Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Image Removed

https://computingforgeeks.com/how-to-install-freeradius-and-daloradius-on-ubuntu/

Download DaloRadius:

https://sourceforge.net/projects/daloradius/files/daloradius/

...

Image Added


Better installation:   https://kifarunix.com/install-freeradius-with-daloradius-on-ubuntu-20-04/


to be checked again:   https://computingforgeeks.com/how-to-install-freeradius-and-daloradius-on-ubuntu/


Download DaloRadius:

https://sourceforge.net/projects/daloradius/files/daloradius/


| +
If using LXC container
how to create a containerLXC container on ProxMox
Update and Upgraderoot password:   Juniper!1   ( in console,  root disable for remote access )

sudo apt update
sudo apt -y upgrade

sudo reboot
Install Apache Web Server and PHP

sudo apt -y install apache2

sudo apt -y install php libapache2-mod-php php-{gd,common,mail,mail-mime,mysql,pear,db,mbstring,xml,curl}
Check installation
php -v


Install MariaDB and Create a database

sudo apt update
sudo apt install mariadb-server


Code Block
titleinstallation MariaDB
collapsetrue
me@server01:~$ sudo mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] n
 ... skipping.

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] n
 ... skipping.

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] n
 ... skipping.

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] n
 ... skipping.

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
me@server01:~$


sudo mysql_secure_installation


$ sudo mysql -u root -p
CREATE DATABASE radius;
GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "Str0ngR@diusPass";
FLUSH PRIVILEGES;
QUIT
create a database database name: radius database user: radius database user password: Str0ngR@diusPass
Install and Configure FreeRADIUS on Ubuntu
sudo apt policy freeradius
freeradius:
  Installed: (none)
  Candidate: 3.0.20+dfsg-3build1
  Version table:
     3.0.20+dfsg-3build1 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu focal/main amd64 Packages
sudo apt -y install freeradius freeradius-mysql freeradius-utils
sudo -i mysql -u root -p radius < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql
mysql password: radius
Code Block
titleshow tables
collapsetrue
root@server01:~# sudo mysql -u root -p -e "use radius;show tables;" Enter password: +------------------+ | Tables_in_radius | +------------------+ | nas | | radacct | | radcheck | | radgroupcheck | | radgroupreply | | radpostauth | | radreply | | radusergroup
test access

sudo mysql -u <db userame> -p <database>


sudo mysql -u radius -p radius

>>> then enter the password:   Str0ngR@diusPass

show grants;



Code Block
titletest db
root@server01:~# sudo mysql -u radius -p radius
Enter password:
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 227
Server version: 10.3.25-MariaDB-0ubuntu0.20.04.1 Ubuntu 20.04

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [radius]> show grants;
+---------------------------
+

sudo  more /etc/freeradius/3.0/mods-enabled/sql | grep "#" -v | grep -v "^[[:space:]]*$"

Code Block
titledefault config sql
collapsetrue
root@server01:/etc/freeradius/3.0/mods-enabled# more /etc/freeradius/3.0/mods-enabled/sql | grep "#" -v | grep -v "^[[:space:]]*$" sql { dialect = "sqlite"
------------------------------------------------------------------------------------+
| Grants for radius@localhost            
driver
 
=
 
"rlm_sql_null"
         
sqlite
 
{
                 
filename
 
=
 
"/tmp/freeradius.db"
                 
busy_timeout
 
=
 
200
                 
bootstrap
 
=
 
"${modconfdir}/${..:name}/main/sqlite/schema.sql"
  
} mysql
|
+---------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO `radius`@`localhost` IDENTIFIED BY PASSWORD '*CDFD06B87A8B800EC4B18B9CC06CAEE3A258611A' |
| GRANT ALL PRIVILEGES ON `radius`.* TO `radius`@`localhost`                                                    |
+---------------------------------------------------------------------------------------------------------------+
2 rows in set (0.000 sec)


Install and Configure FreeRADIUS on Ubuntu

sudo apt policy freeradius
freeradius:
  Installed: (none)
  Candidate: 3.0.20+dfsg-3build1
  Version table:
     3.0.20+dfsg-3build1 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu focal/main amd64 Packages

sudo apt -y install freeradius freeradius-mysql freeradius-utils

sudo -i
mysql -u root -p radius < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql

mysql password: radius



Code Block
titleshow tables
collapsetrue
root@server01:~# sudo  mysql -u root -p -e "use radius;show tables;"
Enter password:
+------------------+
| Tables_in_radius |
+------------------+
| nas              |
| radacct          |
| radcheck         |
| radgroupcheck    |
| radgroupreply    |
| radpostauth      |
| radreply         |
| radusergroup     |
+------------------+



sudo  more /etc/freeradius/3.0/mods-available/sql | grep "#" -v | grep -v "^[[:space:]]*$"


Code Block
titledefault config sql
collapsetrue
root@server01:/etc/freeradius/3.0/mods-enabled# more /etc/freeradius/3.0/mods-enabled/sql | grep "#" -v | grep -v "^[[:space:]]*$"
sql {
        dialect = "sqlite"
        driver = "rlm_sql_null"
        sqlite {
                filename = "/tmp/freeradius.db"
                busy_timeout = 200
                bootstrap = "${modconfdir}/${..:name}/main/sqlite/schema.sql"
        }
        mysql {
                tls {
                        ca_file = "/etc/ssl/certs/my_ca.crt"
                        ca_path = "/etc/ssl/certs/"
                        certificate_file = "/etc/ssl/certs/private/client.crt"
                        private_key_file = "/etc/ssl/certs/private/client.key"
                        cipher = "DHE-RSA-AES256-SHA:AES128-SHA"
                        tls_required = yes
                        tls_check_cert = no
                        tls_check_cert_cn = no
                }
                warnings = auto
        }
        postgresql {
                send_application_name = yes
        }
        mongo {
                appname = "freeradius"
                tls {
                        certificate_file = /path/to/file
                        certificate_password = "password"
                        ca_file = /path/to/file
                        ca_dir = /path/to/directory
                        crl_file = /path/to/file
                        weak_cert_validation = false
                        allow_invalid_hostname = false
                }
        }
        radius_db = "radius"
        acct_table1 = "radacct"
        acct_table2 = "radacct"
        postauth_table = "radpostauth"
        authcheck_table = "radcheck"
        groupcheck_table = "radgroupcheck"
        authreply_table = "radreply"
        groupreply_table = "radgroupreply"
        usergroup_table = "radusergroup"
        delete_stale_
sessions = yes pool { start = ${thread[pool].start_servers}
sessions = yes
        
min =
pool 
$
{
thread[pool].min_spare_servers}

                
max
start = ${thread[pool].
max
start_servers}
                
spare
min = ${thread[pool].
max
min_spare_servers}
                
uses
max = 
0 retry_delay = 30
${thread[pool].max_servers}
     
lifetime
 
=
 
0
         spare = ${thread[pool].max_spare_servers}
     
idle_timeout
 
=
 
60
         
}
uses = 0
      
client_table
 
=
 
"nas"
        
group
retry_
attribute
delay = 
"SQL-Group" $INCLUDE ${modconfdir}/${.:name}/main/${dialect}/queries.conf Changes

driver = "rlm_sql_${dialect}"

server = "localhost"
port = 3306
login = "radius"
password = "Str0ngR@diusPass"

Code Block
titleafter changes
collapsetrue
root@server01:/etc/freeradius/3.0/mods-enabled# more /etc/freeradius/3.0/mods-enabled/sql | grep "#" -v | grep -v "^[[:space:]]*$" sql {
30
                lifetime = 0
                idle_timeout = 60
      
dialect
 
=
 
"sqlite"
}
        
driver
client_table = 
"rlm_sql_${dialect}
"nas"
        
sqlite
group_attribute 
{
= "SQL-Group"
        $INCLUDE 
filename = "/tmp/freeradius.db" busy_timeout = 200 bootstrap = "${modconfdir}/${..:name}/main/sqlite/schema.sql" } mysql {
${modconfdir}/${.:name}/main/${dialect}/queries.conf


Changes

dialect = "mysql"

driver = "rlm_sql_${dialect}"

server = "localhost"
port = 3306
login = "radius"
password = "Str0ngR@diusPass"

read_clients = yes     (un-hash this line )

>> hashed all the tls config


Code Block
titleafter changes
collapsetrue
root@server01:/etc/freeradius/3.0/mods-enabled# more /etc/freeradius/3.0/mods-enabled/sql | grep "#" -v | grep -v "^[[:space:]]*$"
sql {
        dialect = "mysql"
        driver = 
tls {
"rlm_sql_${dialect}"
        sqlite {
                
ca_file
filename = "/
etc/ssl/certs/my_ca.crt"
tmp/freeradius.db"
         
ca_path
 
=
 
"/etc/ssl/certs/"
     busy_timeout = 200
                bootstrap 
certificate_file
= "
/etc/ssl/certs/private/client.crt
${modconfdir}/${..:name}/main/sqlite/schema.sql"
        }
        
private_key_file = "/etc/ssl/certs/private/client.key"
mysql {
                warnings = auto
        
cipher
}
=
 
"DHE-RSA-AES256-SHA:AES128-SHA"
       postgresql {
                
tls
send_application_
required
name = yes
        }
        mongo {
     
tls_check_cert = no
           appname = "freeradius"
                tls
_check_cert_cn = no
 {
                       
}
 certificate_file = /path/to/file
             
warnings
 
=
 
auto
         
}
certificate_password = "password"
      
postgresql
 
{
                 
send
ca_
application_name
file = 
yes
/path/to/file
        
}
         
mongo
 
{
      ca_dir = /path/to/directory
        
appname
 
=
 
"freeradius"
              crl_file 
tls {
= /path/to/file
                  
certificate_file
 
= /path/to/file
     weak_cert_validation = false
                 
certificate_password
 
=
 
"password"
     allow_invalid_hostname = false
                }
ca_file
 
=
 
/path/to/file
      }
        server = "localhost"
       
ca_dir
 port =
/path/to/directory
 3306
        login = "radius"
        password = "Str0ngR@diusPass"
   
crl_file
 
=
 
/path/to/file
   radius_db = "radius"
        acct_table1 = "radacct"
        
weak
acct_
cert_validation
table2 = 
false
"radacct"
        postauth_table = "radpostauth"
        authcheck_table = "radcheck"
  
allow_invalid_hostname = false
      groupcheck_table = "radgroupcheck"
        authreply_table = "radreply"
 
}
       groupreply_table = 
}
"radgroupreply"
        
server
usergroup_table = "
localhost
radusergroup"
        
port
delete_stale_sessions = 
3306
yes
        
login
pool {
=
 
"radius"
         
password
 
=
 
"Str0ngR@diusPass"
    start = ${thread[pool].start_servers}
  
radius_db
 
=
 
"radius"
         
acct_table1
 
=
 
"radacct"
 min = ${thread[pool].min_spare_servers}
     
acct_table2
 
=
 
"radacct"
         
postauth_table
max = 
"radpostauth"
${thread[pool].max_servers}
        
authcheck_table
 
=
 
"radcheck"
      spare = 
groupcheck_table = "radgroupcheck"
${thread[pool].max_spare_servers}
           
authreply_table
 
=
 
"radreply"
   uses = 0
   
groupreply_table
 
=
 
"radgroupreply"
         
usergroup_table
 
= "radusergroup"
 retry_delay = 30
      
delete_stale_sessions
 
=
 
yes
        lifetime 
pool
= 
{
0
                
start
idle_timeout = 
${thread[pool].start_servers}
60
        }
        
min
read_clients = 
${thread[pool].min_spare_servers}
yes
        client_table = "nas"
      
max
 
= ${thread[pool].max_servers}
 group_attribute = "SQL-Group"
        $INCLUDE ${modconfdir}/${.:name}/main/${dialect}/queries.conf
}



ln 
spare = ${thread[pool].max_spare_servers}
-s /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-enabled/
Change the group
sudo chgrp -h freerad /etc/freeradius/3.0/mods-available/sql
sudo chown -R freerad:freerad /etc/freeradius/3.0/mods-enabled/sql
restart and check status
sudo systemctl restart freeradius     
uses
 
=
 
0
        # may be 
retry_delay = 30 lifetime = 0 idle_timeout = 60
could use:   freeradius.service
sudo systemctl status freeradius
Test freeradius
Check freeradius database

mysql -u radius -p radius

password:   Str0ngR@diusPass


insert into radcheck (id,username,attribute,op,value) values("1", "demouser", "Cleartext-Password", ":=", "demopass");

select * from radcheck where id="1";


Code Block
titleradtest
root@container01:~# radtest demouser demopass localhost 10 testing123
Sent Access-Request Id 61 from 0.0.0.0:44968 to 127.0.0.1:1812 length 78
        User-Name = 
}
"demouser"
        
read_clients
User-Password = 
yes
"demopass"
        
client_table
NAS-IP-Address = 
"nas"
192.168.0.21
        
group_attribute
NAS-Port =
"SQL-Group"
 10
        Message-Authenticator = 0x00
  
$INCLUDE
 
${modconfdir}/${.:name}/main/${dialect}/queries.conf
 
}
  
Change the groupsudo
 
chgrp
 
-h freerad /etc/freeradius/3.0/mods-available/sql sudo chown -R freerad:freerad /etc/freeradius/3.0/mods-enabled/sqlrestartsudo systemctl restart freeradius.service
Cleartext-Password = "demopass"
Received Access-Accept Id 61 from 127.0.0.1:1812 to 127.0.0.1:44968 length 20
root@container01:~#




Install and Configure Daloradius on Ubuntu

sudo apt -y install wget unzip
wget https://github.com/lirantal/daloradius/archive/master.zip
unzip master.zip
mv daloradius-master daloradius

cd daloradius

sudo mysql -u root -p radius < contrib/db/fr2-mysql-daloradius-and-freeradius.sql 
sudo mysql -u root -p radius < contrib/db/mysql-daloradius.sql
Configure daloRADIUS database connection details:
cd ..
sudo mv daloradius /var/www/html/

cd /var/www/html/daloradius/library/

cp daloradius.conf.php.sample daloradius.conf.php


sudo chown -R www-data:www-data /var/www/html/daloradius/
sudo chmod 664 /var/www/html/daloradius/library/daloradius.conf.php
change the config file
sudo vim /var/www/html/daloradius/library/daloradius.conf.php

$configValues['CONFIG_DB_ENGINE'] = 'mysql';
$configValues['CONFIG_DB_USER'] = 'radius'; $configValues['CONFIG_DB_PASS'] = 'Str0ngR@diusPass';

sudo systemctl restart freeradius # may be could use: freeradius.service
sudo systemctl status freeradius

http://192.168.0.
10
21/daloradius/index.php
log into DaloRadius
Username: administrator
Password: radius
test and enable freeradius to start after boot up



systemctl enable --now freeradius