Install FreeRADIUS with daloRADIUS on Debian 9

In this guide, we are going to learn how to Install FreeRADIUS with daloRADIUS on Debian 9 stretch. As you already know, FreeRADIUS is an opensource high performance and highly configurable RADIUS suite that provides centralized network authentication on systems such as 802.1x (WiFi), dialup, PPPoE, VPN’s, VoIP, etc. Among the database back-ends that it supports include OpenLDAP, MySQL, Redis, Microsoft AD, Apache Cassandra, PostgreSQL etc.

daloRADIUS on the other hand is an advanced web application for managing FreeRADIUS server. It supports various database backends such as MySQL, Sqlite, PostgreSQL, MsSQL, MySQL. It provides features such as Access Control Lists, support integration with Google Maps for geo-location of hotspots/access points, graphical reporting…

Running Debian 10/Debian 11? Use the link below instead;

Install FreeRADIUS with daloRADIUS on Debian 11/Debian 10

Installing FreeRADIUS with daloRADIUS on Debian 9

Prerequisites

• As a prerequisite, ensure that you have LAMP installed on your Debian 9 server. See our guide on how to install LAMP stack on Debian 9.
• Install other required PHP extensions

  apt install php-mail php-mail-mime php-pear

• Install PHP Pear DB library

  pear install DB

You may also want to check our previous guide on how to install FreeRADIUS with daloRADIUS on Fedora 29.

Install and Configure FreeRADIUS on Debian 9

Update and upgrade your system packages;

apt update
apt upgrade

FreeRADIUS packages are available on the default Debian 9 default repositories and thus can be installed by running the command below;

apt-get install freeradius freeradius-mysql freeradius-utils

Once the installation is done, FreeRADIUS is running by default. Hence, run the command below to enable it run on system restart.

systemctl enable freeradius

Open FreeRADIUS UDP port2 1812 and 1813 on UFW.

ufw allow to any port 1812 proto udp
ufw allow to any port 1813 proto udp

You can confirm port opening by running the command below;

ss -alun4 | grep -E '1812|1813'

UNCONN     0      0            *:1812                     *:*                  
UNCONN     0      0            *:1813                     *:*                  
UNCONN     0      0      127.0.0.1:18120                    *:*

Stop FreeRADIUS and run it on debugging mode to confirm that it is ready to process the requests.

systemctl stop freeradius

freeradius -X

If all is well, you should be able to see the sample output below;

...
listen {
  	type = "acct"
  	ipv6addr = ::
  	port = 0
   limit {
   	max_connections = 16
   	lifetime = 0
   	idle_timeout = 30
   }
}
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on proxy address * port 58656
Listening on proxy address :: port 48643
Ready to process requests

Create FreeRADIUS database and database user. Be sure to grant the database user all the privileges on FreeRADIUS database.

Login to MySQL as root user.

mysql -u root -p

Create the database and database user.

create database radius;
grant all privileges on radius.* to radius@localhost identified by 'P@ssWORD';

Reload the privileges tables to affect the changes.

flush privileges;
quit

After that, import the FreeRADIUS default database schema located under /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql to the RADIUS database we created above.

mysql -u root -p radius < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql

Enable FreeRADIUS SQL module by creating a symbolic link of the sql module under /etc/freeradius/3.0/mods-available/ to mods-enabled.

ln -s /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-enabled/

Open the enabled SQL module and configure the radius database connection details as shown below;

...
        # The dialect of SQL you want to use, this should usually match
        # the driver you selected above.
        #
        # If you're using rlm_sql_null, then it should be the type of
        # database the logged queries are going to be executed against.
        #dialect = "sqlite"
        dialect = "mysql"

        # Connection info:
        #
        server = "localhost"
        port = 3306
        login = "radius"
        password = "P@ssWORD"

        # Database table configuration for everything except Oracle
        radius_db = "radius"

Locate the line, # read_clients = yes and uncomment it to enable FreeRADIUS server read clients from database.

...
        # Set to 'yes' to read radius clients from the database ('nas' table)
        # Clients will ONLY be read on server startup.
        read_clients = yes
...

Save the changes and quit configuration file.

Change the ownership user and group of the enabled SQL module (symbolic link) to freerad as shown below.

chown -h freerad.freerad /etc/freeradius/3.0/mods-enabled/sql

Once that is done, restart the FreeRADIUS service,

systemctl restart freeradius

Install and Configure daloRADIUS on Debian 9

To get the latest version of daloRADIUS, you would have to download the archive from the Sourceforge downloads page.

Once you have downloaded the archive, run the command below to extract it.

tar -xzf daloradius-0.9-9.tar.gz

Next, you need to move the extracted daloRADIUS folder to the root directory of your web server.

mv daloradius-0.9-9 /var/www/html/daloradius

daloRADIUS ships with its default MySQL tables. You need to import these tables to the FreeRADIUS database we created above.

mysql -u root -p radius < /var/www/html/daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql
mysql -u root -p radius < /var/www/html/daloradius/contrib/db/mysql-daloradius.sql

Configure ownership of the daloRADIUS web configuration files to Apache web user as shown below;

chown -R www-data.www-data /var/www/html/daloradius/

Configure the permissions of the daloRADIUS main configuration file to 664 as shown below;

chmod 664 /var/www/html/daloradius/library/daloradius.conf.php

Open the daloRADIUS configuration file for editing and set the database connection parameters.

vim /var/www/html/daloradius/library/daloradius.conf.php

...
$configValues['DALORADIUS_VERSION'] = '0.9-9';
$configValues['FREERADIUS_VERSION'] = '2';
$configValues['CONFIG_DB_ENGINE'] = 'mysqli';
$configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_PORT'] = '3306';
$configValues['CONFIG_DB_USER'] = 'radius'; < RADIUS database user
$configValues['CONFIG_DB_PASS'] = 'P@ssWORD'; < radius user password
$configValues['CONFIG_DB_NAME'] = 'radius'; < RADIUS database
...

Be sure to change the value of $configValues['CONFIG_DB_ENGINE'] = 'mysqli'; from mysql to mysqli lest you get the error, Error Message: DB Error: extension not found.

Save the configuration file and restart FreeRADIUS.

systemctl restart freeradius

daloRADIUS configuration is done. Now, navigate to the browser and access daloRADIUS using the address http://server_IP/daloradius. You should land on a login page.

The defualt login password for the default Administrator user is radius.

Other Tutorials

Install FreeRADIUS with daloRADIUS on Debian 11/Debian 10

Install FreeRADIUS with daloRADIUS on Ubuntu 20.04