This guide will discuss how to install FreeRADIUS and Daloradius on Debian Linux. RADIUS is a network protocol used for remote user authentication, authorization and accounting. FreeRADIUS is an open source RADIUS server commonly used on Linux, Unix and embedded systems.
daloRADIUS is a web-based RADIUS management tool written in PHP. It was created to ease the management and administration of RADIUS server and hotspots devices (NAS). It comes with a powerful graphical reporting and accounting, billing and advanced user management features.
Our next steps will help you to install and configure both freeRADIUS and daloRADIUS on Debian Linux.
Step 1: Update your Server
Update your package index by running the command:
sudo apt -y update
Step 2: Install Database Server
We’ll be using MariaDB but any other supported database server can be used. Install MariaDB by running the following commands.
curl -LsS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash -s --
sudo apt install mariadb-server mariadb-client
Once installed, create a database and user for FreeRADIUS/daloRADIUS.
$ sudo mariadb -u root -p
CREATE DATABASE radius;
GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "StrongradIusPass";
FLUSH PRIVILEGES;
\q
Confirm that radius database user can access database granted.
$ mariadb -u radius -p'StrongradIusPass'
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 34
Server version: 11.4.2-MariaDB-deb12 mariadb.org binary distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
| radius |
+--------------------+
2 rows in set (0.001 sec)
MariaDB [(none)]> QUIT
Bye
Step 3: Install Apache and PHP
We’ll use Apache httpd server to host daloRADIUS on Debian Linux system. Install both httpd and PHP packages with the following command.
sudo apt -y install apache2
sudo apt -y install php libapache2-mod-php php-{gd,common,mail,mail-mime,mysql,pear,mbstring,xml,curl}
Check the version of PHP installed to confirm the installation was successful.
$ php -v
PHP 8.2.20 (cli) (built: Jun 17 2024 13:33:14) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.2.20, Copyright (c) Zend Technologies
with Zend OPcache v8.2.20, Copyright (c), by Zend Technologies
Let’s validate the start by checking status of the two services.
systemctl status apache2
Allow http and https ports on the firewall is ufw is enabled.
sudo ufw allow http
sudo ufw allow https
Step 4: Installing FreeRADIUS
FreeRADIUS packages are available on default Debian repositories. There is no special pre-requisite for this installation.
To install, just run the command.
sudo apt -y install vim freeradius freeradius-mysql freeradius-utils
Start the service after installation.
sudo systemctl enable --now freeradius.service
Now you can check the status:
$ systemctl status freeradius
● freeradius.service - FreeRADIUS multi-protocol policy server
Loaded: loaded (/lib/systemd/system/freeradius.service; enabled; preset: enabled)
Active: active (running) since Sat 2024-08-03 11:33:56 UTC; 8s ago
Docs: man:radiusd(8)
man:radiusd.conf(5)
http://wiki.freeradius.org/
http://networkradius.com/doc/
Main PID: 14308 (freeradius)
Status: "Processing requests"
Tasks: 6 (limit: 4531)
Memory: 78.3M (limit: 2.0G)
CPU: 653ms
CGroup: /system.slice/freeradius.service
└─14308 /usr/sbin/freeradius -f
Aug 03 11:33:57 deb12 freeradius[14351]: Compiling Auth-Type CHAP for attr Auth-Type
Aug 03 11:33:57 deb12 freeradius[14351]: Compiling Auth-Type MS-CHAP for attr Auth-Type
Aug 03 11:33:57 deb12 freeradius[14351]: # Skipping contents of 'if' as it is always 'false' -- /etc/freeradius/3.0/sites-enabled/inner-tunnel:336
Aug 03 11:33:57 deb12 freeradius[14351]: Compiling Post-Auth-Type REJECT for attr Post-Auth-Type
Aug 03 11:33:57 deb12 freeradius[14351]: radiusd: #### Skipping IP addresses and Ports ####
Aug 03 11:33:57 deb12 freeradius[14351]: Configuration appears to be OK
Aug 03 11:33:57 deb12 systemd[1]: Reloaded freeradius.service - FreeRADIUS multi-protocol policy server.
.......
Step 5: Configure FreeRADIUS
To Configure FreeRADIUS to use MariaDB, follow steps below.
1 – Import the Radius database scheme to populate radius database
sudo su -
mariadb -u root -p radius < /etc/freeradius/*/mods-config/sql/main/mysql/schema.sql
exit
2 – Configure Radius
First you have to create a soft link for SQL module.
sudo ln -s /etc/freeradius/*/mods-available/sql /etc/freeradius/*/mods-enabled/
Configure SQL module by changing the database connection parameters to suite your environment:
sudo vim /etc/freeradius/*/mods-enabled/sql
- sql section should look similar to below.
sql {
dialect = "mysql"
driver = "rlm_sql_mysql"
# Connection info:
server = "localhost"
port = 3306
login = "radius"
password = "StrongradIusPass"
# Database table configuration for everything except Oracle
radius_db = "radius"
}
# Set to ‘yes’ to read radius clients from the database (‘nas’ table)
# Clients will ONLY be read on server startup.
read_clients = yes
# Table to keep radius client info
client_table = "nas"
Disable MySQL SSL connection.
mysql {
# If any of the files below are set, TLS encryption is enabled
# tls {
# ca_file = "/etc/ssl/certs/my_ca.crt"
# ca_path = "/etc/ssl/certs/"
# certificate_file = "/etc/ssl/certs/private/client.crt"
# private_key_file = "/etc/ssl/certs/private/client.key"
# cipher = "DHE-RSA-AES256-SHA:AES128-SHA"
#
# tls_required = no
# tls_check_cert = no
# tls_check_cert_cn = no
# }
# If yes, (or auto and libmysqlclient reports warnings are
# available), will retrieve and log additional warnings from
# the server if an error has occured. Defaults to 'auto'
warnings = auto
}
Then change group right of /etc/freeradius/*/mods-enabled/sql
sudo chgrp -h freerad /etc/freeradius/*/mods-available/sql
sudo chown -R freerad:freerad /etc/freeradius/*/mods-enabled/sql
Restart radiusd service
sudo systemctl restart freeradius
Step 6: Install and Configure Daloradius
You can use Daloradius to manage radius server from a web interface. This is an optional configuration which you can select depending on your use case.
Download daloradius release from Github using git
command line tool.
sudo apt -y install git
git clone https://github.com/lirantal/daloradius.git
Configuring daloradius
- Import Daloradius mysql tables with the following commands executed in the terminal.
sudo mariadb -u root -p radius < daloradius/contrib/db/fr3-mariadb-freeradius.sql
sudo mariadb -u root -p radius < daloradius/contrib/db/mariadb-daloradius.sql
- Configure daloRADIUS database connection details:
sudo mv daloradius /var/www/
Create configuration file and set correct directory permissions.
cd /var/www/daloradius/app/common/includes/
sudo cp daloradius.conf.php.sample daloradius.conf.php
sudo chown www-data:www-data daloradius.conf.php
Then modify the daloradius.conf.php
and adjust MySQL database information.
sudo vim daloradius.conf.php
Set database user, database name, and password.
$configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_PORT'] = '3306';
$configValues['CONFIG_DB_USER'] = 'radius';
$configValues['CONFIG_DB_PASS'] = 'StrongradIusPass';
$configValues['CONFIG_DB_NAME'] = 'radius';
Create var directory and its subdirectories, then change their ownership:
cd /var/www/daloradius/
sudo mkdir -p var/{log,backup}
sudo chown -R www-data:www-data var
Configure Apache web server
Configure Apache web server to listen on port 80 and port 443.
sudo tee /etc/apache2/ports.conf<<EOF
Listen 80
Listen 8000
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
EOF
Create Apache Virtual host file for operators:
sudo tee /etc/apache2/sites-available/operators.conf<<EOF
<VirtualHost *:8000>
ServerAdmin operators@localhost
DocumentRoot /var/www/daloradius/app/operators
<Directory /var/www/daloradius/app/operators>
Options -Indexes +FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/daloradius>
Require all denied
</Directory>
ErrorLog \${APACHE_LOG_DIR}/daloradius/operators/error.log
CustomLog \${APACHE_LOG_DIR}/daloradius/operators/access.log combined
</VirtualHost>
EOF
Also create one virtual host for Daloradius users:
sudo tee /etc/apache2/sites-available/users.conf<<EOF
<VirtualHost *:80>
ServerAdmin users@localhost
DocumentRoot /var/www/daloradius/app/users
<Directory /var/www/daloradius/app/users>
Options -Indexes +FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/daloradius>
Require all denied
</Directory>
ErrorLog \${APACHE_LOG_DIR}/daloradius/users/error.log
CustomLog \${APACHE_LOG_DIR}/daloradius/users/access.log combined
</VirtualHost>
EOF
Enable created virtual hosts using a2ensite
command line tool.
sudo a2ensite users.conf operators.conf
Create directories for storing logs.
sudo mkdir -p /var/log/apache2/daloradius/{operators,users}
We don’t need default virtual host enabled on the system.
sudo a2dissite 000-default.conf
With all configurations done we can restart Apache web server and Freeradius.
sudo systemctl restart apache2 freeradius
Confirm services are running without errors.
$ systemctl status apache2 freeradius
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; preset: enabled)
Active: active (running) since Sat 2024-08-03 11:40:43 UTC; 3s ago
Docs: https://httpd.apache.org/docs/2.4/
Process: 17080 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 17085 (apache2)
Tasks: 6 (limit: 4531)
Memory: 16.1M
CPU: 137ms
CGroup: /system.slice/apache2.service
├─17085 /usr/sbin/apache2 -k start
├─17086 /usr/sbin/apache2 -k start
├─17087 /usr/sbin/apache2 -k start
├─17088 /usr/sbin/apache2 -k start
├─17089 /usr/sbin/apache2 -k start
└─17090 /usr/sbin/apache2 -k start
Aug 03 19:38:27 deb12 systemd[1]: Starting apache2.service - The Apache HTTP Server...
Aug 03 19:38:27 deb12 systemd[1]: Started apache2.service - The Apache HTTP Server.
● freeradius.service - FreeRADIUS multi-protocol policy server
Loaded: loaded (/lib/systemd/system/freeradius.service; enabled; preset: enabled)
Active: active (running) since Sat 2024-08-03 11:40:43 UTC; 3s ago
Docs: man:radiusd(8)
man:radiusd.conf(5)
http://wiki.freeradius.org/
http://networkradius.com/doc/
Process: 17076 ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cx -lstdout (code=exited, status=0/SUCCESS)
Main PID: 17091 (freeradius)
Status: "Processing requests"
Tasks: 6 (limit: 4531)
Memory: 78.5M (limit: 2.0G)
CPU: 438ms
CGroup: /system.slice/freeradius.service
└─17091 /usr/sbin/freeradius -f
Aug 03 11:40:42 deb12 freeradius[14795]: Compiling Post-Auth-Type Challenge for attr Post-Auth-Type
Aug 03 11:40:42 deb12 freeradius[14795]: Compiling Post-Auth-Type Client-Lost for attr Post-Auth-Type
Aug 03 11:40:42 deb12 freeradius[14795]: Compiling Auth-Type PAP for attr Auth-Type
Aug 03 11:40:42 deb12 freeradius[14795]: Compiling Auth-Type CHAP for attr Auth-Type
Aug 03 11:40:42 deb12 freeradius[14795]: Compiling Auth-Type MS-CHAP for attr Auth-Type
Aug 03 11:40:42 deb12 freeradius[14795]: # Skipping contents of 'if' as it is always 'false' -- /etc/freeradius/3.0/sites-enabled/inner-tunnel:336
Aug 03 11:40:42 deb12 freeradius[14795]: Compiling Post-Auth-Type REJECT for attr Post-Auth-Type
Aug 03 11:40:42 deb12 freeradius[14795]: radiusd: #### Skipping IP addresses and Ports ####
Aug 03 11:40:42 deb12 freeradius[14795]: Configuration appears to be OK
Aug 03 11:40:43 deb12 systemd[1]: Started freeradius.service - FreeRADIUS multi-protocol policy server.
Step 7: Access daloRADIUS Web Interface
Install DB and MDB2 modules:
sudo pear install DB
sudo pear install MDB2
cd ~/
Access the service on the following URLS:
- RADIUS management application: http://<ip>:8000/
- RADIUS user portal application: http://<ip>
RADIUS management application portal will look like this.

Default login details are:
Username: administrator
Password: radius
This is how daloRADIUS interface looks like.

Enjoy using Freeradius and Daloradius on Debian Linux.
- Install FreeRADIUS and daloRADIUS on CentOS 7
- Install FreeRADIUS and daloRADIUS on CentOS 8 / RHEL 8
- Install FreeRADIUS and daloRADIUS on Ubuntu
No such file or directory: /var/www/html/daloradius/library/
This has been updated.
Hi,
I got a problem:
sudo ln -s /etc/freeradius/*/mods-available/sql /etc/freeradius/*/mods-enabled/
ln: failed to create symbolic link ‘/etc/freeradius/*/mods-enabled/’: No such file or directory
I mike
Try only
ln -s /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-enabled/
or
ln -s /etc/freeradius/mods-available/sql /etc/freeradius/mods-enabled/
I mike
Try only
ln -s /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-enabled/
or
ln -s /etc/freeradius/mods-available/sql /etc/freeradius/mods-enabled/