This is step by step guide to install FreeRadius on CENTOS 5. Follow the procedure below to get started with your Freeradius server.
INTRODUCTION
FreeRADIUS is the most popular open source RADIUS server and the most widely deployed RADIUS server in the world.[2] It supports all common authentication protocols, and the server comes with a PHP-based web user administration tool called dialupadmin. It is the basis for many commercial RADIUS products and services, such as embedded systems, RADIUS appliances that support Network Access Control, and WiMAX. It supplies the AAA needs of many Fortune-500 companies, telcos, and Tier 1 ISPs. It is also widely used in the academic community, including eduroam. The server is fast, feature-rich, modular, and scalable. The currently shipping stable version is 2.2.0.
INSTALL GUIDE
I hope you already familiar with linux environment, the following procedure can be done via ssh command prompt. (I dont know if you have a better way)
First, logon to your CENTOS server via ssh with your root user and password. Then....you may start these instruction in command line mode :
Then we need to prepare the radius database, which only could be done if you already install and run MySQL server. If not yet, then just install it first, its easy:yum install freeradius2 freeradius2-mysql freeradius2-utils -y
Now, get inside mysql server by login with root account (if you login for the first time, you dont need a password. Otherwise you'll be prompted to enter new password for root)yum install mysql service mysqld start
Create RADIUS database with these commands :mysql -uroot -p
Now, we need to import database with tables schema for radius, which already provided by the freeradius installation files:CREATE DATABASE radius; GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radpass"; flush privileges;
*Note: you may import db schema from another source, e.g. from daloRADIUS or PHPMyPrepaid installation files, which later will be explained on the next articles.mysql> use radius; SOURCE /etc/raddb/sql/mysql/schema.sql; exit
Create Test User
Inside the mysql, do the following command (in one continuous line, not separated by ENTER):
INSERT INTO `radcheck` (`username` ,`attribute` ,`op` ,`value` ) VALUES (NULL , 'testuser', 'User-Password', ':=', 'testpassword');
Tweaking Configs
The next thing to do is tweaking radius configurations. (The files we want to edit are radiusd.conf, sql.conf, and clients.conf)
Now open up /etc/raddb/radiusd.conf with your favourite text editor such as 'nano'. (in case you didn't install nano, then do: yum install nano -y)
yum install nano -y
here you have to uncomment this line:nano /etc/raddb/radiusd.conf
move to next file, open up /etc/raddb/sql.conf and edit the following lines to suite your server :$INCLUDE sql.conf
also you must edit etc/raddb/sites-available/default and uncommented line that begin with 'sql' under the authorize {}, accounting {}, and session {} sections.# Connection info: server = "localhost" #port = 3306 login = "radius" password = "radpass" # Database table configuration for everything except Oracle radius_db = "radius"
Additionally, edit /etc/raddb/sites-available/inner-tunnel and uncomment all line that contain 'sql' as well.
Next, go to /etc/raddb/clients.conf, open it with nano and edit :
you have to edit 'testing' to something more secret like 'jamesbondcode8982323'.secret = testing
still on clients.conf, search for line that looks exactly like:
enter the following block below those lines :# coa_server = coa }
the above block is to tell the radius server that there is a radius client that will ask for permission to authenticate using radius server's services. the Radius Client could be localhost computer or a computer elsewhere in the world connected via internet. Here you must enter IP Address of client and the secret.client VPN Server IP HERE { secret = YOUR SECRET HERE shortname = yourVPN nastype = other }
Now your server is ready (hopefully), but we must make sure that all configuration is correct and working well. Do a radius test like this:
RADIUS TEST
Run your radius in debug mode :
Then, open another ssh to run the radtest, by running this command:radiusd -X
radtest testuser testpassword localhost 1812 jamesbondcode8982323
You should see the server respond with an Access-Accept. If it doesn't, the debug log will show why. Paste the output into the debug form, and a colorized HTML version will be produced. Look for red or yellow text, and read the messages.If you do see an Access-Accept, then congratulations, your radius is ready...