In this guide, we are going to learn how to Install FreeRADIUS with daloRADIUS on Debian 11/Debian 10.
FreeRADIUS is a high-performance RADIUS server with support for:
- Authentication by local files, SQL, Kerberos, LDAP, PAM, and more.
- Powerful policy configuration language.
- Proxying and replicating requests by any criteria.
- Support for many EAP types; TLS, PEAP, TTLS, etc.
- Many vendor-specific attributes.
- Regexp matching in string attributes.
- et
daloRADIUS on the other hand is an advanced web application for managing FreeRADIUS server. It supports various database backends such as MySQL, Sqlite, PostgreSQL, MsSQL, MySQL. It provides features such as Access Control Lists, support integration with Google Maps for geo-location of hotspots/access points, graphical reporting…
Install FreeRADIUS with daloRADIUS on Debian 11/Debian 10
Prerequisites
- As a prerequisite, ensure that you have LAMP installed on your Debian 11/Debian 10 server.
Install LAMP Stack on Debian 11
Same guide can used for Debian 10.
- Install other required PHP extensions:
apt install php-mail php-mail-mime php-pear php-xml
- Install PHP Pear DB library (you can, for now, ignore the warnings):
pear install DB
Install and Configure FreeRADIUS on Debian 11/Debian 10
Install FreeRADIUS
Update and upgrade your system packages;
apt update
FreeRADIUS packages are available on the default Debian 11/Debian 10 default repositories and thus can be installed by running the command below;
apt-get install freeradius freeradius-mysql freeradius-utils
Once the installation is done, FreeRADIUS is running by default. It is also enabled to run on system restart.
systemctl status freeradius
● freeradius.service - FreeRADIUS multi-protocol policy server Loaded: loaded (/lib/systemd/system/freeradius.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2021-10-11 11:32:40 EAT; 1min 26s ago Docs: man:radiusd(8) man:radiusd.conf(5) http://wiki.freeradius.org/ http://networkradius.com/doc/ Process: 16443 ExecReload=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cxm -lstdout (code=exited, status=0/SUCCESS) Process: 16444 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS) Main PID: 16067 (freeradius) Status: "Processing requests" Tasks: 6 (limit: 1133) Memory: 79.7M (limit: 2.0G) CPU: 260ms CGroup: /system.slice/freeradius.service └─16067 /usr/sbin/freeradius -f Oct 11 11:32:44 debian11 freeradius[16443]: Please use tls_min_version and tls_max_version instead of disable_tlsv1_2 Oct 11 11:32:44 debian11 freeradius[16443]: tls: Using cached TLS configuration from previous invocation Oct 11 11:32:44 debian11 freeradius[16443]: tls: Using cached TLS configuration from previous invocation Oct 11 11:32:44 debian11 freeradius[16443]: rlm_mschap (mschap): using internal authentication Oct 11 11:32:44 debian11 freeradius[16443]: Ignoring "sql" (see raddb/mods-available/README.rst) Oct 11 11:32:44 debian11 freeradius[16443]: Ignoring "ldap" (see raddb/mods-available/README.rst) Oct 11 11:32:44 debian11 freeradius[16443]: # Skipping contents of 'if' as it is always 'false' -- /etc/freeradius/3.0/sites-enabled/inner-tunnel:336 Oct 11 11:32:44 debian11 freeradius[16443]: radiusd: #### Skipping IP addresses and Ports #### Oct 11 11:32:44 debian11 freeradius[16443]: Configuration appears to be OK Oct 11 11:32:44 debian11 systemd[1]: Reloaded FreeRADIUS multi-protocol policy server.
Open FreeRADIUS UDP port2 1812 and 1813 on UFW.
ufw allow to any port 1812:1813 proto udp
You can confirm port opening by running the command below;
ss -alun4 | grep -E '1812|1813'
UNCONN 0 0 127.0.0.1:18120 0.0.0.0:*
UNCONN 0 0 0.0.0.0:1812 0.0.0.0:*
UNCONN 0 0 0.0.0.0:1813 0.0.0.0:*
Stop FreeRADIUS and run it on debugging mode to confirm that it is ready to process the requests.
systemctl stop freeradius
freeradius -X
If all is well, you should be able to see the sample output below (Ready to process requests);
... listen { type = "acct" ipv6addr = :: port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } Listening on auth address * port 1812 bound to server default Listening on acct address * port 1813 bound to server default Listening on auth address :: port 1812 bound to server default Listening on acct address :: port 1813 bound to server default Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel Listening on proxy address * port 57303 Listening on proxy address :: port 59574 Ready to process requests
Create FreeRADIUS database and database user
Login to MySQL as root user.
mysql -u root -p
Create the database and database user.
create database radius;
grant all privileges on radius.* to [email protected] identified by '[email protected]';
Reload the privileges tables to affect the changes.
flush privileges;
quit
Import the FreeRADIUS default database schema
Once you create the database, import the FreeRADIUS default database schema located under /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql
to the RADIUS database we created above.
mysql -u root -p radius < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql
Enable FreeRADIUS SQL module by creating a symbolic link of the sql module
under /etc/freeradius/3.0/mods-available/
to mods-enabled
.
ln -s /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-enabled/
Set FreeRADIUS Database Connection Details
Open the enabled SQL module and configure the radius
database connection details as shown below;
...
sql {
...
#dialect = "sqlite"
dialect = "mysql"
...
# Connection info:
#
server = "localhost"
port = 3306
login = "radius"
password = "[email protected]"
# Database table configuration for everything except Oracle
radius_db = "radius"
Save the changes and quit configuration file.
Locate the line, # read_clients = yes
and uncomment it to enable FreeRADIUS server read clients from database.
sed -i '/read_clients = yes/s/^#//' /etc/freeradius/3.0/mods-enabled/sql
This updates the line as shown below;
...
# Set to 'yes' to read radius clients from the database ('nas' table)
# Clients will ONLY be read on server startup.
read_clients = yes
...
Change the ownership user and group of the enabled SQL module (symbolic link) to freerad as shown below.
chown -h freerad.freerad /etc/freeradius/3.0/mods-enabled/sql
Once that is done, restart the FreeRADIUS service,
systemctl restart freeradius
Install and Configure daloRADIUS on Debian 11/Debian 10
Install daloRADIUS
To get the latest version of daloRADIUS, you would have to download the archive from the Sourceforge downloads page.
Once you have downloaded the archive, run the command below to extract it.
apt install zip -y
unzip daloradius-1.1-2.zip
Next, you need to move the extracted daloRADIUS folder to the root directory of your web server.
cp -r daloradius /var/www/html/
Import daloRADIUS Database Schema
daloRADIUS ships with its default MySQL tables.
You need to import these tables to the FreeRADIUS database we created above.
mysql -u root -p radius < /var/www/html/daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql
mysql -u root -p radius < /var/www/html/daloradius/contrib/db/mysql-daloradius.sql
Configure ownership of the daloRADIUS web configuration files to Apache web user as shown below;
chown -R www-data.www-data /var/www/html/daloradius/
Configure the permissions of the daloRADIUS main configuration file to 664
as shown below;
chmod 664 /var/www/html/daloradius/library/daloradius.conf.php
Configure daloRADIUS Database connection settings
Open the daloRADIUS configuration file for editing and set the database connection parameters.
vim /var/www/html/daloradius/library/daloradius.conf.php
...
$configValues['DALORADIUS_VERSION'] = '1.1-2';
$configValues['DALORADIUS_DATE'] = '08 Aug 2019';
$configValues['FREERADIUS_VERSION'] = '2';
$configValues['CONFIG_DB_ENGINE'] = 'mysqli';
$configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_PORT'] = '3306';
$configValues['CONFIG_DB_USER'] = 'radius'; < RADIUS database user
$configValues['CONFIG_DB_PASS'] = '[email protected]'; < radius user password
$configValues['CONFIG_DB_NAME'] = 'radius'; < RADIUS database
...
Save the configuration file and restart FreeRADIUS.
systemctl restart freeradius
daloRADIUS configuration is done.
Accessing daloRADIUS Web Interface
Now, navigate to the browser and access daloRADIUS using the address http://server_IP/daloradius
.
If ufw is running, open the ports;
ufw allow 80/tcp
You should land on a login page.
The defualt login password for the default Administrator
user is radius
.
To reset daloRADIUS administrator password, navigate to Config > Operators > List Operators > Operator Info > Reset the password and > Apply.
And that is how you can easily install FreeRADIUS with daloRADIUS on Debian 11/Debian 10. Enjoy.
Other Tutorials
Install Guacamole on Debian 11
Install Zabbix Server from Source on Debian 11