FreeRadius + Daloradius + Ubuntu Server – Configuration
Introduction
FreeRADIUS is the most popular open source RADIUS server and the most widely deployed RADIUS server in the world. It supports all common authentication protocols, and the server comes with a PHP-based web user administration tool called dialupadmin. It supplies the AAA needs of many Fortune-500 companies.
daloRADIUS is an advanced RADIUS web management application aimed at managing hotspots and general-purpose ISP deployments. It features user management, graphical reporting, accounting, a billing engine and integrates with GoogleMaps for geo-locating.
Knowledge needed:
– Basic Linux commands
– Networking understanding
Software used:
OS: Ubuntu Server 14.04.1 LTS
VMware Player (LAN Bridge Connection)
Daloradius 0.9.9
LAMP
Hardware used:
AP TPLink, Model TL- MR3420
1. Installing LAMP
– Ubuntu Server, after installation: sudo apt-get update & sudo apt-get upgrade need to be apply.
– Apache2: sudo apt-get install apache2
– PHP5: sudo apt-get install php5 & restart apache2: sudo service apache2 restart
– MySql server: sudo apt-get install mysql-server
When it asks for root password, give any password of your choice and note it.
Now we need to install another packet, so that Php5 and Mysql can understand each other.
sudo apt-get install php5-mysql
sudo service apache2 restart
Obs! A small error will appear to fix that, insert
ServerName localhost
in either httpd.conf or apache2.conf in /etc/apache2 and restart apache the notice will disappear.
If you have a name inside /etc/hostname you can also use that name instead of localhost.
2. Install & Configure FreeRadius
sudo apt-get install freeradius freeradius-mysql freeradius-utils
Next will open /etc/freeradius/eap.conf, to make some configurations:
sudo nano /etc/freeradius/eap.conf
default_eap_type = peap (need to be peap, DO NOT CHANGE in TTLS section)
now we will make some changes in /etc/freeradius/modules/mschap
sudo nano /etc/freeradius/modules/mschap
umcomment and change values, like how is shown bellow:
use_mppe = yes
require_encryption = yes
require_strong = yes
with_ntdomain_hack = yes
Save the files and issue this command line: sudo ldconfig
3. Create Mysql database for authentication
– NAS authentication
$: mysql -u root -p
mysql> create database radius;
mysql> create user ‘freeradius’@’localhost’ identified by ‘radius123’;
mysql> grant all on radius.* to ‘freeradius’@’localhost’ identified by ‘radius123’;
mysql> flush privileges;
mysql> exit;
Now we will import freeradius schema to our database. It is in /etc/freeradius/sql/mysql/
mysql -u freeradius -p radius < /etc/freeradius/sql/mysql/schema.sql
mysql -u freeradius -p radius < /etc/freeradius/sql/mysql/nas.sql
Enter the password for mysql user freeradius, which is radius123.
If it gives some problem with rights, then issue following commands before issuing above commands.
sudo chmod 777 /etc/freeradius/sql/mysql/schema.sql
sudo chmod 777 /etc/freeradius/sql/mysql/nas.sql
Next step is to change freeradius for mysql, open /etc/freeradius/sites-available/default
sudo nano /etc/freeradius/sites-available/default
uncomment the following line
in authorize section uncomment sql
in session section uncomment sql
in post-auth section uncomment sql
in accounting section uncomment sql
and comment files in authorize section #files
save and exit. Next, modify the login and the password:
sudo nano /etc/freeradius/sql.conf
login = "freeradius"
password = "radius123"
and uncomment readclients = yes
save and exit, next will uncomment the fallowing lines from:
sudo nano /etc/freeradius/radiusd.conf
$INCLUDE sql.conf
$INCLUDE sql/mysql/counter.conf
save and open:
sudo nano /etc/freeradius/sites-available/inner-tunnel
in authorize section uncomment sql
save, exit and restart freeradius.
sudo service freeradius restart
4. Install & Configure Daloradius
– Extra packages needed: sudo apt-get install php-db php-pear php5-gd
– Download Daloradius:
wget http://sourceforge.net/projects/daloradius/files/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz
tar zxvf daloradius-0.9-9.tar.gz
– import the daloradius schema to our radius database, password radius123.
mysql -u freeradius -p radius < daloradius-0.9-9/contrib/db/fr2-mysql-daloradius-and-freeradius.sql
– enter the database username and password:
sudo nano daloradius-0.9-9/library/daloradius.conf.php
$configValues[‘CONFIG_DB_USER’] = ‘freeradius’;
$configValues[‘CONFIG_DB_PASS’] = ‘radius123’;
Now will move Daloradius:
sudo mv daloradius-0.9-9 /var/www/html/daloradius
Before to test it install phpmyadmin: sudo apt-get install phpmyadmin
Obs! Chose apache2 and when you are ask to configure the phpmyadmin database, chose NO, database was already configured in the previous steps.
5. TESTING
Username is administrator and password is radius.
Create users and NAS and dont forget to restart freeradius after that.
sudo service freeradius restart
To find out your radius server IP address, use in terminal ifconfig
6. Point AP to the RADIUS Server for authentication:
Problems encounter:
– Freeradius PID ERROR on restarting
Solution: sudo killall freeradius & sudo service freeradius start
– Debug Mode : sudo freeradius -X
– NAS device is not added in the freeradius/clients.conf
Solution added manually: sudo nano /etc/freeradius/clients.conf
client 192.168.0.1/24 {
secret = asus
shortname =tp
}
Save and restart freeradius.
What does this part presents? “client 192.168.0.1/24”
in the manual settings on clients.conf
When you add “/24” will let know RADIUS server to allow connection from all of the IP range 192.168.0.1 to 192.168.0.256, where 192.168.0.1 is the NAS IP address or AP.
Hello,
Im getting error in this part
joey@joey-pc:/$ sudo mysql -u freeradius -p radius < /etc/freeradius/sql/mysql/schema.sql
bash: /etc/freeradius/sql/mysql/schema.sql: Permission denied
Try to use “radius123” as password.
In this setup there are some passwords that need to be defined and also usernames.
To not mess thing up take note for each username & password that you create and for what.
did you ever fix this? i hit the same error
sudo chmod 777 /etc/freeradius/sql/mysql/schema.sql
Haii,
There is 3 section in “eap.conf”, eap section, peap section and ttls section, so in which section should i change the “default_eap_type = peap”?
I choose to change the setting only in “peap” section, after all it’s works. Thank you.
Hello,
everything for me works fine between Freeradius and sql since I created a user and did the radtest to check if it works and that was successful but when I installed daloradius and did all the settings for it I am getting the following error while I am trying to login:
Database connection error
Error Message: DB Error: connect failed
Can you please help me to fix this error
Thanks
Hello,
I am getting error in freeradius -X
pid dynamically change in every second with +2,
Ex: ps ax | grep radius
2395 pts/1 s+ 0:00 grep –colour=auto radius
ps ax | grep radius
2397 pts/1 s+ 0:00 grep –colour=auto radius
how to solved blank page on daloradius after login ?
This is a thirt tutorial when a tried and NOT WORKS !
Bruno try to install directly the virtual machine from: http://www.daloradius.com/
They are different options available on their website if you have difficulties fallowing a tutorial.
the is no /etc/freeradius/sql/mysql/ in my setup…
maybe that’s the problem I can’t my setup to run because there isn’t any folders in there
I get the following error when we try to display the Radius Log in Daloradius:
Error reading log file:
Looked for log file in /var/log/freeradius/radius.log and /usr/local/var/log/radius/radius.log but couldn’t find it.
if you know where your freeradius log file is located, set it’s location in /daloradius/rep-logs-radius.php
I looked in the rep-logs-radius.php file but are not seeing where
I set the log location.
is this freeradius+daloradius setup is compatible with TP-LINK routers??
Yes, I use a TP-Link router myself.
I had perform all steps properly but it is not working
will u help me out in how to create NAS?? pls sir
Actually I done with all the given steps but still i struggling to find expected result.
Authentication is done.but what about accounting??pls give me a solution
pls give me some solution.accounting is not done after performing all the given steps
Daloradius is used only used for given access to users and devices. For more accounting options a more complex setup is necessary and access to router table.
Ok.Thank u sir
Sir ,
actually my radacct table is empty.how to update a radacct table??
pls guide me marcus sir for accounting.
Actually I am really interested in learning this concepts,thats why asking queries.will anybody help me out??
is it possible to update radacct table manually???
i have Server error 500 Help !!!
I need help!
Where should I edit the RADIUS server IP 127.0.0.1 to the address that enable the router to do … ?
to do what?
How can I generate certificate CA for Windows OS, step by step? Please you will be detailed.
Hello,
actually I done with all the given steps.my authentication is working but accounting is not working.
my radacct table is empty.how to update a radacct table??
Thanks in advance.
Hello,
I done with all the given steps.my authentication is working properly but accounting is not working.
My radacct table is showing empty.how to update radacct table??
pls guide me.
Thanks in advance.
Hi Thanks for the procedure it help me a lot kindly guide if i want google auth for two factor.
It works for android devices but i can’t connect from windows. Is there anything i should do to fix that?
Everything works great with android devices! It’s not working for windows 7. Is there anything i can do about it?
Thank you.
http://94.23.68.40/daloradius
I not found a specific step by step I’m getting everything I’ve correctly entered
Hi Daniel, When i am trying to create the user in freeradius through SQL, I get the below mentioned error. Please help me to fix it.
mysql> create user ‘freeradius’@’localhost’ identified by ‘radius123’;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘‘radius123’’ at line 1
did you by change get to solve the error as i am having the same error.
Can Daloradius provide acces via captive portal for LAN users?
It seems to have installed fine but the file “eap.conf” does not exist
however, there are a couple files named “eap” in /etc/freeradius/mods-available and /etc/freeradius/mods-enabled
looks like it has been renamed “eap and put in “mods-available” sub-directory (comments still say “eap.conf”)
for some reason changes made to the copy of a file in “mods-available” seem to be echoed in the copy in “mods-enabled”.
Hello Sir,
I have configure with freeradius+ubuntu+Daloradius. Now I log in daloradius but what is the next steps? Which IP can I provide to NAS… and How to create plan/ hotspot / batch/ group/ attributes and users..so plz help me…
@sujith sa kuttan hello my friend did you by change get to solved the error
create user ‘freeradius’@’localhost’ identified by ‘radius123’;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘‘radius123’’ at line 1
since i am getting the same error
please help
try to run this command,
grant all on radius.* to ‘freeradius’@’localhost’ identified by ‘radius123’;
If it is not solved, then create new user and do all step one by one…