Step by step install FreeRADIUS with MySQL on CENTOS 5

Paimin Share | 9:04 PM | 0 comments
install freeradius with mysql database on centos 5, step by step guide

This is step by step guide to install FreeRadius on CENTOS 5. Follow the procedure below to get started with your Freeradius server.


FreeRADIUS is the most popular open source RADIUS server and the most widely deployed RADIUS server in the world.[2] It supports all common authentication protocols, and the server comes with a PHP-based web user administration tool called dialupadmin. It is the basis for many commercial RADIUS products and services, such as embedded systems, RADIUS appliances that support Network Access Control, and WiMAX. It supplies the AAA needs of many Fortune-500 companies, telcos, and Tier 1 ISPs. It is also widely used in the academic community, including eduroam. The server is fast, feature-rich, modular, and scalable. The currently shipping stable version is 2.2.0.


I hope you already familiar with linux environment, the following procedure can be done via ssh command prompt. (I dont know if you have a better way)

First, logon to your CENTOS server via ssh with your root user and password. may start these instruction in command line mode :
yum install freeradius2 freeradius2-mysql freeradius2-utils -y
Then we need to prepare the radius database, which only could be done if you already install and run MySQL server. If not yet, then just install it first, its easy:
yum install mysql

service mysqld start
Now, get inside mysql server by login with root account (if you login for the first time, you dont need a password. Otherwise you'll be prompted to enter new password for root)
mysql -uroot -p
Create RADIUS database with these commands :

GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radpass";

flush privileges;
Now, we need to import database with tables schema for radius, which already provided by the freeradius installation files:
mysql> use radius;

SOURCE /etc/raddb/sql/mysql/schema.sql;

 *Note: you may import db schema from another source, e.g. from daloRADIUS or PHPMyPrepaid installation files, which later will be explained on the next articles.

Create Test User

Inside the mysql, do the following command (in one continuous line, not separated by ENTER):
INSERT INTO `radcheck` (`username` ,`attribute` ,`op` ,`value` )
VALUES (NULL , 'testuser', 'User-Password', ':=', 'testpassword');

Tweaking Configs

The next thing to do is tweaking radius configurations. (The files we want to edit are radiusd.conf, sql.conf, and clients.conf)

Now open up /etc/raddb/radiusd.conf with your favourite text editor such as 'nano'. (in case you didn't install nano, then do: yum install nano -y)
yum install nano -y
nano /etc/raddb/radiusd.conf
here you have to uncomment this line:
$INCLUDE  sql.conf
move to next file, open up /etc/raddb/sql.conf and edit the following lines to suite your server :
	# Connection info:
	server = "localhost"
	#port = 3306
	login = "radius"
	password = "radpass"

	# Database table configuration for everything except Oracle
	radius_db = "radius"
also you must edit etc/raddb/sites-available/default and uncommented line that begin with 'sql' under the authorize {}, accounting {}, and session {} sections.

Additionally, edit /etc/raddb/sites-available/inner-tunnel and uncomment all line that contain 'sql' as well.

Next, go to /etc/raddb/clients.conf, open it with nano and edit :
	secret		= testing
you have to edit 'testing' to something more secret like 'jamesbondcode8982323'.

still on clients.conf, search for line that looks exactly like:
#	coa_server = coa
enter the following block below those lines :
client VPN Server IP HERE {
	shortname	= yourVPN
        nastype         = other
the above block is to tell the radius server that there is a radius client that will ask for permission to authenticate using radius server's services. the Radius Client could be localhost computer or a computer elsewhere in the world connected via internet. Here you must enter IP Address of client and the secret.

Now your server is ready (hopefully), but we must make sure that all configuration is correct and working well. Do a radius test like this:


Run your radius in debug mode :
radiusd -X
 Then, open another ssh to run the radtest, by running this command:
 radtest testuser testpassword localhost 1812 jamesbondcode8982323
You should see the server respond with an Access-Accept. If it doesn't, the debug log will show why. Paste the output into the debug form, and a colorized HTML version will be produced. Look for red or yellow text, and read the messages.

If you do see an Access-Accept, then congratulations, your radius is ready...
Copyright © 2013. Server Dump - All Rights Reserved
Template Modify by Creating Website
Proudly powered by Blogger