September 6, 2016

How to Install and Setup FreeRADIUS on CentOS 5.x, CentOS 6.x and Ubuntu 11.x

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Setup Free Radius on CentOS/Ubuntu

Here is a simple tutorial on how to install FreeRadius on CentOS and/or Ubuntu and use it with PPTP or L2TP VPN so that VPN users authenticate via FreeRadius. This tutorial works perfectly on our SSD VPS as well as Dedicated Servers, we will soon even post a tutorial on how to setup PPTP and L2TP VPN service and make them authenticate using this Free Radius Server:

CentOS 5:

yum install freeradius2 freeradius2-mysql freeradius2-utils mysql-server -y

CentOS 6:

yum install freeradius freeradius-mysql freeradius-utils mysql-server -y

Ubuntu:

apt-get install freeradius freeradius-mysql freeradius-utils mysql-server


Now we need to configure MySQL:

To setup MySQL, start the service by running below:

CentOS:

service mysqld start

Ubuntu:

service mysql start

Now run the following to set your password and security settings:

/usr/bin/mysql_secure_installation

Common problems usually arise on cPanel servers but please check our knowldgebase for fixing issues on cPanel servers, next we need to create the radius database, type:

mysql

or

mysql -uroot -p

 

Then enter your mysql root password to continue…

Now create the database and grant all privileges to user radius:

CREATE DATABASE radius;
GRANT ALL PRIVILEGES ON radius.* TO radius@localhost IDENTIFIED BY "radpass";
flush privileges;


Now we need import the tables for radius in our MySQL Database:

mysql> use radius;

CentOS:

SOURCE /etc/raddb/sql/mysql/schema.sql

Ubuntu:

SOURCE /etc/freeradius/sql/mysql/schema.sql
exit

Now open up CentOS:/etc/raddb/sql.conf Ubuntu: /etc/freeradius/sql.conf and enter your mysql database details you just created, Example:

# Connection info:
	server = "localhost"
	#port = 3306
	login = "radius"
	password = "radpass"

	# Database table configuration for everything except Oracle
	radius_db = "radius"

In /etc/raddb/radiusd.conf ensure that the line saying:

$INCLUDE  sql.conf

is uncommented.

Edit /etc/raddb/sites-available/default and uncomment the line containing ‘sql’ in the authorize{} section and ‘sql’ in the accounting {} section, also uncomment ‘sql’ under session {}.

Additionally, edit /etc/raddb/sites-available/inner-tunnel and uncomment the line containing ‘sql’ under “authorize {}” and under session {}.

Open up /etc/raddb/clients.conf set your secret to something a bit more random, example:

Change:

secret = testing123

To something like:

secret = rectified.net349c3yt290y93b4t3

Now check to see if Radius is working ok:

CentOS:

service radiusd restart
service radiusd stop

Ubuntu:

service freeradius restart
service freeradius stop

To add clients (External VPN Servers) you would edit CentOS: /etc/raddb/clients.confUbuntu: /etc/freeradius/clients.conf and directly under this line:

#	coa_server = coa
}

Add a block such as this:

client VPN_SERVER_IP {
	secret		= YOUR SECRET HERE
	shortname	= Rectified.netVPN
    nastype     = other
}

To allow external servers and software to authenticate off your FreeRADIUS, this has to be done every time you setup an external server to use this FreeRADIUS database.

Everytime you add a client or change a value in the config files you need to restart radius like this:

CentOS:

service radiusd restart

Ubuntu:

service freeradius restart

Add a test user to the radius database, first you need to login to your mysql radius database:

mysql -uroot -pyourrootpass

Switch to the radius database:

use radius;

Once there execute the below commands:

mysql> INSERT INTO `radcheck` (`id`, `username`, `attribute`, `op`, `value`) VALUES (1,'test','User-Password',':=','test');

Next test the test user with radtest.

radtest test test 127.0.0.1 0 mysecret

If you see “rad_recv: Access-Accept” then your installation is working fine.

If you have any problems with FreeRADIUS you can run FreeRADIUS in debug mode to help pinpoint any issues, to do that just do the following:

CentOS:

service radiusd stop
radiusd -X

Ubuntu:

service freeradius stop
freeradius -X

Now you can see in realtime if your authentication queries are actually reaching the server or the reasons why some users may be rejected authentication.

Open up /etc/raddb/sql.conf for CentOS or /etc/freeradius/sql.conf for Ubuntu and uncomment the following line:

#readclients = yes

to:

readclients = yes

Now your FreeRADIUS will read off the MySQL NAS table for clients

 

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

One thought on “How to Install and Setup FreeRADIUS on CentOS 5.x, CentOS 6.x and Ubuntu 11.x

  1. Pingback: Tutorial for how to setup L2TP/IPSec to Authenticate off FreeRADIUS on CentOS 6 – Rectified Networks

Leave a Reply

Your email address will not be published. Required fields are marked *