How to install FreeRADIUS and Daloradius on Ubuntu 16.04 LTS server

FreeRADIUS is an open source solution under AAA Radius Linux, and DaloRadius is a graphical web management tool.

Freeradius is generally used for account authentication management, accounting management, common broadband accounts of telecom operators, Internet account management, and accounting, all of which use the radius server for authentication and accounting.
There are not many types of common radius servers. The more powerful one is the open source freeradius. Most of the radius servers in the world are developed based on freeradius.
Freeradius includes a radius server and radius-client, which can perform authentication and accounting for network devices that support the radius protocol. Common open source router operating systems: such as Openwrt, DD-wrt, etc., all support the radius protocol, for PPPOE, hotspots, and VPN Wait for the server to perform account management authentication and keep accounts.
Freeradius is very powerful and supports numerous databases.
Freeradius operation is slightly troublesome, built-in diaup_admin simple web management, you need a more simple and easy-to-use management function, you can use a third-party management program to perform account management, system configuration, etc.

Many friends who are just getting started will encounter various problems when setting up the environment. This article describes in detail the method of installing FreeRADIUS and Daloradius on the Ubuntu 16.04 LTS server, saving a lot of trouble for beginners.

1 sudo apt‐get update
2 sudo apt‐get upgrade

Restart the system after upgrading:

1 sudo reboot

After the system boots, install FreeRADIUS and Daloradius on the Ubuntu 16.04 system.

2. Install Apache Web Server and PHP

Daloradius will require PHP and Apache web server to be installed on the host system.

1. Install Apache on Ubuntu, run the following command to install Apache web server:

1 sudo apt‐get install apache2

2. To install PHP on Ubuntu 16.04, run the following command:

To install PHP 7.3 version, please refer to Installing PHP7.3 on Ubuntu 18.04 or CentOS 7 system: Click the following link to enter:
https://ywnz.com/linuxjc/3782.html

1 sudo apt‐get install php libapache2‐mod‐php php‐gd php‐common php‐mail \
2 php‐mail‐mime php‐mysql php‐pear php‐db php‐mbstring php‐xml php‐curl

3. Check the PHP version to make sure the installation is successful

1 php ‐v

Will output similar version information like this

1 PHP 7.0.33‐0ubuntu0.16.04.16 (cli) ( NTS )
2 Copyright (c) 1997‐2017 The PHP Group
3 Zend Engine v3.0.0, Copyright (c) 1998‐2017 Zend Technologies
4 with Zend OPcache v7.0.33‐0ubuntu0.16.04.16, Copyright (c) 1999‐2017, by Zend Technologies

Three, install MySQL and create a database

1. The next step is to install mysql server or MariaDB and create a database for daloRADIUS.

1 安装MYSQL命令:
2 sudo apt ‐y install mysql‐server

If you are prompted to enter the root password during the installation process, please enter the password as required, and then "OK". My temporary setting here is: 123456

If you are not prompted for a password, run the following command:

1 sudo mysql_secure_installation
2 如果您还没有设置密码,您将被要求设置密码,然后如果您想删除匿名用户,则禁止远程root
3 登录,删除测试数据库并重新加载表。除非你有其他的计划,并且知道你在做什么,否则我
4 建议你一直按Enter键。

2. After installing and running, create a database for FreeRADIUS, which will be used at a later stage:

Database name: radius
database user: radius
database user password: 123456

1 $ mysql ‐u root ‐p //进入mysql
2 MariaDB [(none)]> CREATE DATABASE radius; //创建一个数据库用户
3 Query OK, 1 row affected (0.000 sec)
4 // 设置数据库用户密码
5 MariaDB [(none)]> GRANT ALL ON radius.* TO [email protected] IDENTIFIED BY "123456";
6 Query OK, 0 rows affected (0.000 sec)
7 MariaDB [(none)]> FLUSH PRIVILEGES; //刷新MySQL的系统权限相关表
8 Query OK, 0 rows affected (0.001 sec)9 MariaDB [(none)]> EXIT; //退出
10 Bye

Fourth, install and configure FreeRADIUS

1. Due to the Ubuntu 16.04 system, version 2.x is the software package provided in the official repository. To install version 3.0, please add PPA for FreeRADIUS version 3:

1 sudo add‐apt‐repository ppa:freeradius/stable‐3.0
2 sudo apt‐get update

Install the following FreeRADIUS software packages:

1 sudo apt‐get install freeradius freeradius‐mysql freeradius‐utils
2 sudo ufw allow to any port 1812 proto udp
3 sudo ufw allow to any port 1813 proto udp

And run it in debug mode

1 sudo freeradius ‐X

The output should be very long and end with something like this

1 Listening on auth address * port 1812 bound to server default
2 Listening on acct address * port 1813 bound to server default
3 Listening on auth address :: port 1812 bound to server default
4 Listening on acct address :: port 1813 bound to server default
5 Listening on auth address 127.0.0.1 port 18120 bound to server inner‐tunnel
6 Listening on proxy address * port 42463
7 Listening on proxy address :: port 55492
8 Ready to process requests

Press Ctrl+C to exit debugging mode.

2. Check if there is a schema.sql file in the directory

1 cd /etc/freeradius/mods‐config/sql/main/mysql
2 find schema.sql

3 If you are prompted that the file is not found, it may be that the installation error is not generated or the directory level is different, you can try: find -name "schema.sql"

If you are prompted to find this file in the directory, import the freeradius MySQL database scheme:

1 sudo mysql ‐u root ‐p radius < /etc/freeradius/mods‐config/sql/main/mysql/schema.sql

3. Check the created table:

1 mysql ‐u root ‐p ‐e "use radius;show tables;"

Will display such a graphical output example

1 +‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐+
2 | Tables_in_radius |
3 +‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐+
4 | nas |
5 | radacct |
6 | radcheck |
7 | radgroupcheck |
8 | radgroupreply |
9 | radpostauth |
10 | radreply |
11 | radusergroup |
12 +‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐+
1 sudo ln ‐s /etc/freeradius/mods‐available/sql /etc/freeradius/mods‐enabled/

5. Configure the SQL module and change the database connection parameters to suit your environment:

1 sudo vim /etc/freeradius/mods‐enabled/sql

Your sql part should be similar to the following:
If you have a dedicated database server, please replace localhost with the IP of the source FreeRadius server:

1 sql {
2 driver = "rlm_sql_mysql"
3 dialect = "mysql"
4 # Connection info:
5 server = "localhost"
6 port = 33067 login = "radius"
8 password = "123456"
9 # Database table configuration for everything except Oracle
10 radius_db = "radius"
11 }
12 # Set to ‘yes’ to read radius clients from the database (‘nas’ table)
13 # Clients will ONLY be read on server startup.
14 read_clients = yes
15
16 # Table to keep radius client info
17 client_table = "nas"

6. Then change the group permissions of /etc/freeradius/mods-enabled/sql:

1 sudo chgrp ‐h freerad /etc/freeradius/mods‐available/sql
2 sudo chown ‐R freerad:freerad /etc/freeradius/mods‐enabled/sql

Restart the freeradius service:

1 sudo systemctl restart freeradius.service

Finally, we will run FreeRADIUS in debug mode to make sure everything is working properly.

7. First stop the currently running service

1 sudo systemctl stop freeradius.service

Run FreeRADIUS in debug mode

1 sudo freeradius ‐X

The end of the output should be like this

1 Listening on auth address * port 1812 bound to server default
2 Listening on acct address * port 1813 bound to server default
3 Listening on auth address :: port 1812 bound to server default
4 Listening on acct address :: port 1813 bound to server default
5 Listening on auth address 127.0.0.1 port 18120 bound to server inner‐tunnel
6 Listening on proxy address * port 55873
7 Listening on proxy address :: port 46059
8 Ready to process requests

Press Ctrl+C to exit debugging mode.

8. Restart the FreeRADIUS service.

1 sudo systemctl start freeradius.service

Five, install and configure Daloradius on Ubuntu 16.04

1. If wget and unzip are not installed, install wget and unzip

1 sudo apt ‐y install wget unzip

Download and unzip daloRADIUS and cd to the target folder, this folder is daloRADIUS-master

1 wget https://github.com/lirantal/daloradius/archive/master.zip
2 unzip daloradius‐master.zip
3 mv daloradius‐master/ daloradius
4 cd daloradius
5 若无法下载,可用浏览器打开https://github.com/lirantal/daloradius/archive/master.zip下载

2. We will fill the database used by FreeRADIUS with daloRADIUS mode. It is the database radius we created in the previous case.

1 sudo mysql ‐u root ‐p radius < contrib/db/fr2‐mysql‐daloradius‐and‐freeradius.sql
2 sudo mysql ‐u root ‐p radius < contrib/db/mysql‐daloradius.sql

Exit from the "daloradius" directory and move the folder to the document root directory and rename it to "daloradius"

1 cd ..
2 sudo mv daloradius /var/www/html/

3. Change the owner and group of the daloradius folder to www-data:www-data, which is the owner and group of running Apache Web Server.

1 sudo chown ‐R www‐data:www‐data /var/www/html/daloradius/

4. Next, we need to create a daloRADIUS configuration file. daloRADIUS provides a configuration file template named

It is /var/www/html/daloradius/library/daloradius.conf.php. We only copy samples.

1 sudo cp /var/www/html/daloradius/library/daloradius.conf.php.sample

/var/www/html/daloradius/library/daloradius.conf.php Change the permissions of the configuration file to 664

1 sudo chmod 664 /var/www/html/daloradius/library/daloradius.conf.php

5. Next, we will edit some values ​​in the daloRADIUS configuration file so that it connects to the database we created for FreeRADIUS.

1 sudo vim /var/www/html/daloradius/library/daloradius.conf.php

We will change the following values

1 $configValues['CONFIG_DB_USER'] = 'root';
2 $configValues['CONFIG_DB_PASS'] = '';
3 $configValues['CONFIG_DB_NAME'] = 'radius';

Here is how I modified them based on the database name, user and password created earlier.

1 $configValues['CONFIG_DB_USER'] = 'radius';
2 $configValues['CONFIG_DB_PASS'] = '123456';
3 $configValues['CONFIG_DB_NAME'] = 'radius'

6. Finally restart daloRADIUS and Apache

1 sudo systemctl restart freeradius.service apache2

Six, visit daloRADIUS

1. To access daloRADIUS, please visit the IP or domain name of the machine in the browser, then /daloRADIUS, for example https://your_server_ip/daloradius
unless you have configured SSL, please make sure it is http://, and browse The browser will not change it to https://, because this can happen sometimes.
This is what daloRADIUS looks like

The default login credentials are:
username: administrator
password: radius

Seven, test FreeRADIUS and daloRADIUS

1. The NAS (Network Access Server) client table acts as a gateway to protected resources. In order for another device to connect to our FreeRADIUS server,

To add it to the NAS client table.
We add the NAS client table by logging into the daloRADIUS dashboard. Then navigate to Management> NAS (in the blue submenu)> New
NAS (on the left, dark gray sidebar).
The minimum options we need to fill in are as follows

1 NAS IP/Host:你将连接的计算机的IP。
2 NAS Secret:密钥。
3 NAS Type:你可以在这里任意填写
4 NAS Shortname:方便您使用的短名称

I will fill in the following

2. Create a daloRADIUS user

In order to test our server, we also need a user.
Navigate to Management> Users (in the blue submenu)> New User (on the left, dark gray sidebar) by navigating in the top menu.
For our example, I will create a user with the following credentials

When creating a user, in addition to Username, Password, there are other fields available, but for our purposes, these are sufficient.

3. Run FreeRADIUS in debug mode

Next, we will run FreeRADIUS in debug mode so that we can see what happens when we send an authentication request to it.
First stop the running process.

1 sudo systemctl stop freeradius.service

Run FreeRADIUS in debug mode

1 sudo freeradius ‐X

Note: Every time a new NAS table is added, the FreeRADIUS server needs to be restarted so that it can obtain the updated table.

4. Use NTRadPing to test the FreeRADIUS server

A convenient way to test the server is to use a free Windows software called NTRadPing.
You can download
it here https://community.microfocus.com/t5/OES-Tips-Information/NTRadPing-1-5-RADIUS-TestUtility/ta-p/1777768 This is a direct link to the archive
https://community .microfocus.com/dcvta86296/attachments/dcvta86296/OES_Tips/148/1/ntradping.zip
This is a report by VirusTotal, so you know it is safe
https://www.virustotal.com/gui/file/e1b3318b884e4643a043ec5e3104638016c343c447424c244716ec5424c244fc1ec4f
Just unzip the archive file and run the executable file to run NTRadPing.

5. We will use NTRadPing to send an authentication request to a server running FreeRADIUS in debug mode.

We will fill in as follows

1 RADIUS Server/port:FreeRADIUS服务器的IP /端口1812
2 Reply timeout (sec.):1
3 Retries: 1
4 RADIUS Secret Key:testing1235 User‐Name:test_1
6 Password:A123456
7 选中CHAP复选框,这样请求使用CHAP密码,而不是PAP密码。
8 现在单击Send按钮发送身份验证请求。
9 如果您接收到Access‐Accept响应,那么我们可以假定它可以工作。

The output of NTRadPing should look like this

In a terminal running FreeRADIUS in debug mode, the output should end with something like this

I hope you have also successfully installed FreeRADIUS on ubuntu16.0.4, and installed and configured daloRADIUS, and then successfully tested the FreeRADIUS server
.

8. Common mistakes

Failed binding with auth address [ ] when running in debug mode

1 Failed binding to auth address * port 1812 bound to server default: Address already in use
2 /etc/freeradius/3.0/sites‐enabled/default[59]: Error binding to port for 0.0.0.0 port 1812

This error occurs when you try to run FreeRADIUS, but another FreeRADIUS instance is already running, so you need to run the following command to stop it

1 sudo systemctl stop freeradius.service

Hurry up and operate!