system packages to the latest version:

sudo apt update && sudo apt -y upgrade

Reboot system after doing an upgrade

[ -f /var/run/reboot-required ] && sudo reboot -f

Once the system is up, begin the installation FreeRADIUS and Daloradius on your Ubuntu system.

2. Install Apache and PHP

Daloradius will require php and Apache web server to be installed on the host system.

Install Apache web server by running:

sudo apt -y install apache2

For installation of PHP on Ubuntu run:

sudo apt -y install vim php libapache2-mod-php php-{gd,common,mail,mail-mime,mysql,pear,db,mbstring,xml,curl,zip}

Check the version of php installed:

$ php -v
PHP 8.3.6 (cli) (built: Jun 13 2024 15:23:20) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.3.6, Copyright (c) Zend Technologies
    with Zend OPcache v8.3.6, Copyright (c), by Zend Technologies

3. Install MariaDB and Create database

Next is to install the MariaDB server and create a database for daloRADIUS:

sudo apt update && sudo apt install mariadb-server

Once installed and running, create a database for FreeRADIUS, this will be used at a later stage.

database name: radius
database user: radius
database user password: Str0ngR@diusPass

If you have a dedicated database server, replace localhost with the IP of source FreeRADIUS Server.

$ sudo mysql -u root -p
CREATE DATABASE radius;
GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "Str0ngR@diusPass";
FLUSH PRIVILEGES;
QUIT

4. Install and Configure FreeRADIUS

You can view versions of freeradius available in your Ubuntu:

$ sudo apt policy freeradius
freeradius:
  Installed: (none)
  Candidate: 3.2.3+dfsg-2build7
  Version table:
     3.2.3+dfsg-2build7 500
        500 https://mirror.hetzner.com/ubuntu/packages noble/main amd64 Packages

Install FreeRadius packages from official Ubuntu APT repository with the commands below:

sudo apt -y install freeradius freeradius-mysql freeradius-utils

Among the packages installed are mysql module and utils package.

Import the freeradius MySQL database scheme:

sudo su -
mysql -u root -p radius < /etc/freeradius/*/mods-config/sql/main/mysql/schema.sql

Check tables created:

$ sudo  mysql -u root -p -e "use radius;show tables;"
Enter password: 
+------------------+
| Tables_in_radius |
+------------------+
| nas              |
| radacct          |
| radcheck         |
| radgroupcheck    |
| radgroupreply    |
| radpostauth      |
| radreply         |
| radusergroup     |
+------------------+

Create a soft link for sql module under /etc/freeradius/version/mods-enabled/

sudo ln -s /etc/freeradius/*/mods-available/sql /etc/freeradius/*/mods-enabled/

Configure SQL module and change the database connection parameters to suit your environment.

sudo nano /etc/freeradius/*/mods-enabled/sql

Your sql section should look similar to below.

sql {
driver = "rlm_sql_mysql"
dialect = "mysql"

# Connection info:
server = "localhost"
port = 3306
login = "radius"
password = "Str0ngR@diusPass"

# Database table configuration for everything except Oracle
radius_db = "radius"
}

# Set to ‘yes’ to read radius clients from the database (‘nas’ table)
# Clients will ONLY be read on server startup.
read_clients = yes

# Table to keep radius client info
client_table = "nas"

Comment SSL sections in mysql

        mysql {
                # If any of the files below are set, TLS encryption is enabled
#               tls {
#                       ca_file = "/etc/ssl/certs/my_ca.crt"
#                       ca_path = "/etc/ssl/certs/"
#                       certificate_file = "/etc/ssl/certs/private/client.crt"
#                       private_key_file = "/etc/ssl/certs/private/client.key"
#                       cipher = "DHE-RSA-AES256-SHA:AES128-SHA"
#
#                       tls_required = yes
#                       tls_check_cert = no
#                       tls_check_cert_cn = no
#               }

                # If yes, (or auto and libmysqlclient reports warnings are
                # available), will retrieve and log additional warnings from
                # the server if an error has occured. Defaults to 'auto'
                warnings = auto
        }

Then change group right of /etc/freeradius/3.0/mods-enabled/sql

sudo chgrp -h freerad /etc/freeradius/*/mods-available/sql
sudo chown -R freerad:freerad /etc/freeradius/*/mods-enabled/sql

Restart freeradius service:

sudo systemctl restart freeradius.service

5. Install and Configure Daloradius

We need to install Daloradius to get FreeRADIUS web administration interface.

sudo apt -y install git
git clone https://github.com/lirantal/daloradius.git

Configuring daloradius

  • Now import Daloradius mysql tables
sudo su -
mysql -u root -p radius < daloradius/contrib/db/fr3-mariadb-freeradius.sql
mysql -u root -p radius < daloradius/contrib/db/mariadb-daloradius.sql
  • Configure daloRADIUS database connection details:
sudo mv daloradius /var/www/

Then change permissions for http folder and set the right permissions for the daloradius configuration file.

cd /var/www/daloradius/app/common/includes/
sudo cp daloradius.conf.php.sample daloradius.conf.php
sudo chown www-data:www-data daloradius.conf.php

You should now modify the filedaloradius.conf.php to adjust the MySQL database information. Open the daloradius.conf.php and add the database username, password and db name.

sudo nano daloradius.conf.php

Especially relevant variables to configure are:

$configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_PORT'] = '3306';
$configValues['CONFIG_DB_USER'] = 'radius';
$configValues['CONFIG_DB_PASS'] = 'Str0ngR@diusPass';
$configValues['CONFIG_DB_NAME'] = 'radius';

Create var directory and its subdirectories, then change their ownership:

cd /var/www/daloradius/
sudo mkdir -p var/{log,backup}
sudo chown -R www-data:www-data var

Configure Apache web server

Configure Apache ports:

sudo tee /etc/apache2/ports.conf<<EOF
Listen 80
Listen 8000

<IfModule ssl_module>
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>
EOF

Configure virtual host for operators:

sudo tee /etc/apache2/sites-available/operators.conf<<EOF
<VirtualHost *:8000>
    ServerAdmin operators@localhost
    DocumentRoot /var/www/daloradius/app/operators

    <Directory /var/www/daloradius/app/operators>
        Options -Indexes +FollowSymLinks
        AllowOverride None
        Require all granted
    </Directory>

    <Directory /var/www/daloradius>
        Require all denied
    </Directory>

    ErrorLog \${APACHE_LOG_DIR}/daloradius/operators/error.log
    CustomLog \${APACHE_LOG_DIR}/daloradius/operators/access.log combined
</VirtualHost>
EOF

Configure virtual host for users:

sudo tee /etc/apache2/sites-available/users.conf<<EOF
<VirtualHost *:80>
    ServerAdmin users@localhost
    DocumentRoot /var/www/daloradius/app/users

    <Directory /var/www/daloradius/app/users>
        Options -Indexes +FollowSymLinks
        AllowOverride None
        Require all granted
    </Directory>

    <Directory /var/www/daloradius>
        Require all denied
    </Directory>

    ErrorLog \${APACHE_LOG_DIR}/daloradius/users/error.log
    CustomLog \${APACHE_LOG_DIR}/daloradius/users/access.log combined
</VirtualHost>
EOF

Enable the created virtual hosts:

sudo a2ensite users.conf operators.conf

Create other directories.

sudo mkdir -p /var/log/apache2/daloradius/{operators,users}

Disable the default virtual host:

sudo a2dissite 000-default.conf

To be sure everything works, then restart services.

sudo systemctl restart apache2 freeradius

Check services.

$ systemctl status apache2 freeradius
● apache2.service - The Apache HTTP Server
     Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled; preset: enabled)
     Active: active (running) since Sat 2024-08-03 12:19:15 UTC; 9s ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 21519 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
   Main PID: 21522 (apache2)
      Tasks: 6 (limit: 2263)
     Memory: 13.7M (peak: 13.9M)
        CPU: 161ms
     CGroup: /system.slice/apache2.service
             ├─21522 /usr/sbin/apache2 -k start
             ├─21524 /usr/sbin/apache2 -k start
             ├─21525 /usr/sbin/apache2 -k start
             ├─21526 /usr/sbin/apache2 -k start
             ├─21527 /usr/sbin/apache2 -k start
             └─21528 /usr/sbin/apache2 -k start

Aug 03 12:19:15 noble systemd[1]: Starting apache2.service - The Apache HTTP Server...
Aug 03 12:19:15 noble apachectl[21521]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Aug 03 12:19:15 noble systemd[1]: Started apache2.service - The Apache HTTP Server.

● freeradius.service - FreeRADIUS multi-protocol policy server
     Loaded: loaded (/usr/lib/systemd/system/freeradius.service; enabled; preset: enabled)
     Active: active (running) since Sat 2024-08-03 12:19:16 UTC; 8s ago
       Docs: man:radiusd(8)
             man:radiusd.conf(5)
             http://wiki.freeradius.org/
             http://networkradius.com/doc/
    Process: 21515 ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cx -lstdout (code=exited, status=0/SUCCESS)
   Main PID: 21530 (freeradius)
     Status: "Processing requests"
      Tasks: 6 (limit: 2263)
     Memory: 42.4M (limit: 2.0G peak: 42.6M)
        CPU: 648ms
     CGroup: /system.slice/freeradius.service
             └─21530 /usr/sbin/freeradius -f

Aug 03 12:19:15 noble freeradius[21515]: Compiling Auth-Type PAP for attr Auth-Type
Aug 03 12:19:15 noble freeradius[21515]: Compiling Auth-Type CHAP for attr Auth-Type
Aug 03 12:19:15 noble freeradius[21515]: Compiling Auth-Type MS-CHAP for attr Auth-Type
Aug 03 12:19:15 noble freeradius[21515]: Compiling Autz-Type New-TLS-Connection for attr Autz-Type
Aug 03 12:19:15 noble freeradius[21515]: Compiling Post-Auth-Type REJECT for attr Post-Auth-Type
Aug 03 12:19:15 noble freeradius[21515]: Compiling Post-Auth-Type Challenge for attr Post-Auth-Type
Aug 03 12:19:15 noble freeradius[21515]: Compiling Post-Auth-Type Client-Lost for attr Post-Auth-Type
Aug 03 12:19:15 noble freeradius[21515]: radiusd: #### Skipping IP addresses and Ports ####
Aug 03 12:19:15 noble freeradius[21515]: Configuration appears to be OK
Aug 03 12:19:16 noble systemd[1]: Started freeradius.service - FreeRADIUS multi-protocol policy server.

Access the service on the following URLS:

  • RADIUS management application: http://<ip>:8000/
  • RADIUS user portal application: http://<ip>

RADIUS management application portal will look like this.

daloradius dashboard

Default login details are:

Username: administrator
Password: radius

Change the password after first login to secure your setup.

daloradius dashboard new

Read more on daloRADIUS Configurations

Installation on other operating systems.

5 COMMENTS

  1. You should not run this command sudo mysql -u root -p radius < contrib/db/fr2-mysql-daloradius-and-freeradius.sql. It will drop all of your tables in the previous steps.

LEAVE A REPLY

Please enter your comment!
Please enter your name here