INTALL
FREERADIUS + DALORADIUS
DaloRADIUS
is an advanced RADIUS web management application aimed at managing hotspots and
general-purpose ISP deployments. It features user management, graphical
reporting, accounting, a billing engine and integrates with Google Maps for
Geo-locating.
Now let’s start
installation process of FreeRADIUS and DaloRADIUS
SELINUX Setting:-
Before
installations, I recommend turning off SELinux or setting it in permissive
mode:-
[root@radius ~]# setenforce 0
[root@radius ~]# sed -i
's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config
[root@radius ~]# cat /etc/selinux/config
# This file controls the state of SELinux on
the system.
# SELINUX= can take one of these three
values:
# enforcing - SELinux
security policy is enforced.
# permissive -
SELinux prints warnings instead of enforcing.
# disabled - No
SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of three two
values:
# targeted - Targeted
processes are protected,
# minimum -
Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level
Security protection.
SELINUXTYPE=targeted
[root@radius ~]#
Prerequisites:-
Update
your CentOS 7 and install Deployment Tool. You can run this commands to update
your CentOS and for Deployment Tool installation.
[root@radius ~]# yum -y update
[root@radius ~]# yum groupinstall
"Development Tools" -y
Install httpd server
[root@radius ~]# yum -y install httpd
httpd-devel
Once
installation competed you can enable and start your HTTPD service using below
commands. You can also check running status of HTTPD service using below
commands. As like below screen shot.
[root@radius ~]# systemctl enable httpd
[root@radius ~]# systemctl start httpd
[root@radius ~]# systemctl status httpd
Installing and Configuring
MariaDB
Now
we are going to install and configure MariaDB 10.1.33, using below steps:-
Add MariaDB official repo
content to CentOS 7 system
Add
the below content in MariaDB.repo file and save the file.
[root@radius ~]#vi /etc/yum.repos.d/MariaDB.repo
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDBgpgcheck=1
Update system and install
MariaDB to configure Database server
[root@radius ~]# yum -y update
[root@radius ~]# yum install -y
mariadb-server mariadb
You
will get prompted to install MariaDB GPG Signing key. Just press y to
allow installation.
Start and enable MariaDB
[root@radius ~]# systemctl start mariadb
[root@radius ~]# systemctl enable mariadb
Check running and enabled
status of MariaDB
[root@radius ~]# systemctl status mariadb
[root@radius ~]# systemctl is-enabled
mariadb.service
enabled
Configure initial MariaDB
settings to secure it.
Here
we will set root password. For security purposes, consider removing anonymous
users and disallowing remote root login. You can see below example configuration.
Key choices has been marked in bold.
[root@radius ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS
RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH
STEP CAREFULLY!
In order to log into MariaDB to secure it,
we'll need the current
password for the root user. If you've just
installed MariaDB, and
you haven't set the root password yet, the
password will be blank,
so you should just press enter here.
Enter current password for root (enter for
none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody
can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an
anonymous user, allowing anyone
to log into MariaDB without having to have a
user account created for
them. This is intended only for testing, and
to make the installation
go a bit smoother. You should remove them
before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to
connect from 'localhost'. This
ensures that someone cannot guess at the root
password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database
named 'test' that anyone can
access. This is also intended only for
testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure
that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the
above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
[root@radius ~]#
Allow only local connection
to mysql server. This is a security mechanism.
[root@radius ~]# vi /etc/my.cnf
[mysqld]
bind-address=127.0.0.1
Configure Database for
freeradius
[root@radius ~]# mysql -u root -p -e "
CREATE DATABASE radius"
[root@radius ~]# mysql -u root -p -e
"show databases"
[root@radius ~]# mysql -u root -p
MariaDB [(none)]> GRANT ALL ON radius.* TO
radius@localhost IDENTIFIED BY "radiuspassword";
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> \q
Bye
[root@radius ~]#
Installing php 7 on CentOS
7
[root@radius ~]# cd ~
[root@radius ~]# bash setup-ius.sh
[root@radius ~]# yum remove php-cli mod_php
php-common
[root@radius ~]# yum -y install mod_php70u
php70u-cli php70u-mysqlnd php70u-devel php70u-gd php70u-mcrypt php70u-mbstring
php70u-xml php70u-pear
[root@radius ~]# apachectl restart
After
installation you can check php version to confirm using below commands:-
[root@radius ~]# php -v
If
php 7 fails to work for you, then you can install php 5 by running below
commands. You have to first uninstall php 7 then you can try with php 5.
[root@radius ~]# yum -y install php-pear
php-devel php-mysql php-common php-gd php-mbstring php-mcrypt php php-xml
Installing FreeRADIUS
[root@radius ~]# yum -y install freeradius
freeradius-utils freeradius-mysql
You
have to start and enable freeradius with below commands, after successfully
installation.
[root@radius ~]# systemctl start
radiusd.service
[root@radius ~]# systemctl enable radiusd.service
Created symlink from
/etc/systemd/system/multi-user.target.wants/radiusd.service to
/usr/lib/systemd/system/radiusd.service.
Now
you can check the status:-
[root@radius ~]# systemctl status
radiusd.service
Now
we have to configure firewalld to allow radius and httpd packets in and out.
Radius server use udp ports 1812 and 1813. This can be confirmed by viewing the contents of the file /usr/lib/firewalld/services/radius.xml. You can cat this file and see.
Radius server use udp ports 1812 and 1813. This can be confirmed by viewing the contents of the file /usr/lib/firewalld/services/radius.xml. You can cat this file and see.
[root@radius ~]# cat /usr/lib/firewalld/services/radius.xml
First start and enable
firewalld for security
[root@radius ~]# systemctl enable firewalld
[root@radius ~]# systemctl start firewalld
[root@radius ~]# systemctl status firewalld
Confirm firewalld is
running or not
[root@radius ~]# firewall-cmd --state
running
Add permanent rules to
default zone to allow http,https and radius services
[root@radius ~]# firewall-cmd --get-services
| egrep 'http|https|radius'
[root@radius ~]# firewall-cmd
--add-service={http,https,radius} --permanent
Reload firewalld for
changes to take effect
[root@radius ~]# firewall-cmd --reload
We can confirm that
services were successfully added to default zone
[root@radius ~]# firewall-cmd
--get-default-zone
public
[root@radius ~]# firewall-cmd --list-services
--zone=public
dhcpv6-client http https radius ssh
You
can see the three services present hence we are good to proceed.
[root@radius ~]# ss -tunlp | grep radiusd
If
you want to run radius server in debug mode. You can run this command radiusd
-X If debug mode is going to fail to bind to ports, you may have to
kill radius server daemon first. You will get this types of massage if your
radius server will fail to bind the port.
In
this case you have to kill radius daemon first then you can start radiusd -X
[root@radius ~]# pkill radius
Then
you can start radius server in debugging mode and you will see below massage if
your radius service successfully run in debug mode.
[root@radius ~]# radiusd –X
----------------------------
----------------------------------
--------------------------------------
Listening on auth address * port 1812 bound
to server default
Listening on acct address * port 1813 bound
to server default
Listening on auth address :: port 1812 bound
to server default
Listening on acct address :: port 1813 bound
to server default
Listening on auth address 127.0.0.1 port
18120 bound to server inner-tunnel
Listening on proxy address * port 39556
Listening on proxy address :: port 52609
Ready to process requests
Configure FreeRADIUS
To
Configure FreeRADIUS to use MariaDB, you can follow steps below:-
Import the Radius database
scheme to populate radius database
[root@radius ~]# mysql -u root -p radius <
/etc/raddb/mods-config/sql/main/mysql/schema.sql
Configure Radius at this
point
First
of all we have to create a soft link for SQL under /etc/raddb/mods-enabled
[root@radius ~]# ln -s
/etc/raddb/mods-available/sql /etc/raddb/mods-enabled/
Then
we can configure SQL module /raddb/mods-available/sql and
change the database connection parameters to suitable our environment like
this:-
sql
section should be look similar to below.
[root@radius ~]# vi
/etc/raddb/mods-available/sql
sql {
driver = "rlm_sql_mysql"
dialect = "mysql"
# Connection info:
server = "localhost"
port = 3306
login = "radius"
password = "radiuspassword"
# Database table configuration for everything
except Oracle
radius_db = "radius"
}
# Set to ‘yes’ to read radius clients from
the database (‘nas’ table)
# Clients will ONLY be read on server
startup.
read_clients = yes
# Table to keep radius client info
client_table = “nas”
Then
change group right of /etc/raddb/mods-enabled/sql to radiusd:-
[root@radius ~]# chgrp -h radiusd
/etc/raddb/mods-enabled/sql
Installing and Configuring
Daloradius
Installing Daloradius
We
can use Daloradius to manage our radius server. This is optional and should not
be done before install FreeRADIUS. There are two ways to download daloradius,
either from github or sourceforge.
Github method:-
[root@radius ~]# unzip master.zip
[root@radius ~]# mv daloradius-master/
daloradius
Sourceforge way:-
[root@radius ~]# wget http://liquidtelecom.dl.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz
[root@radius ~]# tar zxvf
daloradius-0.9-9.tar.gz
[root@radius ~]# mv daloradius-0.9-9
daloradius
Change directory for
configuration
[root@radius ~]# cd daloradius
Configuring daloradius
Now import Daloradius mysql
tables
[root@radius ~]# mysql -u root -p radius <
contrib/db/fr2-mysql-daloradius-and-freeradius.sql
[root@radius ~]# mysql -u root -p radius <
contrib/db/mysql-daloradius.sql
Configure daloRADIUS
database connection details
[root@radius ~]# cd ..
[root@radius ~]# mv daloradius /var/www/html/
We
need to change permissions for http folder and set the right permissions for
daloradius configuration file.
[root@radius ~]# chown -R apache:apache
/var/www/html/daloradius/
[root@radius ~]# chmod 664
/var/www/html/daloradius/library/daloradius.conf.php
Now
we have to modify daloradius.conf.php file to adjust the MySQL database
information . So let’s open the daloradius.conf.php and add
the database username, password and db name.
[root@radius ~]# vi
/var/www/html/daloradius/library/daloradius.conf.php
Especially
relevant variables to configure are:
CONFIG_DB_USER
CONFIG_DB_PASS
CONFIG_DB_NAME
Make
sure everything works, restart radiusd, httpd and mysql:
[root@radius ~]# systemctl restart
radiusd.service
[root@radius ~]# systemctl restart
mariadb.service
[root@radius ~]# systemctl restart httpd
If
you have install php 7 then you can ignore php-pear installation. And you have
to only run pear install DB.
[root@radius ~]# yum install php-pear
[root@radius ~]# pear install DB
We
have completed installation and configuration of daloradius and freeradius. To
access daloradius, open the link using your IP address, then you will get your
radius dashboard.
http://ip-address/daloradius/login.php
Default
login details are:
Username: administrator
Password: radius
Username: administrator
Password: radius
In this tutorial we have
seen how to install FreeRADIUS and DaloRADIUS. If you getting any issue in this
steps, let us know. My pleasure to help you.
PERMASALAHAN – PERMASALAHAN YANG MUNCUL
DAN CARA MENGATASI
1.
Mengatasi
permasalahan :
Job
for radiusd.service failed because the control process exited with error code.
See "systemctl status radiusd.service" and "journalctl -xe"
for details.
Cara mengatasi :
1.
Ketik perintah berikut ini : /usr/sbin/radiusd -C -lstdout –xxx
Lihat
permasalahan yang muncul dengan kode warna merah dan ubah kesalahan
konfigurasi.
0 Comment to "Tutorial Konfigurasi FreeRadius Server Eksternal + Daloradius"
Post a Comment