Installing and Configuring Freeradius
The first step is to Install Freeradius (ensure you already update your apt with apt-update)
$sudo apt-get install freeradius * Starting FreeRADIUS daemon freeradius [ OK ]
Setting up freeradius-utils (2.1.10+dfsg-3build2) ...
Then prepare the database for freeradius. Create database radius and assign username and password for accessing it.
# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 51
Server version: 5.5.24-0ubuntu0.12.04.1 (Ubuntu)
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create database radius;
mysql> grant all on radius.* to radius@localhost identified by "thepassword";
Query OK, 0 rows affected (0.00 sec)
The next step was to insert the database schema and I realized that I could not find the database scheme in /etc/freeradius.
Obviously I should install freeradius-mysql package first.
#apt-get install freeradius-mysql
Setting up freeradius-mysql (2.1.10+dfsg-3build2) ...
* Reloading FreeRADIUS daemon freeradius [ OK ]
Then insert the database scheme
# mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql
Enter password:
# mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sql
Enter password:
Now we try to insert new user for testing purpose in database.
# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 72
Server version: 5.5.24-0ubuntu0.12.04.1 (Ubuntu)
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use radius;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('sqltest', 'Password', 'testpwd');
Query OK, 1 row affected (0.04 sec)
mysql> exit
Bye
The next step is we need to configure the Freeradius files.
Edit /etc/freeradius/sql.conf file. Setting database type, login and password that we already setup before.
# vim /etc/freeradius/sql.conf
database = mysql
login = radius
password = thepassword
readclients = yes
Then edit the /etc/freeradius/sites-enabled/default file
# vim /etc/freeradius/sites-enabled/default
Uncomment sql on authorize{}
# See “Authorization Queries” in sql.conf
sql
Uncomment sql on accounting{}
# See “Accounting queries” in sql.conf
sql
Uncomment sql on session{}
# See “Simultaneous Use Checking Queries” in sql.conf
sql
Uncomment sql on post-auth{}
# See “Authentication Logging Queries” in sql.conf
sql
Then we edit /etc/freeradius/radiusd.conf file
# vim /etc/freeradius/radiusd.conf
#Uncomment #$INCLUDE sql.conf
$INCLUDE sql.conf
To test our configuration, first we must stop the freeradius service (if already running)
# /etc/init.d/freeradius stop
* Stopping FreeRADIUS daemon freeradius [ OK ]
Then run this command to run freeradius in debugging mode. If there is no error, you are good to go.
#freeradius -X
On a new shell or window we tested the connection
$ radtest sqltest testpwd localhost 18128 testing123
Sending Access-Request of id 65 to 127.0.0.1 port 1812
User-Name = "sqltest"
User-Password = "testpwd"
NAS-IP-Address = 127.0.1.1
NAS-Port = 18128
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=65, length=20
The test running well with Accept response from the server.
To enable Mikrotik device to access our server we need to add client in clients.conf file.
#vim /etc/freeradius/clients.conf
client 10.0.0.0/8 {
secret = testingpassword
shortname = testing
nastype= mikrotik
}
*note: we need to stop freeradius -X and then running it again to test our configuration
Update (Jan 27, 2013): If we want to add specific value for Mikrotik, we need to add mikrotik dictionary
#vim /etc/freeradius/dictionary
Then add this line below
$INCLUDE /usr/share/freeradius/dictionary.mikrotik
Mikrotik Configuration
We need to configure our Mikrotik devices to use our new radius server. We need to login to Mikrotik device and configure the radius in Radius menu.
Below image is an example of our configuration.
*Note: we increase timeout settting to 3000ms to enable invalid login notifications. (not working with default 300ms)
Daloradius Installation
First, we need to download daloradius file
$wget http://downloads.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fdaloradius%2Ffiles%2F&ts=1345296201&use_mirror=nchc
Rename and extract the file
# tar xvfz daloradius-0.9-9.tar.gz
# mv daloradius-0.9-9 daloradius
Move the file to the web server directory. In this case I use apache on Ubuntu so the location is at /var/www
# mv daloradius-0.9-9 daloradius
# mv daloradius /var/www
Then we need to setup the database. Because already setup the freeradius using MySQL, so we don't need new database. All we need to do is to import the daloradius scheme into our existing radius database.
# cd /var/www/daloradius/contrib/db
# mysql -u root -p radius < mysql-daloradius.sql
After database successfully altered, we need to configure the daloradius setting.
#vim /var/www/daloradius/library/daloradius.conf.php
Change the database password
$configValues['CONFIG_DB_PASS'] = 'thepassword';
Then we can try to access daloradius using http://ipaddressoftheserver/daloradius
*Note: In my installation, i had a problem because I didn't have php5-gd php-pear and php-db packages installed on my Ubuntu server.
To deal with this problem you can install the packages using
# apt-get install php5-gd php-pear php-db
References,
Mastaqim (2012), http://www.mastaqim.web.id/2012/08/install-freeradius-mysql-ubuntu-server.html
Daud (2012), http://daud.rasadigital.com/install-daloradius-di-ubuntu-server/