Installing and Configuring Freeradius
The first step is to Install Freeradius (ensure you already update your apt with apt-update)
$sudo apt-get install freeradius
* Starting FreeRADIUS daemon freeradius [ OK ]
Setting up freeradius-utils (2.1.10+dfsg-3build2) ...
Then prepare the database for freeradius. Create database radius and assign username and password for accessing it.
# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 51
Server version: 5.5.24-0ubuntu0.12.04.1 (Ubuntu)
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create database radius;
mysql> grant all on radius.* to radius@localhost identified by "thepassword";
Query OK, 0 rows affected (0.00 sec)
The next step was to insert the database schema and I realized that I could not find the database scheme in /etc/freeradius.
Obviously I should install freeradius-mysql package first.
#apt-get install freeradius-mysql
Setting up freeradius-mysql (2.1.10+dfsg-3build2) ...
* Reloading FreeRADIUS daemon freeradius [ OK ]
Then insert the database scheme
# mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql
Enter password:
# mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sql
Enter password:
Now we try to insert new user for testing purpose in database.
# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 72
Server version: 5.5.24-0ubuntu0.12.04.1 (Ubuntu)
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use radius;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('sqltest', 'Password', 'testpwd');
Query OK, 1 row affected (0.04 sec)
mysql> exit
Bye
The next step is we need to configure the Freeradius files.
Edit /etc/freeradius/sql.conf file. Setting database type, login and password that we already setup before.
# vim /etc/freeradius/sql.conf
database = mysql
login = radius
password = thepassword
readclients = yes
Then edit the /etc/freeradius/sites-enabled/default file
# vim /etc/freeradius/sites-enabled/default
Uncomment sql on authorize{}
# See “Authorization Queries” in sql.conf
sql
Uncomment sql on accounting{}
# See “Accounting queries” in sql.conf
sql
Uncomment sql on session{}
# See “Simultaneous Use Checking Queries” in sql.conf
sql
Uncomment sql on post-auth{}
# See “Authentication Logging Queries” in sql.conf
sql
Then we edit /etc/freeradius/radiusd.conf file
# vim /etc/freeradius/radiusd.conf
#Uncomment #$INCLUDE sql.conf
$INCLUDE sql.conf
To test our configuration, first we must stop the freeradius service (if already running)
# /etc/init.d/freeradius stop
* Stopping FreeRADIUS daemon freeradius [ OK ]
Then run this command to run freeradius in debugging mode. If there is no error, you are good to go.
#freeradius -X
On a new shell or window we tested the connection
$ radtest sqltest testpwd localhost 18128 testing123
Sending Access-Request of id 65 to 127.0.0.1 port 1812
User-Name = "sqltest"
User-Password = "testpwd"
NAS-IP-Address = 127.0.1.1
NAS-Port = 18128
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=65, length=20
The test running well with Accept response from the server.
To enable Mikrotik device to access our server we need to add client in clients.conf file.
#vim /etc/freeradius/clients.conf
client 10.0.0.0/8 {
secret = testingpassword
shortname = testing
nastype= mikrotik
}
*note: we need to stop freeradius -X and then running it again to test our configuration
Update (Jan 27, 2013): If we want to add specific value for Mikrotik, we need to add mikrotik dictionary
#vim /etc/freeradius/dictionary
Then add this line below
$INCLUDE /usr/share/freeradius/dictionary.mikrotik
Update (Jan 27, 2013): If we want to add specific value for Mikrotik, we need to add mikrotik dictionary
#vim /etc/freeradius/dictionary
Then add this line below
$INCLUDE /usr/share/freeradius/dictionary.mikrotik
Mikrotik Configuration
We need to configure our Mikrotik devices to use our new radius server. We need to login to Mikrotik device and configure the radius in Radius menu.
Below image is an example of our configuration.
*Note: we increase timeout settting to 3000ms to enable invalid login notifications. (not working with default 300ms)
Daloradius Installation
First, we need to download daloradius file
$wget http://downloads.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fdaloradius%2Ffiles%2F&ts=1345296201&use_mirror=nchc
Rename and extract the file
# tar xvfz daloradius-0.9-9.tar.gz
# mv daloradius-0.9-9 daloradius
Move the file to the web server directory. In this case I use apache on Ubuntu so the location is at /var/www
# mv daloradius-0.9-9 daloradius
# mv daloradius /var/www
Then we need to setup the database. Because already setup the freeradius using MySQL, so we don't need new database. All we need to do is to import the daloradius scheme into our existing radius database.
# cd /var/www/daloradius/contrib/db
# mysql -u root -p radius < mysql-daloradius.sql
After database successfully altered, we need to configure the daloradius setting.
#vim /var/www/daloradius/library/daloradius.conf.php
Change the database password
$configValues['CONFIG_DB_PASS'] = 'thepassword';
Then we can try to access daloradius using http://ipaddressoftheserver/daloradius
*Note: In my installation, i had a problem because I didn't have php5-gd php-pear and php-db packages installed on my Ubuntu server.
To deal with this problem you can install the packages using
# apt-get install php5-gd php-pear php-db
References,
Mastaqim (2012), http://www.mastaqim.web.id/2012/08/install-freeradius-mysql-ubuntu-server.html
Daud (2012), http://daud.rasadigital.com/install-daloradius-di-ubuntu-server/
64 comments:
am totally new to ubuntu.
suppose i run something like this"vi debian/rules" and i finish with editing the script, how do i save it and go back to the main terminal.
i am stranded here. i end up closing the terminal thinking it would ask me to save changes but nothing. The changes are not effected when i go back to check on the script again.
To exit from vi you can press [esc] then press [:wq!] then enter.
Great job, Thanks ,
at the end to log into daloradius page :
http://your ip address/daloradius
Login to the management:
username: administrator
password: radius
Thanks for your nice post Andrew.
Im trying to use coova-chilli but still not working. Any ideas how to use it with daloradius in this post?
Thank you
Thanks for your nice post Andrew.
Im trying to get coova-chilli work, but still no luck. Any ideas how to make it work with this setup?
Big thanks
@Golgot: Thanks :)
@ Rizha: I haven't tried coova chilli , but I think your problem is in the coova chilli configuration with freeradius.
Hi, Andrew.
Thank you for a good article.
Some notes:
After adding new granst in MySQL:
------
grant all on radius.* to radius@localhost identified by "thepassword";
----
You need to preform next command:
------
flush privileges;
------
Andrew,
how if we want to use an external radius server?
#vim /etc/freeradius/clients.conf
client 10.0.0.0/8 {
secret = testingpassword
shortname = testing
nastype= mikrotik
}
when i enter down in the last already 3 4 entries /24 /32 etc
where i have to add this entry or edit the existing one ???
Please quick reply im stuck on the edge.
@GoldenNetwork:
Just add as new lines. Put comments on all previous lines.
Well i have done everything through ur blog n i got the result in positive when i give command for radtest. it seems to b ok
but as im using ubuntu server 12.04 Lts so im unable to access daloradius page. 127.0.0.1/daloradius.
i dont know how to attach it with the mikrotik by cable
@GoldenNetwork
Do you understand IP address concept? You need to understand this before even trying this setup.
Thanx for reply... i did same as u mentioned the same ips 10.0.0.0/8 even in mikrotik 10.0.0.50
hotspot setup already working in routerboard.
should i use 1 simple ethernet cable between daloradius n mikrotik ???
what ip would be assigned to the mikrotik interface ???
should i use this topology: http://bejatijampang.files.wordpress.com/2012/07/slide2-300x296.jpg
should i have to add 2 lan cards in ubuntu box or after the setup remove the internet from ubuntu and put 1 jumper between mikrotik n ubuntu as i linked up topology ???
The daloradius box is ready my problem is how to make connections between routerboard and daloradius box to get access daloradious webpage
why i found message
"no response from server for ID 210 socket 3"
how to resolft it?
thank u sir..it helped us a lot :)
Hello Andrew, thnk for this blog.
I have a small question, can i put the server on a different location.
Will this make all traffic go to the external server?
Hi All,
First thanks to Andrew.
I am trying to install daloRADIUS , but I am facing some issues with sql module configurations. When I uncomment the sql from the configuration file I received the following error.
/etc/freeradius/sql.conf[22]: Instantiation failed for module "sql"
/etc/freeradius/sites-enabled/default[159]: Failed to load module "sql".
/etc/freeradius/sites-enabled/default[62]: Errors parsing authorize section.
anyone can help ?
Thanks,
Hamad
Great article. I followed it and it seams it works.
I have a question. Now after configuring the server and the mikrotik.
First how can I check if they communicate?
Second how can I test if a user authenticates when it connects to wifi ?
Thank you
@Pavlos: You can try to activate hotspot on your wireless interface. Then try to login with you radius account.
Congratulations for your cool post and thanks for sharing your experience.
I've two questions:
- Is the number of users limited?
- Which is the home page for the hotspot login users and can I configure a new one?
Thanks in advance.
Greetings.
Thanks Andrew. After follow your blog, I got to http://localhost/daloradius after typing in:
user name: administrator
password: radius
I receive an error message. "Database connection error DB error extension not found.
Please help.
Thanks.
Thanks you for your help, Great job worked for me without much trouble.
I have been working my way through this config as new to Ubuntu
All seemed to be going well until i tested using radtest which returns the following error:- Invalid octet string "sqltest" for attribute name "User-Name"
radclient: Nothing to send.
I have viewed the table contents and it all looks in order and double checked the config??
Any help would be very much appreciated. Thanks
hi,
would you help me, what means that: unable to open file "/etc/freeradius/sql/mysql/ippool-dhcp.conf": no such file or directory
errors reading or parsing /etc/freeradius/radiusd.conf
Hi,
I have followed this link for reference in running daloradius with freereadius.
https://help.ubuntu.com/community/CategoryNetworking/daloRADIUS
but I can't seem to get pass the login page.
http://192.168.2.133/daloradius/dologin.php
Database connection error
Error Message: DB Error: connect failed
could you point out what I have missed?
I have used both 12.04 and 14.04 LTS and both have same error message
what output do you need in order to further troubleshoot this?
many thanks,
I have Freeradius running on Ubuntu 12.04 server, to authenticate iBurst clients of my ISP. It is working fine, the only issue is that I don't know how to manage these clients.
For example if a client has not payed to use Internet, I need to be able to disconnect him/her and reconnect him/her once the payment has been done. The only way that I know is to edit the /etc/freeradius/users file and comment the Framed-IP-Address line which is not easy to do every time. Also, I fear that I might accidentally damage the file if I continue accessing it everyday and modifying it.
I would like to know if there is any other way to do this (preferably through a web client). I found one called Dialupadmin web interface, but I don't know if I have to install Freeradius from scratch to be able to use the web interface or if I can just install this and use the existing Freeradius without re-installation.
Andrew, pls help! i am am trying to install daloRADIUS , but I am facing some issues with sql module configurations. When I uncomment the sql from the configuration file I received the following error.
/etc/freeradius/sql.conf[22]: Instantiation failed for module "sql"
/etc/freeradius/sites-enabled/default[159]: Failed to load module "sql".
/etc/freeradius/sites-enabled/default[62]: Errors parsing authorize section.
Thank you for the great guide!
Works like a charm.
Herman
I also get this error:
Database connection error
Error Message: DB Error: extension not found
Please help. Thanks.
The solution for
Database connection error
Error Message: DB Error: extension not found
is apt-get install php-mysql
i got errors like this, where is false mister, im running freeradius in freebsd 10.01
root@saman:/usr/home/saman # radtest sqltest testpwd 127.0.0.1 1812 testing123
Sending Access-Request of id 154 to 127.0.0.1 port 1812
User-Name = "sqltest"
User-Password = "testpwd"
NAS-IP-Address = 10.20.30.124
NAS-Port = 1812
Message-Authenticator = 0x00000000000000000000000000000000
Sending Access-Request of id 154 to 127.0.0.1 port 1812
User-Name = "sqltest"
User-Password = "testpwd"
NAS-IP-Address = 10.20.30.124
NAS-Port = 1812
Message-Authenticator = 0x00000000000000000000000000000000
Sending Access-Request of id 154 to 127.0.0.1 port 1812
User-Name = "sqltest"
User-Password = "testpwd"
NAS-IP-Address = 10.20.30.124
NAS-Port = 1812
Message-Authenticator = 0x00000000000000000000000000000000
radclient: no response from server for ID 154 socket 3
Andrew, I found your post interesting and very informative. Thanks for taking the time to write the article. Just a small note, did you mean to move the daloradius to the root for www? Is so then the next line is incorrect. It should be /var/www/contrib and not /var/www/daloradius/contrib.
Thanks again for your time!
Thank you for the great guide!
Works like a charm.
Sir,
When i execute a command for radtest it gives me an output access-reject from host.
pls help me out sir..
@Roshan More
try kill freeradius job
syntax :
ps -A | grep freeradius
and then kill -9 freeradius-pid
when i finished your tutorial, i get problem :
Database connection error
Error Message: DB Error: connect failed
i dont know for finished this, can you help me ?
try to check your config
/var/www/daloradius/library/daloradius.conf.php
change the line
$configValues['CONFIG_DB_PASS'] = 'yourpasswd';
thanks it helped me a lot
its working :)
i really like this blog, i can found alot of the good info. thanks for sharing
Please keep updating this blog, it's been too long. Great post! We adore this blog and This information is very good.
Lsm99
Gclub
ทางเข้า Gclub
thank you for the great information. You are awesome
ทางเข้า UFABET
Gclub
ทางเข้า Gclub
ทางเข้า UFABET
Thank you very much for your great information. It really makes me happy and I am satisfied with the arrangement of your post. You are really a talented person I have ever seen. I will keep following you forever. If you have time you can check How to get free Google Play Gift Card Generator.
Mantap ilmunya gan makasih
Sangat bermanfaat gan
Thx for sharing
Ijin coba mas
Very interesting Post!! When i was read your post, i got very good information regarding game. I a am game lover from my childhood. I share my experience to my Blog for more detail visit free Robux
https://draft.blogger.com/comment.g?blogID=6206763&postID=1064941678631347845&page=1&token=1580880394752
Thank you for the useful educational article
Sa gaming
"What an awesome post, I just read it from start to end. Learned something new after a long time
สล๊อตโจ๊กเกอร์"
This page must be the great article in the future.
แม่จำเนียร Thank you for watching.
Thanks for providing such nice information to us. The post is really helpful and very much thanks to you. I would like to suggest to you something whichis really interesting click here. Auto clicker
Your article is amazing. I like it very much and also appreciate with your work. Keep it up. Thanks for this great article. I am a gamer and I also have something for you. you can check here
It's good to be here and read some interesting posts , i got very useful information over here thanks for sharing it.click here
Check here
Well written blog with a positive approach. Nice work . I also have a software for Compressing and archive files and data. you can check it out on Winrar.
You blogs always gives us useful information. I really appreciate your work here Thank you so much. By the way I am a gamer and I would like to suggest you shader pack for minecraft. You can Download BSL Shaders pack I am sure you love it too.
Thanks for sharing the information. It is very useful for my future. keep sharing
wordpress
blogspot
youtube
បាការ៉ាត់អនឡាញ
Thank you so much for this great information. It really makes me happy and I like your post. You are really a talented person I have ever seen.
Its useful
Hey,
I like your post. I appreciate your blogs because they are really good. Please visit the following website for the best gaming emulator.
visit here
Hello, I like your thoughts which you express in your blog its really apricated Thank you for sharing this article with us ,keep posted . and you want some resources information to make up your blog then kindly Click Here
Hello!! I like ur Thoughts which you express in the way of blogs.when i was reading ur article it makes me Happy.visit here
Hello sir, I read every page of your site.I really like the content that you post on your site. Thanks for such helpfull contents.
Good afternoon guys ,Here you can know about Digital marketing
I'm sure you will like it.
Post a Comment