Blog

Install and Setup FreeRADIUS on CentOS 5, CentOS 6 and Ubuntu 11.10

A simple tutorial to setup and configure FreeRADIUS on CentOS 5 and Ubuntu 10.04.

Just follow the instructions below to have your FreeRADIUS setup ready to go when used along with our WHMCS module, we have distinguished the difference between CentOS commands and Ubuntu commands:

CentOS 5:

yum install freeradius2 freeradius2-mysql freeradius2-utils mysql-server -y

CentOS 6:

yum install freeradius freeradius-mysql freeradius-utils mysql-server -y

Ubuntu:

apt-get install freeradius freeradius-mysql freeradius-utils mysql-server

They should install without any problems.

To setup MySQL, start the service by running below:

CentOS:

service mysqld start

Ubuntu:

service mysql start

Now run the following to set your password and security settings:

/usr/bin/mysql_secure_installation

Common problems usually arise on cPanel servers but please check our knowldgebase for fixing issues on cPanel servers, next we need to create the radius database, type:

mysql

or

mysql -uroot -p

Then enter your mysql root password to continue…

Now create the database and grant all privileges to user radius:

CREATE DATABASE radius;
GRANT ALL PRIVILEGES ON radius.* TO radius@localhost IDENTIFIED BY "radpass";
flush privileges;

In certain situations you may need to grant remote access to mysql, to do this please follow the guide below:

To setup MySQL remote access to your FreeRADIUS installation please follow this link. Link.

Now thats done we want to import the tables for radius:

mysql> use radius;

CentOS:

SOURCE /etc/raddb/sql/mysql/schema.sql

Ubuntu:

SOURCE /etc/freeradius/sql/mysql/schema.sql
exit

Now open up CentOS:/etc/raddb/sql.conf Ubuntu: /etc/freeradius/sql.conf and enter your mysql database details you just created, Example:

# Connection info:
	server = "localhost"
	#port = 3306
	login = "radius"
	password = "radpass"

	# Database table configuration for everything except Oracle
	radius_db = "radius"

In /etc/raddb/radiusd.conf ensure that the line saying:

$INCLUDE  sql.conf

is uncommented.

Edit /etc/raddb/sites-available/default and uncomment the line containing ‘sql’ in the authorize{} section and ‘sql’ in the accounting {} section, also uncomment ‘sql’ under session {}.

Additionally, edit /etc/raddb/sites-available/inner-tunnel and uncomment the line containing ‘sql’ under “authorize {}” and under session {}.

Open up /etc/raddb/clients.conf set your secret to something a bit more random, example:

Change:

secret = testing123

To something like:

secret = 3c23498n349c3yt290y93b4t3

Now check to see if Radius is working ok:

CentOS:

service radiusd restart
service radiusd stop

Ubuntu:

service freeradius restart
service freeradius stop

To add clients (External VPN Servers) you would edit CentOS: /etc/raddb/clients.conf Ubuntu: /etc/freeradius/clients.conf and directly under this line:

#	coa_server = coa
}

Add a block such as this:

client VPN_SERVER_IP {
	secret		= YOUR SECRET HERE
	shortname	= yourVPN
    nastype     = other
}

To allow external servers and software to authenticate off your FreeRADIUS, this has to be done every time you setup an external server to use this FreeRADIUS database.

Everytime you add a client or change a value in the config files you need to restart radius like this:

CentOS:

service radiusd restart

Ubuntu:

service freeradius restart

Add a test user to the radius database, first you need to login to your mysql radius database:

mysql -uroot -pyourrootpass

Switch to the radius database:

use radius;

Once there execute the below commands:

mysql> INSERT INTO `radcheck` (`id`, `username`, `attribute`, `op`, `value`) VALUES (1,'test','User-Password',':=','test');

Next test the test user with radtest.

radtest test test 127.0.0.1 0 mysecret

If you see “rad_recv: Access-Accept” then your installation is working fine.

If you have any problems with FreeRADIUS you can run FreeRADIUS in debug mode to help pinpoint any issues, to do that just do the following:

CentOS:

service radiusd stop
radiusd -X

Ubuntu:

service freeradius stop
freeradius -X

Now you can see in realtime if your authentication queries are actually reaching the server or the reasons why some users may be rejected authentication.

**Please follow below if using our WHMCS FreeRADIUS Module and UAS System:**

Open up /etc/raddb/sql.conf for CentOS or /etc/freeradius/sql.conf for Ubuntu and uncomment the following line:

#readclients = yes

to:

readclients = yes

Now your FreeRADIUS will read off the MySQL NAS table for clients – when adding NAS servers via our UAS system it will auto create the NAS table in your FreeRADIUS databases the first time you add a client.

Regards
SafeSrv.net

Tags: , ,
32 replies
  1. Safe Man says:

    Hello sir

    What web interface do you use to magnament vpn users ?

    Thank you

    Reply
  2. Safe Man says:

    Hello sir

    I want to create 1mounth limited user in freeradius + mysql , I do not have money to buy your modules or whmcs so i want create users manuly in linux command line but i don’t know how i do that , cat you help about this problem

    Thank you :-)

    Reply
  3. Alex says:

    Hallo Sir,
    How i can switch off IP logging in Freeradius?
    now i can see all ip addr in mysql > callingstationid

    Reply
  4. Alex says:

    I try comment #detail dsnt help
    but work perfect just and no more ip logging in freeradius db

    accounting {
    ok
    }

    Reply
  5. Alex says:

    Yes no more logs in mysql

    Reply
  6. Alex says:

    Hallo,
    Have some question :)
    Have server in NL with radius DB and so ..
    but now one more server in SE :) and mu question do i need install in SE ne freeradius and freeradius plugin or just plugin and connect to NL?

    Thanks

    Reply
  7. Deep Saha says:

    Done everything as mentioned.. I have a vps therefore I had to install apache and php etc

    but when I am going to the directory its lists all the files other than opening index.php file also when i tried to login to index.php it shows

    Server error
    HTTP Error 500 (Internal Server Error): An unexpected condition was encountered while the server was attempting to fulfill the request.

    Please Help

    Reply
    • Deep Saha says:

      Fixed The Issue Above Now Server Works Fine…

      But in openvpn I get auth error , I have installed Daloradius with radius for PHP management now users get created but auth failed :S

      Reply
  8. AC says:

    Great HOW-TO. Thanks!

    Reply
  9. Mehran says:

    Hi, after running this command radiusd -X i got these errors i cant understand what these errors say to me may you help me ….

    Starting – reading configuration files …
    including configuration file /etc/raddb/radiusd.conf
    including configuration file /etc/raddb/sql.conf
    WARNING: No such configuration item radius
    /etc/raddb/sql.conf[33]: Reference “rlm_sql_${radius}” not found
    Errors reading /etc/raddb/radiusd.conf

    Reply
    • Aman says:

      First make sure Have you done mysql configuration if “NO” . Create database then username /password then write into sql.conf file ( it’s also defined above this tutorial start from ” mysql -u root -p ”
      if you already done this . then install freeradius2-mysql (centos 5) or freeradius-mysql(centos 6)

      Reply
  10. imran says:

    Hi Admin,

    can you please list some lines how to add remote vpn server to the centralised radius server.
    What iptables rules need to be added to the radius server to allow traffic from vpn servers.

    I will be thankful if you can list how to add external vpn server like pptp server with ip address 192.168.1.10 and openvpn server with ip address 192.168.2.100
    IP address of the radius server is 192.168.3.1
    I will be waiting for your kind and swift response.

    Regards:
    imran

    Reply
  11. DILAN says:

    hi ,,,,

    it was really helpfull for me to setup a radius server, please help me to connect a user as well

    thanks

    Reply
  12. David says:

    After i tried to create the radius database i get error 1045 after mysql -unroot -p
    typed in the password i created it says error 1045. Am i doing something wrong?

    Reply

Trackbacks & Pingbacks

  1. […] olsun.. google da hiç arama yapmadığınızı varsayarak aşağıdaki linki gönderiyorum, Install and Setup FreeRADIUS on CentOS 5, CentOS 6 and Ubuntu 11.10 Alıntı ile […]

  2. [...] [info_box]This tutorial assumes you have already setup FreeRADIUS – to setup FreeRADIUS follow this guide here.[/info_box] [...]

  3. FreeRadius says:

    [...] guides for setting up the FreeRadius server on my CentOS 6.3 box, which we will call 'Server1' http://safesrv.net/install-and-setup…s-on-centos-5/ https://safesrv.net/setup-ssh-to-aut…on-centos-6-3/ Al all seems to be setup correctly. When I [...]

  4. [...] to login to SSH, we don’t set a pass for the user in SSH, thats where FreeRADIUS comes in. SetupThis tutorial assumes you have already setup FreeRADIUS – to setup FreeRADIUS, use the following [...]

  5. [...] tutorial we will show you how to offer multiple ports while using FreeRADIUS for authentication. SetupThis tutorial assumes you have already setup FreeRADIUS and OpenVPN, to setup FreeRADIUS, click [...]

  6. [...] Setup L2TP/IPSec to Authenticate off FreeRADIUS on CentOS 5 In this tutorial we will setup L2TP over IPSec and configure it to authenticate off your FreeRADIUS database, we will make this tutorial as simple as possible and won’t go into great detail to confuse novice users – we will supply the configuration templates that get you up and running. This tutorial assumes you have already setup FreeRADIUS – to setup FreeRADIUS follow this guide here. [...]

  7. [...] __reach_config = { pid: '4f079b93396cef0b2f0003d6', title: 'Setup L2TP over IPSec to Authenticate off FreeRADIUS on Ubuntu 11.10', tags: [{"term_id":"63","name":"IPSec","slug":"ipsec","term_group":"0","term_taxonomy_id":"75","taxonomy":"post_tag","description":"","parent":"0","count":"2"},{"term_id":"62","name":"L2TP","slug":"l2tp","term_group":"0","term_taxonomy_id":"74","taxonomy":"post_tag","description":"","parent":"0","count":"2"},{"term_id":"67","name":"Ubuntu","slug":"ubuntu","term_group":"0","term_taxonomy_id":"79","taxonomy":"post_tag","description":"","parent":"0","count":"1"}], authors: ["Admin"], channels: [], slide_logo: false, slide_active: true, date: '2012-07-16 16:25:56', url: 'https://safesrv.net/setup-l2tp-over-ipsec-to-authenticate-off-freeradius-on-ubuntu-11-10/', header: 'RECOMMENDED FOR YOU:' }; var content = document.getElementById('simplereach-slide-tag').parentNode, loc; if (content.className){ loc = '.' + content.className; } if (content.id){ loc = '#' + content.id; } __reach_config.loc = loc || content; (function(){ var s = document.createElement('script'); s.async = true; s.type = 'text/javascript'; s.src = document.location.protocol + '//d8rk54i4mohrb.cloudfront.net/js/slide.js'; __reach_config.css = ''; var tg = document.getElementsByTagName('head')[0]; if (!tg) {tg = document.getElementsByTagName('body')[0];} if (tg) {tg.appendChild(s);} })(); In this tutorial we will setup L2TP over IPSec to authenticate off your FreeRADIUS, we choose Ubuntu 11.10 as we find this version currently is the most stable version we have tested for L2TP/IPSec VPN’s so please use this tutorial on Ubuntu 11.10 or above. This tutorial assumes you have already setup FreeRADIUS – to setup FreeRADIUS follow this guide here. [...]

  8. [...]In this article we will setup the popular squid proxy software to authenticate off FreeRADIUS, we will also supply standard configs to get you going. This tutorial assumes you have already setup FreeRADIUS – to setup FreeRADIUS follow this guide here. [...]

  9. [...] In this tutorial we will setup L2TP over IPSec and configure it to authenticate off your FreeRADIUS database, we will make this tutorial as simple as possible and won’t go into great detail to confuse novice users – we will supply the configuration templates that get you up and running. This tutorial assumes you have already setup FreeRADIUS – to setup FreeRADIUS follow this guide here. [...]

  10. [...] on Centos 5on March 14,2012 in FreeRADIUS To setup FreeRADIUS please refer to our tutorial here. To setup OpenVPN please refer to our tutorial [...]

  11. [...] We will install poptop the open source PPTP server and set it up so that it authenticates off of FreeRADIUS on Centos, useful if your using in conjunction with our WHMCS module, should also work on other distress: This tutorial assumes you have already setup FreeRADIUS – to setup FreeRADIUS follow this guide here. [...]

  12. [...] This tutorial assumes you have already setup FreeRADIUS following this guide here. [...]

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Copyright 2013 SafeSrv.net | All Rights Reserved