Professional Documents
Culture Documents
RADIUS, which stands for “Remote Authentication Dial In User Service”, is a network protocol –
a system that de nes rules and conventions for communication between network devices – for
remote user authentication and accounting. RADIUS is normally used to provide AAA services;
Authorization. Authentication and Accounting.
FreeRADIUS is the most deployed RADIUS server since it supports all common authentication
protocols, being open source and simpli ed user administration made possible by its
dialupadmin web GUI. The server also comes with modules for LDAP and database systems
integration like MySQL,PostgreSQL,Oracle e.t.c.
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
Prerequisites:
yum -y update
yum groupinstall "Development Tools" -y
yum -y install httpd httpd-devel
https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 1/13
4/5/2019 install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7 - Computingforgeeks
Docs: man:httpd(8)
man:apachectl(8)
We’ll install and con gure MariaDB 10, using steps below:
vim /etc/yum.repos.d/MariaDB.repo
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
yum -y update
yum install -y mariadb-server mariadb
https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 2/13
4/5/2019 install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7 - Computingforgeeks
You’ll be prompted to install MariaDB GPG Signing key. Just press y to allow installation.
5. Con gure initial MariaDB settings to secure it. Here you’ll set root password. For security purposes,
consider removing anonymous users and disallowing remote root login. See sample con guration shown
below. Key choices are marked with red.
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 3/13
4/5/2019 install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7 - Computingforgeeks
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 4/13
4/5/2019 install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7 - Computingforgeeks
# vim /etc/my.cnf
[mysqld]
bind-address=127.0.0.1
cd ~
curl 'https://setup.ius.io/' -o setup-ius.sh
sudo bash setup-ius.sh
sudo yum remove php-cli mod_php php-common
sudo yum -y install mod_php70u php70u-cli php70u-mysqlnd php70u-devel php70u-gd p
sudo apachectl restart
# php -v
PHP 7.0.9 (cli) (built: Jul 21 2016 11:48:03) ( NTS )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies
If php 7 fails to work for you, try installing php 5 by running below commands. You’ll have to rst
uninstall php 7.
https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 5/13
4/5/2019 install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7 - Computingforgeeks
Installing FreeRADIUS
Dependencies Resolved
==================================================================================
Package Arch Version Repository Size
=================================================================================
Installing:
freeradius x86_64 3.0.4-6.el7 base 985 k
freeradius-mysql x86_64 3.0.4-6.el7 base 81 k
freeradius-utils x86_64 3.0.4-6.el7 base 188 k
Installing for dependencies:
log4cxx x86_64 0.10.0-16.el7 base 452 k
tncfhh x86_64 0.8.3-16.el7 base 680 k
tncfhh-libs x86_64 0.8.3-16.el7 base 160 k
https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 6/13
4/5/2019 install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7 - Computingforgeeks
Transaction Summary
=================================================================================
Install 3 Packages (+5 Dependent packages)
Installed:
freeradius.x86_64 0:3.0.4-6.el7 freeradius-mysql.x86_64 0:3.0.4-6.el7
https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 7/13
4/5/2019 install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7 - Computingforgeeks
freeradius-utils.x86_64 0:3.0.4-6.el7
Dependency Installed:
log4cxx.x86_64 0:0.10.0-16.el7 tncfhh.x86_64 0:0.8.3-16.el7
tncfhh-libs.x86_64 0:0.8.3-16.el7 tncfhh-utils.x86_64 0:0.8.3-16.el7
xerces-c.x86_64 0:3.1.1-8.el7_2
Complete!
Also, con gure rewalld to allow radius and httpd packets in and out
– Radius server uses udp ports 1812 and 1813. This can be con rmed by viewing the contents of
the le /usr/lib/ rewalld/services/radius.xml
# cat /usr/lib/firewalld/services/radius.xml
https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 8/13
4/5/2019 install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7 - Computingforgeeks
# firewall-cmd --state
running
3. Add permanent rules to default zone to allow http,https and radius services
# firewall-cmd --reload
# firewall-cmd --get-default-zone
public
# firewall-cmd --list-services --zone=public
dhcpv6-client http https radius ssh
We can see the three services present hence we’re good to proceed.
Test radius server by running it in debug mode with option -X
If it’s running, debug mode will fail to bind to ports, you may have to kill radius server daemon
rst
# pkill radius
# radiusd -X
https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 9/13
4/5/2019 install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7 - Computingforgeeks
– First you have to create a soft link for SQL under /etc/raddb/mods-enabled
# ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/
Con gure SQL module /raddb/mods-available/sql and change the database connection
parameters to suite your environment:
# vim /etc/raddb/mods-available/sql
sql {
driver = "rlm_sql_mysql"
dialect = "mysql"
# Connection info:
server = "localhost"
port = 3306
login = "radius"
password = "radiuspassword"
https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 10/13
4/5/2019 install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7 - Computingforgeeks
radius_db = "radius"
}
# Set to ‘yes’ to read radius clients from the database (‘nas’ table)
# Clients will ONLY be read on server startup.
read_clients = yes
Installing Daloradius
You can use Daloradius to manage radius server. This is optional and should not be done before
install FreeRADIUS. There are two ways to download daloradius, either from github or
sourceforge
Github method:
# wget https://github.com/lirantal/daloradius/archive/master.zip
# unzip master.zip
# mv daloradius-master/ daloradius
Sourceforge way:
# wget http://liquidtelecom.dl.sourceforge.net/project/daloradius/daloradius/dalor
# tar zxvf daloradius-0.9-9.tar.gz
# mv daloradius-0.9-9 daloradius
# cd daloradius
https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 11/13
4/5/2019 install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7 - Computingforgeeks
# cd ..
# mv daloradius /var/www/html/
Then change permissions for http folder and set the right permissions for daloradius
con guration le.
You should now modify daloradius.conf.php le to adjust the MySQL database information .
Therefore, open the daloradius.conf.php and add the database username, password and db
name.
# vim /var/www/html/daloradius/library/daloradius.conf.php
CONFIG_DB_USER
CONFIG_DB_PASS
CONFIG_DB_NAME
Then run:
Up to this point, we’ve covered complete installation and con guration of daloradius and
freeradius, to access daloradius, open the link using your IP address:
http://ip-address/daloradius/login.php
https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 12/13
4/5/2019 install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7 - Computingforgeeks
Conclusion
You have learned how to Install FreeRADIUS, perform simple essential con gurations and
Installation of Daloradius which is a web-based tool used to administer FreeRADIUS. You may
have to consider further reading to be a guru in FreeRADIUS administration.
Tags:
install FreeRADIUS on CentOS 7 and RHEL 7
install freeradius and con gure it with daloradius on CentOS 7 and RHEL 7
Josphat Mutai
https://computingforgeeks.com/
https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 13/13