tag:blogger.com,1999:blog-20436320827007197712024-03-21T01:01:24.500-07:00Server DumpDump information about server, windows, linux, centos, ubuntu, etc.Anonymoushttp://www.blogger.com/profile/03591204672321477468noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-2043632082700719771.post-63009268030024305842013-02-16T21:04:00.002-08:002013-02-16T21:04:38.030-08:00Step by step install FreeRADIUS with MySQL on CENTOS 5<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhv6bl3ypgxPCA39FECwtF_q8ka9TzsQteMeN6r_Wq-Vuz6zRnTpIrxNTyhLQgz753Xe2sbG57K7rM1UCXQlG47C7G8A_mvAd8RAjiiqcJOfQy2jfF2A8ji8ssn1KhoxRG0Ex9ZfI0Q9-A/s1600/radius.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="install freeradius with mysql database on centos 5, step by step guide" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhv6bl3ypgxPCA39FECwtF_q8ka9TzsQteMeN6r_Wq-Vuz6zRnTpIrxNTyhLQgz753Xe2sbG57K7rM1UCXQlG47C7G8A_mvAd8RAjiiqcJOfQy2jfF2A8ji8ssn1KhoxRG0Ex9ZfI0Q9-A/s1600/radius.png" title="" /></a></div>
<br />
This is step by step guide to install FreeRadius on CENTOS 5. Follow the procedure below to get started with your Freeradius server.<br />
<br />
<b>INTRODUCTION</b><br />
<b><br /></b>
FreeRADIUS is the most popular open source RADIUS server and the most widely deployed RADIUS server in the world.[2] It supports all common authentication protocols, and the server comes with a PHP-based web user administration tool called dialupadmin. It is the basis for many commercial RADIUS products and services, such as embedded systems, RADIUS appliances that support Network Access Control, and WiMAX. It supplies the AAA needs of many Fortune-500 companies, telcos, and Tier 1 ISPs. It is also widely used in the academic community, including eduroam. The server is fast, feature-rich, modular, and scalable. The currently shipping stable version is 2.2.0.<br />
<br />
<b>INSTALL GUIDE</b><br />
<br />
I hope you already familiar with linux environment, the following procedure can be done via ssh command prompt. (I dont know if you have a better way)<br />
<br />
First, logon to your CENTOS server via ssh with your root user and password. Then....you may start these instruction in command line mode :<br />
<blockquote class="tr_bq">
<pre style="background-color: whitesmoke; border-left-color: rgb(102, 153, 255); border-left-style: solid; border-left-width: 4px; color: #747474; font-size: 13px; line-height: 20px; margin-bottom: 1.7em; margin-left: 0.3em; margin-top: 1.7em; overflow: auto; padding: 0.1em 0.5em 0.3em 0.7em; width: 622.15625px;">yum install freeradius2 freeradius2-mysql freeradius2-utils -y</pre>
</blockquote>
Then we need to prepare the radius database, which only could be done if you already install and run MySQL server. If not yet, then just install it first, its easy:<br />
<blockquote class="tr_bq">
<pre style="background-color: whitesmoke; border-left-color: rgb(102, 153, 255); border-left-style: solid; border-left-width: 4px; color: #747474; font-size: 13px; line-height: 20px; margin-bottom: 1.7em; margin-left: 0.3em; margin-top: 1.7em; overflow: auto; padding: 0.1em 0.5em 0.3em 0.7em; width: 622.15625px;">yum install mysql
service mysqld start</pre>
</blockquote>
Now, get inside mysql server by login with root account (if you login for the first time, you dont need a password. Otherwise you'll be prompted to enter new password for root)<br />
<blockquote class="tr_bq">
<pre style="background-color: whitesmoke; border-left-color: rgb(102, 153, 255); border-left-style: solid; border-left-width: 4px; color: #747474; font-size: 13px; line-height: 20px; margin-bottom: 1.7em; margin-left: 0.3em; margin-top: 1.7em; overflow: auto; padding: 0.1em 0.5em 0.3em 0.7em; width: 622.15625px;">mysql -uroot -p</pre>
</blockquote>
Create RADIUS database with these commands :<br />
<blockquote class="tr_bq">
<pre style="background-color: whitesmoke; border-left-color: rgb(102, 153, 255); border-left-style: solid; border-left-width: 4px; color: #747474; font-size: 13px; line-height: 20px; margin-bottom: 1.7em; margin-left: 0.3em; margin-top: 1.7em; overflow: auto; padding: 0.1em 0.5em 0.3em 0.7em; width: 622.15625px;">CREATE DATABASE radius;
GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radpass";
flush privileges;</pre>
</blockquote>
Now, we need to import database with tables schema for radius, which already provided by the freeradius installation files:<br />
<blockquote class="tr_bq">
<pre style="background-color: whitesmoke; border-left-color: rgb(102, 153, 255); border-left-style: solid; border-left-width: 4px; color: #747474; font-size: 13px; line-height: 20px; margin-bottom: 1.7em; margin-left: 0.3em; margin-top: 1.7em; overflow: auto; padding: 0.1em 0.5em 0.3em 0.7em; width: 622.15625px;">mysql> use radius;
SOURCE /etc/raddb/sql/mysql/schema.sql;
exit</pre>
</blockquote>
*Note: you may import db schema from another source, e.g. from daloRADIUS or PHPMyPrepaid installation files, which later will be explained on the next articles.<br />
<br />
<br />
<b>Create Test User</b><br />
<b><br /></b>
Inside the mysql, do the following command (in one continuous line, not separated by ENTER):<br />
<blockquote class="tr_bq">
<pre style="background-color: whitesmoke; border-left-color: rgb(102, 153, 255); border-left-style: solid; border-left-width: 4px; color: #747474; font-size: 13px; line-height: 20px; margin-bottom: 1.7em; margin-left: 0.3em; margin-top: 1.7em; overflow: auto; padding: 0.1em 0.5em 0.3em 0.7em; width: 622.15625px;">INSERT INTO `radcheck` (`username` ,`attribute` ,`op` ,`value` )
VALUES (NULL , 'testuser', 'User-Password', ':=', 'testpassword');</pre>
</blockquote>
<br />
<b>Tweaking Configs</b><br />
<b><br /></b>
The next thing to do is tweaking radius configurations. (The files we want to edit are radiusd.conf, sql.conf, and clients.conf)<br />
<br />
Now open up /etc/raddb/radiusd.conf with your favourite text editor such as 'nano'. (in case you didn't install nano, then do: yum install nano -y)<br />
<blockquote class="tr_bq">
<pre style="background-color: whitesmoke; border-left-color: rgb(102, 153, 255); border-left-style: solid; border-left-width: 4px; color: #747474; font-size: 13px; line-height: 20px; margin-bottom: 1.7em; margin-left: 0.3em; margin-top: 1.7em; overflow: auto; padding: 0.1em 0.5em 0.3em 0.7em; width: 622.15625px;">yum install nano -y</pre>
</blockquote>
<blockquote class="tr_bq">
<pre style="background-color: whitesmoke; border-left-color: rgb(102, 153, 255); border-left-style: solid; border-left-width: 4px; color: #747474; font-size: 13px; line-height: 20px; margin-bottom: 1.7em; margin-left: 0.3em; margin-top: 1.7em; overflow: auto; padding: 0.1em 0.5em 0.3em 0.7em; width: 622.15625px;">nano /etc/raddb/radiusd.conf</pre>
</blockquote>
here you have to uncomment this line: <br />
<blockquote class="tr_bq">
<pre style="background-color: whitesmoke; border-left-color: rgb(102, 153, 255); border-left-style: solid; border-left-width: 4px; color: #747474; font-size: 13px; line-height: 20px; margin-bottom: 1.7em; margin-left: 0.3em; margin-top: 1.7em; overflow: auto; padding: 0.1em 0.5em 0.3em 0.7em; width: 622.15625px;">$INCLUDE sql.conf</pre>
</blockquote>
move to next file, open up /etc/raddb/sql.conf and edit the following lines to suite your server :<br />
<blockquote class="tr_bq">
<pre style="background-color: whitesmoke; border-left-color: rgb(102, 153, 255); border-left-style: solid; border-left-width: 4px; color: #747474; font-size: 13px; line-height: 20px; margin-bottom: 1.7em; margin-left: 0.3em; margin-top: 1.7em; overflow: auto; padding: 0.1em 0.5em 0.3em 0.7em; width: 622.15625px;"> # Connection info:
server = "localhost"
#port = 3306
login = "radius"
password = "radpass"
# Database table configuration for everything except Oracle
radius_db = "radius"</pre>
</blockquote>
also you must edit etc/raddb/sites-available/default and uncommented line that begin with 'sql' under the authorize {}, accounting {}, and session {} sections.<br />
<br />
Additionally, edit /etc/raddb/sites-available/inner-tunnel and uncomment all line that contain 'sql' as well.<br />
<br />
Next, go to /etc/raddb/clients.conf, open it with nano and edit :<br />
<blockquote class="tr_bq">
<pre style="background-color: whitesmoke; border-left-color: rgb(102, 153, 255); border-left-style: solid; border-left-width: 4px; color: #747474; font-size: 13px; line-height: 20px; margin-bottom: 1.7em; margin-left: 0.3em; margin-top: 1.7em; overflow: auto; padding: 0.1em 0.5em 0.3em 0.7em; width: 622.15625px;"> secret = testing</pre>
</blockquote>
you have to edit 'testing' to something more <i>secret</i> like 'jamesbondcode8982323'.<br />
<br />
still on clients.conf, search for line that looks exactly like:<br />
<blockquote class="tr_bq">
<pre style="background-color: whitesmoke; border-left-color: rgb(102, 153, 255); border-left-style: solid; border-left-width: 4px; color: #747474; font-size: 13px; line-height: 20px; margin-bottom: 1.7em; margin-left: 0.3em; margin-top: 1.7em; overflow: auto; padding: 0.1em 0.5em 0.3em 0.7em; width: 622.15625px;"># coa_server = coa
}</pre>
</blockquote>
enter the following block below those lines :<br />
<blockquote class="tr_bq">
<pre style="background-color: whitesmoke; border-left-color: rgb(102, 153, 255); border-left-style: solid; border-left-width: 4px; color: #747474; font-size: 13px; line-height: 20px; margin-bottom: 1.7em; margin-left: 0.3em; margin-top: 1.7em; overflow: auto; padding: 0.1em 0.5em 0.3em 0.7em; width: 622.15625px;">client VPN Server IP HERE {
secret = YOUR SECRET HERE
shortname = yourVPN
nastype = other
}</pre>
</blockquote>
the above block is to tell the radius server that there is a radius client that will ask for permission to authenticate using radius server's services. the Radius Client could be localhost computer or a computer elsewhere in the world connected via internet. Here you must enter IP Address of client and the secret.<br />
<br />
Now your server is ready (hopefully), but we must make sure that all configuration is correct and working well. Do a radius test like this:<br />
<br />
<b>RADIUS TEST</b><br />
<br />
Run your radius in debug mode :<br />
<blockquote class="tr_bq">
<pre style="background-color: whitesmoke; border-left-color: rgb(102, 153, 255); border-left-style: solid; border-left-width: 4px; color: #747474; font-size: 13px; line-height: 20px; margin-bottom: 1.7em; margin-left: 0.3em; margin-top: 1.7em; overflow: auto; padding: 0.1em 0.5em 0.3em 0.7em; width: 622.15625px;">radiusd -X</pre>
</blockquote>
Then, open another ssh to run the radtest, by running this command:<br />
<blockquote class="tr_bq">
<pre style="background-color: whitesmoke; border-left-color: rgb(102, 153, 255); border-left-style: solid; border-left-width: 4px; color: #747474; font-size: 13px; line-height: 20px; margin-bottom: 1.7em; margin-left: 0.3em; margin-top: 1.7em; overflow: auto; padding: 0.1em 0.5em 0.3em 0.7em; width: 622.15625px;"><span style="background-color: transparent;"> radtest testuser testpassword localhost 1812 jamesbondcode8982323</span></pre>
</blockquote>
You should see the server respond with an Access-Accept. If it doesn't, the debug log will show why. Paste the output into the debug form, and a colorized HTML version will be produced. Look for red or yellow text, and read the messages.<br />
<br />
If you do see an Access-Accept, then congratulations, your radius is ready...Anonymoushttp://www.blogger.com/profile/03591204672321477468noreply@blogger.com