I want to Install FreeRADIUS and Daloradius on CentOS 8 / RHEL 8?. RADIUS, which stands for “Remote Authentication Dial-In User Service“, is a network protocol used for remote user authentication and accounting. It provides AAA services; namely Authorization, Authentication, and Accounting.
FreeRADIUS is an open source, high-performance, scalable, modular and feature-rich RADIUS server. FreeRADIUS has support for request proxy, fail-over and load balancing, as well as access to various database backends.
Top Features of FreeRADIUS
- Flexible Configuration through a wide range of methods to select user configurations.
- Complete support for RFC 2865 and RFC 2866 attributes.
- EAP with EAP-MD5, EAP-SIM, EAP-TLS, EAP-TTLS, EAP-PEAP, and Cisco LEAP EAP sub-types
- Vendor Specific Attributes for almost one hundred vendors, including BinTec, Foundry, Cisco, Juniper, Lucent/Ascend, HP ProCurve, Microsoft, USR/3Com, Acc/Newbridge and many more.
Bringing daloRADIUS into the mix
daloRADIUS is an advanced RADIUS web management platform written in PHP and JavaScript. It is mainly aimed at managing Hotspots and general-purpose ISP deployments powered by FreeRADIUS server. Below are the key features of daloRADIUS:
- Database abstraction layer with support for many database systems – MySQL, SQLite, PostgreSQL, MsSQL and Oracle
- Advanced user management
- Powerful graphical reporting and accounting
- Integrates with GoogleMaps for geo-location
- Has a billing engine
Follow the next steps discussed to install FreeRADIUS and daloRADIUS on CentOS 8 / RHEL 8 Linux system.
Step 1: Update your Server
Never trust a system not updated. All installed packages can be updated by executing below command in the terminal.
sudo dnf -y update
Step 2: Install Apache and PHP
We’ll use Apache httpd server to host daloRADIUS on your system. Install both httpd and PHP packages with the following command.
sudo dnf module reset -y php
sudo dnf module reset -y php && sudo dnf module install -y php:8.0
sudo dnf -y install php-{cli,curl,mysqlnd,devel,gd,pear,mbstring,xml,pear,zip}
sudo pear install DB
sudo pear install MDB2
Check the version of PHP installed to confirm the installation was successful.
$ php -v
PHP 8.0.30 (cli) (built: Aug 3 2023 17:13:08) ( NTS gcc x86_64 )
Copyright (c) The PHP Group
Zend Engine v4.0.30, Copyright (c) Zend Technologies
Install apache web server:
sudo dnf -y install @httpd
Start and enable php-fpm and httpd services.
sudo systemctl enable --now httpd php-fpm
Let’s validate the start by checking status of the two services.
systemctl status httpd php-fpm
Allow http and https ports on the firewall.
sudo firewall-cmd --add-service={http,https} --permanent
sudo firewall-cmd --reload
Reference for Apache httpd installation:
Step 3: Install and Configure MariaDB
We have a separate guide on installation of MariaDB database server on RHEL / CentOS 8. Refer to it using the link below.
After the installation, access mysql console as root user and create database/user for FreeRADIUS/daloRADIUS.
$ mysql -u root -p
CREATE DATABASE radius;
GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "StrongradIusPass";
FLUSH PRIVILEGES;
\q
Step 4: Installing FreeRADIUS
FreeRADIUS packages are available in modular repository.
$ sudo dnf module list freeradius
Last metadata expiration check: 0:04:00 ago on Thu 10 Oct 2019 05:08:54 PM EAT.
CentOS-8 - AppStream
Name Stream Profiles Summary
freeradius 3.0 [d] server [d] High-performance and highly configurable free RADIUS server
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
To install, just run the command.
sudo dnf install -y @freeradius freeradius-utils freeradius-mysql
Start the service after installation.
sudo systemctl enable --now radiusd.service
Now you can check the status:
$ systemctl status radiusd.service
● radiusd.service - FreeRADIUS high performance RADIUS server.
Loaded: loaded (/usr/lib/systemd/system/radiusd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2023-11-23 01:53:42 UTC; 3s ago
Process: 14781 ExecStart=/usr/sbin/radiusd -d /etc/raddb (code=exited, status=0/SUCCESS)
Process: 14778 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=0/SUCCESS)
Process: 14732 ExecStartPre=/bin/sh /etc/raddb/certs/bootstrap (code=exited, status=0/SUCCESS)
Process: 14731 ExecStartPre=/bin/chown -R radiusd.radiusd /var/run/radiusd (code=exited, status=0/SUCCESS)
Main PID: 14783 (radiusd)
Tasks: 6 (limit: 22612)
Memory: 77.8M
CGroup: /system.slice/radiusd.service
└─14783 /usr/sbin/radiusd -d /etc/raddb
Nov 23 01:53:41 rocky8.mylab.io sh[14769]: URI:http://www.example.com/example_ca.crl
Nov 23 01:53:41 rocky8.mylab.io sh[14769]: Certificate is to be certified until Jan 22 01:53:41 2024 GMT (60 days)
Nov 23 01:53:41 rocky8.mylab.io sh[14769]: Write out database with 1 new entries
Nov 23 01:53:41 rocky8.mylab.io sh[14769]: Data Base Updated
Nov 23 01:53:41 rocky8.mylab.io sh[14741]: openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:'whatever' -passout pass:'whatever'
Nov 23 01:53:41 rocky8.mylab.io sh[14741]: chmod g+r client.p12
Nov 23 01:53:41 rocky8.mylab.io sh[14741]: openssl pkcs12 -in client.p12 -out client.pem -passin pass:'whatever' -passout pass:'whatever'
Nov 23 01:53:41 rocky8.mylab.io sh[14741]: chmod g+r client.pem
Nov 23 01:53:41 rocky8.mylab.io sh[14741]: cp client.pem '[email protected]'.pem
Nov 23 01:53:42 rocky8.mylab.io systemd[1]: Started FreeRADIUS high performance RADIUS server..
If you have Firewalld service running, allow radius and http traffic in and out. Radius server uses udp ports 1812 and 1813.
sudo firewall-cmd --add-service=radius --permanent
sudo firewall-cmd --reload
Step 5: Configure FreeRADIUS
To Configure FreeRADIUS to use MariaDB, follow steps below.
1 – Import the Radius database scheme to populate radius database
sudo su -
mysql -u root -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql
2 – Configure Radius
First you have to create a soft link for SQL under /etc/raddb/mods-enabled
sudo ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/
Configure SQL module /raddb/mods-available/sql and change the database connection parameters to suite your environment:
sudo vi /etc/raddb/mods-available/sql
- sql section should look similar to below.
sql {
driver = "rlm_sql_mysql"
dialect = "mysql"
# Connection info:
server = "localhost"
port = 3306
login = "radius"
password = "StrongradIusPass"
# Database table configuration for everything except Oracle
radius_db = "radius"
}
# Set to ‘yes’ to read radius clients from the database (‘nas’ table)
# Clients will ONLY be read on server startup.
read_clients = yes
# Table to keep radius client info
client_table = "nas"
Comment MySQL SSL settings.
mysql {
# If any of the files below are set, TLS encryption is enabled
# tls {
# ca_file = "/etc/ssl/certs/my_ca.crt"
# ca_path = "/etc/ssl/certs/"
# certificate_file = "/etc/ssl/certs/private/client.crt"
# private_key_file = "/etc/ssl/certs/private/client.key"
# cipher = "DHE-RSA-AES256-SHA:AES128-SHA"
#
# tls_required = yes
# tls_check_cert = no
# tls_check_cert_cn = no
# }
Then change group right of /etc/raddb/mods-enabled/sql to radiusd:
sudo chgrp -h radiusd /etc/raddb/mods-enabled/sql
Restart radiusd service
sudo systemctl restart radiusd
Step 6: Install and Configure Daloradius (Optional)
You can use Daloradius to manage radius server from a web interface. This is an optional configuration which you can select depending on your use case.
Download daloradius code from Github.
sudo yum -y install git vim
git clone https://github.com/lirantal/daloradius.git
Import Daloradius mysql tables
mysql -u root -p radius < daloradius/contrib/db/fr3-mariadb-freeradius.sql
mysql -u root -p radius < daloradius/contrib/db/mariadb-daloradius.sql
Move daloradius folder to path in /var/www/html
sudo mv daloradius /var/www/
Then change permissions for http folder and set the right permissions for daloradius configuration file.
cd /var/www/daloradius/app/common/includes/
sudo cp daloradius.conf.php.sample daloradius.conf.php
sudo chown -R apache:apache /var/www/daloradius/
You should now modify daloradius.conf.php file to adjust the MySQL database information .
sudo vim daloradius.conf.php
Set database name, user and password for connection.
$configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_PORT'] = '3306';
$configValues['CONFIG_DB_USER'] = 'radius';
$configValues['CONFIG_DB_PASS'] = 'StrongradIusPass';
$configValues['CONFIG_DB_NAME'] = 'radius';
To be sure everything works, restart radiusd and httpd services.
sudo systemctl restart radiusd.service httpd
systemctl status radiusd.service httpd
There should be no error is service status output:
Create extra directories required.
cd /var/www/daloradius/
sudo mkdir -p var/{log,backup}
sudo chown -R apache:apache var
Install below PHP modules.
sudo pear install DB
sudo pear install MDB2
Configure Apache web server
Configure Apache to listen on port 80 and port 8000
$ sudo vim /etc/httpd/conf/httpd.conf
Listen 80
Listen 8000
Configure virtual host for operators module:
sudo tee /etc/httpd/conf.d/operators.conf<<EOF
<VirtualHost *:8000>
ServerAdmin operators@localhost
DocumentRoot /var/www/daloradius/app/operators
<Directory /var/www/daloradius/app/operators>
Options -Indexes +FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/daloradius>
Require all denied
</Directory>
ErrorLog /var/log/httpd/daloradius/operators/error.log
CustomLog /var/log/httpd/daloradius/operators/access.log combined
</VirtualHost>
EOF
Next we create virtual host for users:
sudo tee /etc/httpd/conf.d/users.conf<<EOF
<VirtualHost *:80>
ServerAdmin users@localhost
DocumentRoot /var/www/daloradius/app/users
<Directory /var/www/daloradius/app/users>
Options -Indexes +FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/daloradius>
Require all denied
</Directory>
ErrorLog /var/log/httpd/daloradius/users/error.log
CustomLog /var/log/httpd/daloradius/users/access.log combined
</VirtualHost>
EOF
Create directories that will store log files.
sudo mkdir -p /var/log/httpd/daloradius/{operators,users}
Disable default Apache web server welcome page.
sudo rm /etc/httpd/conf.d/welcome.conf
If you have SELinux active, label directories accordingly.
sudo yum -y install policycoreutils-python-utils
sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/daloradius(/.*)?"
sudo restorecon -Rv /var/www/daloradius
If SELinux is enforcing add label to port 8000 for use by httpd.
sudo semanage port -m -t http_port_t -p tcp 8000
Check if applied correctly.
# semanage port -l | grep -w http_port_t
http_port_t tcp 8000, 80, 81, 443, 488, 8008, 8009, 8443, 9000
Allow ports access from the firewall.
sudo firewall-cmd --add-service={http,https,radius} --permanent
sudo firewall-cmd --add-port=8000/tcp --permanent
sudo firewall-cmd --reload
Restart the services to ensure everything is working.
sudo systemctl restart httpd radiusd.service
The status of your services can be checked using systemctl
:
systemctl status httpd radiusd
Now access daloradius with below URLs.
- RADIUS management application: http://<ip>:8000/
- RADIUS user portal application: http://<ip>
Example of RADIUS management application portal interface.

The default login details are:
Username: administrator
Password: radius
daloRADIUS management UI look:

Enjoy using FreeRADIUS and daloRADIUS: