This guide is to help you install FreeRADIUS and Daloradius on Ubuntu LTS servers. FreeRADIUS is an open source, high-performance, modular, scalable and feature-rich RADIUS server. It ships with both server and radius client, development libraries and numerous additional RADIUS related utilities.
FreeRADIUS supports request proxying, with fail-over and load balancing, as well as the ability to access many types of back-end databases.
RADIUS, which stands for “Remote Authentication Dial-In User Service“, is a network protocol used for remote user authentication and accounting. It provides AAA services; namely Authorization, Authentication, and Accounting.
Features of FreeRADIUS
- Flexible Configuration through a wide range of methods to select user configurations.
- Complete support for RFC 2865 and RFC 2866 attributes.
- EAP with EAP-MD5, EAP-SIM, EAP-TLS, EAP-TTLS, EAP-PEAP, and Cisco LEAP EAP sub-types
- Vendor Specific Attributes for almost one hundred vendors, including BinTec, Foundry, Cisco, Juniper, Lucent/Ascend, HP ProCurve, Microsoft, USR/3Com, Acc/Newbridge and many more.
What is daloRADIUS?
On the other side, daloRADIUS is an advanced RADIUS web management platform written in PHP and JavaScript. It is mainly aimed at managing Hotspots and general-purpose ISP deployments powered by FreeRADIUS server. Some good features of daloRADIUS include:
- Has a database abstraction layer with support for many database systems – MySQL, SQLite, PostgreSQL, MsSQL and Oracle
- Advanced user management
- Powerful graphical reporting and accounting
- Integrates with GoogleMaps for geo-location
- Has a billing engine
1. Update system
Start by updating your system packages to the latest version:
sudo apt update && sudo apt -y upgradeReboot system after doing an upgrade
[ -f /var/run/reboot-required ] && sudo reboot -fOnce the system is up, begin the installation FreeRADIUS and Daloradius on your Ubuntu system.
2. Install Apache and PHP
Daloradius will require php and Apache web server to be installed on the host system.
Install Apache web server by running:
sudo apt -y install apache2For installation of PHP on Ubuntu run:
sudo apt -y install vim php libapache2-mod-php php-{gd,common,mail,mail-mime,mysql,pear,db,mbstring,xml,curl,zip}Check the version of php installed:
$ php -v
PHP 8.3.6 (cli) (built: Jun 13 2024 15:23:20) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.3.6, Copyright (c) Zend Technologies
with Zend OPcache v8.3.6, Copyright (c), by Zend Technologies3. Install MariaDB and Create database
Next is to install the MariaDB server and create a database for daloRADIUS:
sudo apt update && sudo apt install mariadb-serverOnce installed and running, create a database for FreeRADIUS, this will be used at a later stage.
database name: radius
database user: radius
database user password: Str0ngR@diusPassIf you have a dedicated database server, replace localhost with the IP of source FreeRADIUS Server.
$ sudo mysql -u root -p
CREATE DATABASE radius;
GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "Str0ngR@diusPass";
FLUSH PRIVILEGES;
QUIT4. Install and Configure FreeRADIUS
You can view versions of freeradius available in your Ubuntu:
$ sudo apt policy freeradius
freeradius:
Installed: (none)
Candidate: 3.2.3+dfsg-2build7
Version table:
3.2.3+dfsg-2build7 500
500 https://mirror.hetzner.com/ubuntu/packages noble/main amd64 PackagesInstall FreeRadius packages from official Ubuntu APT repository with the commands below:
sudo apt -y install freeradius freeradius-mysql freeradius-utilsAmong the packages installed are mysql module and utils package.
Import the freeradius MySQL database scheme:
sudo su -
mysql -u root -p radius < /etc/freeradius/*/mods-config/sql/main/mysql/schema.sqlCheck tables created:
$ sudo mysql -u root -p -e "use radius;show tables;"
Enter password:
+------------------+
| Tables_in_radius |
+------------------+
| nas |
| radacct |
| radcheck |
| radgroupcheck |
| radgroupreply |
| radpostauth |
| radreply |
| radusergroup |
+------------------+Create a soft link for sql module under /etc/freeradius/version/mods-enabled/
sudo ln -s /etc/freeradius/*/mods-available/sql /etc/freeradius/*/mods-enabled/Configure SQL module and change the database connection parameters to suit your environment.
sudo nano /etc/freeradius/*/mods-enabled/sqlYour sql section should look similar to below.
sql {
driver = "rlm_sql_mysql"
dialect = "mysql"
# Connection info:
server = "localhost"
port = 3306
login = "radius"
password = "Str0ngR@diusPass"
# Database table configuration for everything except Oracle
radius_db = "radius"
}
# Set to ‘yes’ to read radius clients from the database (‘nas’ table)
# Clients will ONLY be read on server startup.
read_clients = yes
# Table to keep radius client info
client_table = "nas"Comment SSL sections in mysql
mysql {
# If any of the files below are set, TLS encryption is enabled
# tls {
# ca_file = "/etc/ssl/certs/my_ca.crt"
# ca_path = "/etc/ssl/certs/"
# certificate_file = "/etc/ssl/certs/private/client.crt"
# private_key_file = "/etc/ssl/certs/private/client.key"
# cipher = "DHE-RSA-AES256-SHA:AES128-SHA"
#
# tls_required = yes
# tls_check_cert = no
# tls_check_cert_cn = no
# }
# If yes, (or auto and libmysqlclient reports warnings are
# available), will retrieve and log additional warnings from
# the server if an error has occured. Defaults to 'auto'
warnings = auto
}Then change group right of /etc/freeradius/3.0/mods-enabled/sql
sudo chgrp -h freerad /etc/freeradius/*/mods-available/sql
sudo chown -R freerad:freerad /etc/freeradius/*/mods-enabled/sqlRestart freeradius service:
sudo systemctl restart freeradius.service5. Install and Configure Daloradius
We need to install Daloradius to get FreeRADIUS web administration interface.
sudo apt -y install git
git clone https://github.com/lirantal/daloradius.gitConfiguring daloradius
- Now import Daloradius mysql tables
sudo su -
mysql -u root -p radius < daloradius/contrib/db/fr3-mariadb-freeradius.sql
mysql -u root -p radius < daloradius/contrib/db/mariadb-daloradius.sql- Configure daloRADIUS database connection details:
sudo mv daloradius /var/www/Then change permissions for http folder and set the right permissions for the daloradius configuration file.
cd /var/www/daloradius/app/common/includes/
sudo cp daloradius.conf.php.sample daloradius.conf.php
sudo chown www-data:www-data daloradius.conf.phpYou should now modify the filedaloradius.conf.php to adjust the MySQL database information. Open the daloradius.conf.php and add the database username, password and db name.
sudo nano daloradius.conf.phpEspecially relevant variables to configure are:
$configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_PORT'] = '3306';
$configValues['CONFIG_DB_USER'] = 'radius';
$configValues['CONFIG_DB_PASS'] = 'Str0ngR@diusPass';
$configValues['CONFIG_DB_NAME'] = 'radius';Create var directory and its subdirectories, then change their ownership:
cd /var/www/daloradius/
sudo mkdir -p var/{log,backup}
sudo chown -R www-data:www-data varConfigure Apache web server
Configure Apache ports:
sudo tee /etc/apache2/ports.conf<<EOF
Listen 80
Listen 8000
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
EOFConfigure virtual host for operators:
sudo tee /etc/apache2/sites-available/operators.conf<<EOF
<VirtualHost *:8000>
ServerAdmin operators@localhost
DocumentRoot /var/www/daloradius/app/operators
<Directory /var/www/daloradius/app/operators>
Options -Indexes +FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/daloradius>
Require all denied
</Directory>
ErrorLog \${APACHE_LOG_DIR}/daloradius/operators/error.log
CustomLog \${APACHE_LOG_DIR}/daloradius/operators/access.log combined
</VirtualHost>
EOFConfigure virtual host for users:
sudo tee /etc/apache2/sites-available/users.conf<<EOF
<VirtualHost *:80>
ServerAdmin users@localhost
DocumentRoot /var/www/daloradius/app/users
<Directory /var/www/daloradius/app/users>
Options -Indexes +FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/daloradius>
Require all denied
</Directory>
ErrorLog \${APACHE_LOG_DIR}/daloradius/users/error.log
CustomLog \${APACHE_LOG_DIR}/daloradius/users/access.log combined
</VirtualHost>
EOFEnable the created virtual hosts:
sudo a2ensite users.conf operators.confCreate other directories.
sudo mkdir -p /var/log/apache2/daloradius/{operators,users}Disable the default virtual host:
sudo a2dissite 000-default.confTo be sure everything works, then restart services.
sudo systemctl restart apache2 freeradiusCheck services.
$ systemctl status apache2 freeradius
● apache2.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled; preset: enabled)
Active: active (running) since Sat 2024-08-03 12:19:15 UTC; 9s ago
Docs: https://httpd.apache.org/docs/2.4/
Process: 21519 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 21522 (apache2)
Tasks: 6 (limit: 2263)
Memory: 13.7M (peak: 13.9M)
CPU: 161ms
CGroup: /system.slice/apache2.service
├─21522 /usr/sbin/apache2 -k start
├─21524 /usr/sbin/apache2 -k start
├─21525 /usr/sbin/apache2 -k start
├─21526 /usr/sbin/apache2 -k start
├─21527 /usr/sbin/apache2 -k start
└─21528 /usr/sbin/apache2 -k start
Aug 03 12:19:15 noble systemd[1]: Starting apache2.service - The Apache HTTP Server...
Aug 03 12:19:15 noble apachectl[21521]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Aug 03 12:19:15 noble systemd[1]: Started apache2.service - The Apache HTTP Server.
● freeradius.service - FreeRADIUS multi-protocol policy server
Loaded: loaded (/usr/lib/systemd/system/freeradius.service; enabled; preset: enabled)
Active: active (running) since Sat 2024-08-03 12:19:16 UTC; 8s ago
Docs: man:radiusd(8)
man:radiusd.conf(5)
http://wiki.freeradius.org/
http://networkradius.com/doc/
Process: 21515 ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cx -lstdout (code=exited, status=0/SUCCESS)
Main PID: 21530 (freeradius)
Status: "Processing requests"
Tasks: 6 (limit: 2263)
Memory: 42.4M (limit: 2.0G peak: 42.6M)
CPU: 648ms
CGroup: /system.slice/freeradius.service
└─21530 /usr/sbin/freeradius -f
Aug 03 12:19:15 noble freeradius[21515]: Compiling Auth-Type PAP for attr Auth-Type
Aug 03 12:19:15 noble freeradius[21515]: Compiling Auth-Type CHAP for attr Auth-Type
Aug 03 12:19:15 noble freeradius[21515]: Compiling Auth-Type MS-CHAP for attr Auth-Type
Aug 03 12:19:15 noble freeradius[21515]: Compiling Autz-Type New-TLS-Connection for attr Autz-Type
Aug 03 12:19:15 noble freeradius[21515]: Compiling Post-Auth-Type REJECT for attr Post-Auth-Type
Aug 03 12:19:15 noble freeradius[21515]: Compiling Post-Auth-Type Challenge for attr Post-Auth-Type
Aug 03 12:19:15 noble freeradius[21515]: Compiling Post-Auth-Type Client-Lost for attr Post-Auth-Type
Aug 03 12:19:15 noble freeradius[21515]: radiusd: #### Skipping IP addresses and Ports ####
Aug 03 12:19:15 noble freeradius[21515]: Configuration appears to be OK
Aug 03 12:19:16 noble systemd[1]: Started freeradius.service - FreeRADIUS multi-protocol policy server.Access the service on the following URLS:
- RADIUS management application: http://<ip>:8000/
- RADIUS user portal application: http://<ip>
RADIUS management application portal will look like this.
Default login details are:
Username: administrator
Password: radiusChange the password after first login to secure your setup.
Read more on daloRADIUS Configurations
Installation on other operating systems.
- Install FreeRADIUS and Daloradius on CentOS / RHEL / Rocky / AlmaLinux
- Install FreeRADIUS & daloRADIUS on CentOS 7
You should not run this command sudo mysql -u root -p radius < contrib/db/fr2-mysql-daloradius-and-freeradius.sql. It will drop all of your tables in the previous steps.
Hi,
I have the connection page but after clic on connect button, i have a white page and nothing
Any Idea
Please try with the updated article.
you save me
thank very much
Thanks and welcome.