I want to Install FreeRADIUS and Daloradius on CentOS 8 / RHEL 8?. RADIUS, which stands for “Remote Authentication Dial-In User Service“, is a network protocol used for remote user authentication and accounting. It provides AAA services; namely Authorization, Authentication, and Accounting.

FreeRADIUS is an open source, high-performance, scalable, modular and feature-rich RADIUS server. FreeRADIUS has support for request proxy, fail-over and load balancing, as well as access to various database backends.

Top Features of FreeRADIUS

  • Flexible Configuration through a wide range of methods to select user configurations.
  • Complete support for RFC 2865 and RFC 2866 attributes.
  • EAP with EAP-MD5, EAP-SIM, EAP-TLS, EAP-TTLS, EAP-PEAP, and Cisco LEAP EAP sub-types
  • Vendor Specific Attributes for almost one hundred vendors, including BinTec, Foundry, Cisco, Juniper, Lucent/Ascend, HP ProCurve, Microsoft, USR/3Com, Acc/Newbridge and many more.

Bringing daloRADIUS into the mix

daloRADIUS is an advanced RADIUS web management platform written in PHP and JavaScript. It is mainly aimed at managing Hotspots and general-purpose ISP deployments powered by FreeRADIUS server. Below are the key features of daloRADIUS:

  • Database abstraction layer with support for many database systems – MySQL, SQLite, PostgreSQL, MsSQL and Oracle
  • Advanced user management
  • Powerful graphical reporting and accounting
  • Integrates with GoogleMaps for geo-location
  • Has a billing engine

Follow the next steps discussed to install FreeRADIUS and daloRADIUS on CentOS 8 / RHEL 8 Linux system.

Step 1: Update your Server

Never trust a system not updated. All installed packages can be updated by executing below command in the terminal.

sudo dnf -y update

Step 2: Install Apache Web Server and PHP

We’ll use Apache httpd server to host daloRADIUS on CentOS 8 / RHEL 8 system. Install both httpd and PHP packages with the following command.

sudo dnf -y install @httpd @php
sudo dnf -y install php-{cli,curl,mysqlnd,devel,gd,pear,mbstring,xml,pear}
sudo pear install MDB2

Check the version of PHP installed to confirm the installation was successful.

$ php -v
PHP 7.2.11 (cli) (built: Oct  9 2018 15:09:36) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies

Start and enable php-fpm and httpd services.

sudo systemctl enable --now httpd php-fpm

Let’s validate the start by checking status of the two services.

systemctl status httpd php-fpm

See sample output below.

Allow http and https ports on the firewall.

sudo firewall-cmd --add-service={http,https} --permanent
sudo firewall-cmd --reload

Reference:

Install Apache httpd server on RHEL / CentOS 8

Step 3: Install and Configure MariaDB Database Server

We have a separate guide on installation of MariaDB database server on RHEL / CentOS 8. Refer to it using the link below.

Install MariaDB Database Server on CentOS / RHEL 8

After the installation, access mysql console as root user and create database/user for FreeRADIUS/daloRADIUS.

$  mysql -u root -p

CREATE DATABASE radius;
GRANT ALL ON radius.* TO [email protected] IDENTIFIED BY "StrongradIusPass";
FLUSH PRIVILEGES;
\q

Step 4: Installing FreeRADIUS on CentOS 8 / RHEL 8

FreeRADIUS packages are available in modular repository.

$ sudo dnf module list freeradius
Last metadata expiration check: 0:04:00 ago on Thu 10 Oct 2019 05:08:54 PM EAT.
CentOS-8 - AppStream
Name                      Stream                 Profiles                 Summary                                                                  
freeradius                3.0 [d]                server [d]               High-performance and highly configurable free RADIUS server              

Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled

To install, just run the command.

sudo dnf install -y @freeradius freeradius-utils freeradius-mysql

Start the service after installation.

sudo systemctl enable --now radiusd.service

Now you can check the status:

$ systemctl status radiusd.service
● radiusd.service - FreeRADIUS high performance RADIUS server.
   Loaded: loaded (/usr/lib/systemd/system/radiusd.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2019-10-10 18:07:47 EAT; 1min 8s ago
  Process: 10607 ExecStart=/usr/sbin/radiusd -d /etc/raddb (code=exited, status=0/SUCCESS)
  Process: 10603 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=0/SUCCESS)
  Process: 10602 ExecStartPre=/bin/chown -R radiusd.radiusd /var/run/radiusd (code=exited, status=0/SUCCESS)
 Main PID: 10609 (radiusd)
    Tasks: 6 (limit: 11512)
   Memory: 9.3M
   CGroup: /system.slice/radiusd.service
           └─10609 /usr/sbin/radiusd -d /etc/raddb

Oct 10 18:07:47 centos8.novalocal systemd[1]: Starting FreeRADIUS high performance RADIUS server....
Oct 10 18:07:47 centos8.novalocal systemd[1]: Started FreeRADIUS high performance RADIUS server..

If you have Firewalld service running, allow radius and http traffic in and out. Radius server uses udp ports 1812 and 1813.

sudo firewall-cmd --add-service=radius --permanent
sudo firewall-cmd --reload

Step 5: Configure FreeRADIUS on CentOS 8 / RHEL 8

To Configure FreeRADIUS to use MariaDB, follow steps below.

1 – Import the Radius database scheme to populate radius database

sudo su -
mysql -u root -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql

2 – Configure Radius

First you have to create a soft link for SQL under /etc/raddb/mods-enabled

sudo ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/

Configure SQL module /raddb/mods-available/sql and change the database connection parameters to suite your environment:

sudo vi /etc/raddb/mods-available/sql
  • sql section should look similar to below.
sql {
driver = "rlm_sql_mysql"
dialect = "mysql"

# Connection info:

server = "localhost"
port = 3306
login = "radius"
password = "StrongradIusPass"

# Database table configuration for everything except Oracle

radius_db = "radius"
}

# Set to ‘yes’ to read radius clients from the database (‘nas’ table)
# Clients will ONLY be read on server startup.
read_clients = yes

# Table to keep radius client info
client_table = "nas"

Then change group right of /etc/raddb/mods-enabled/sql to radiusd:

sudo chgrp -h radiusd /etc/raddb/mods-enabled/sql

Restart radiusd service

sudo systemctl restart radiusd

Step 6: Install and Configure Daloradius on CentOS 8 (Optional)

You can use Daloradius to manage radius server from a web interface. This is an optional configuration which you can select depending on your use case.

Download daloradius release archive from Github.

sudo dnf -y install wget
wget https://github.com/lirantal/daloradius/archive/master.zip
unzip master.zip
mv daloradius-master/ daloradius

Change directory for configuration

cd daloradius

Import Daloradius mysql tables

mysql -u root -p radius < contrib/db/fr2-mysql-daloradius-and-freeradius.sql 
mysql -u root -p radius < contrib/db/mysql-daloradius.sql

Move daloradius folder to path in /var/www/html

cd ..
sudo mv daloradius /var/www/html/

Then change permissions for http folder and set the right permissions for daloradius configuration file.

sudo chown -R apache:apache /var/www/html/daloradius/
sudo chmod 664 /var/www/html/daloradius/library/daloradius.conf.php

You should now modify daloradius.conf.php file to adjust the MySQL database information .

sudo vi /var/www/html/daloradius/library/daloradius.conf.php

Set database name, user and password for connection.

$configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_PORT'] = '3306';
$configValues['CONFIG_DB_USER'] = 'radius';
$configValues['CONFIG_DB_PASS'] = 'StrongradIusPass';
$configValues['CONFIG_DB_NAME'] = 'radius';

To be sure everything works, restart radiusd and httpd services.

sudo systemctl restart radiusd.service httpd
systemctl status radiusd.service httpd

There should be no error is service status output:

Configure SELinux – Relabel directories to allow apache user access.

sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/daloradius(/.*)?"
sudo restorecon -Rv /var/www/html/daloradius

Step 7: Access daloRADIUS Web Interface

daloRADIUS management web interface is accessible on http://server_ip_or_hostname/daloradius.

The default login details are:

Username: administrator
Password: radius

This is how daloRADIUS interface looks like.

Enjoy using FreeRADIUS and daloRADIUS on CentOS 8 / RHEL 8. For installation on CentOS 7 / Ubuntu, check:

Install FreeRADIUS & daloRADIUS on CentOS 7

Install FreeRADIUS & daloRADIUS on Ubuntu 18.04

Tags:

  • Install freeRADIUS on CentOS 8
  • Install freeRADIUS on RHEL 8
  • Install daloRADIUS on CentOS 8
  • Install daloRADIUS on RHEL 8
  • Configure freeRADIUS on CentOS 8 / RHEL 8
  • Configure daloRADIUS on RHEL 8 / CentOS 8