4/5/2019 install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7 - Computingforgeeks

install FreeRADIUS and Daloradius on CentOS 7 and

RHEL 7
By Josphat Mutai - August 8, 2016

(Last Updated On: January 15, 2018)

FreeRADIUS is a high performance, open source RADIUS server developed under the GNU
General Public License. FreeRADIUS is the most used RADIUS server in the world. FreeRADIUS
comes with web-based user administration tool and is modular, very scalable and rich sets of
features. This is a how to install FreeRADIUS and Daloradius on CentOS 7

RADIUS, which stands for “Remote Authentication Dial In User Service”, is a network protocol –
a system that de nes rules and conventions for communication between network devices – for
remote user authentication and accounting. RADIUS is normally used to provide AAA services;
Authorization. Authentication and Accounting.

Recommended books to read:

FreeRADIUS is the most deployed RADIUS server since it supports all common authentication
protocols, being open source and simpli ed user administration made possible by its
dialupadmin web GUI. The server also comes with modules for LDAP and database systems
integration like MySQL,PostgreSQL,Oracle e.t.c.

Before we start doing installations, I recommend turning it o SELinux or setting it to permissive:

setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config

Install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7

Prerequisites:

Install httpd server

yum -y update
yum groupinstall "Development Tools" -y
yum -y install httpd httpd-devel

Start and enable httpd server

systemctl enable httpd

systemctl start httpd

Check status of httpd server to make sure it’s running

https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 1/13
4/5/2019 install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7 - Computingforgeeks

[root@freeradius ~]# systemctl status httpd

● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: di
Active: active (running) since Sat 2016-08-06 22:03:15 UTC; 8s ago

Docs: man:httpd(8)

man:apachectl(8)

Main PID: 3824 (httpd)

Status: "Processing requests..."
CGroup: /system.slice/httpd.service

├─3824 /usr/sbin/httpd -DFOREGROUND

├─3825 /usr/sbin/httpd -DFOREGROUND
├─3826 /usr/sbin/httpd -DFOREGROUND
├─3827 /usr/sbin/httpd -DFOREGROUND
├─3828 /usr/sbin/httpd -DFOREGROUND
└─3829 /usr/sbin/httpd -DFOREGROUND

Aug 06 22:03:15 freeradius systemd[1]: Starting The Apache HTTP Server...

Aug 06 22:03:15 freeradius httpd[3824]: AH00558: httpd: Could not reliably determ
Aug 06 22:03:15 freeradius systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.

Installing and Con guring MariaDB

We’ll install and con gure MariaDB 10, using steps below:

1. Add MariaDB o cial repo content to CentOS 7 system

vim /etc/yum.repos.d/MariaDB.repo

Add the following contents to the le

[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

2. Update system and install MariaDB to con gure Database server

yum -y update
yum install -y mariadb-server mariadb

https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 2/13
4/5/2019 install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7 - Computingforgeeks

You’ll be prompted to install MariaDB GPG Signing key. Just press y to allow installation.

3. Start and enable MariaDB to run on boot

systemctl start mariadb

systemctl enable mariadb

Check if running and if enabled

[root@radius ~]# systemctl status mariadb

[root@radius ~]# systemctl is-enabled mariadb.service
enabled

5. Con gure initial MariaDB settings to secure it. Here you’ll set root password. For security purposes,
consider removing anonymous users and disallowing remote root login. See sample con guration shown
below. Key choices are marked with red.

[root@freeradius ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB

SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):

OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] Y

https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 3/13
4/5/2019 install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7 - Computingforgeeks

New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone

to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y

... Success!

Normally, root should only be allowed to connect from 'localhost'. This

ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y

... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y

- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y

... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

6. Allow only local connection to mysql server. This is a security mechanism.

https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 4/13
4/5/2019 install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7 - Computingforgeeks

# vim /etc/my.cnf
[mysqld]
bind-address=127.0.0.1

Con gure Database for freeradius

# mysql -u root -p -e " CREATE DATABASE radius"

# mysql -u root -p -e "show databases"
# mysql -u root -p
MariaDB [(none)]> GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radiusp
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> \q
Bye

Installing php 7 on CentOS 7

cd ~
curl 'https://setup.ius.io/' -o setup-ius.sh
sudo bash setup-ius.sh
sudo yum remove php-cli mod_php php-common
sudo yum -y install mod_php70u php70u-cli php70u-mysqlnd php70u-devel php70u-gd p
sudo apachectl restart

Check php version to con rm

# php -v
PHP 7.0.9 (cli) (built: Jul 21 2016 11:48:03) ( NTS )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies

If php 7 fails to work for you, try installing php 5 by running below commands. You’ll have to rst
uninstall php 7.

https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 5/13
4/5/2019 install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7 - Computingforgeeks

yum -y install php-pear php-devel php-mysql php-common php-gd php-mbstring php-mcr

Installing FreeRADIUS

# yum -y install freeradius freeradius-utils freeradius-mysql

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.linode.com
* epel: ftp.osuosl.org
* extras: mirrors.linode.com
* ius: ius.mirror.constant.com
* updates: mirrors.linode.com
Resolving Dependencies
--> Running transaction check
---> Package freeradius.x86_64 0:3.0.4-6.el7 will be installed
--> Processing Dependency: libnaaeap.so.0()(64bit) for package: freeradius-3.0.4-
---> Package freeradius-mysql.x86_64 0:3.0.4-6.el7 will be installed
---> Package freeradius-utils.x86_64 0:3.0.4-6.el7 will be installed
--> Running transaction check
---> Package tncfhh-libs.x86_64 0:0.8.3-16.el7 will be installed
--> Processing Dependency: tncfhh = 0.8.3 for package: tncfhh-libs-0.8.3-16.el7.x
--> Processing Dependency: libxerces-c-3.1.so()(64bit) for package: tncfhh-libs-0
--> Processing Dependency: libtncutil.so.0()(64bit) for package: tncfhh-libs-0.8.
--> Processing Dependency: liblog4cxx.so.10()(64bit) for package: tncfhh-libs-0.8
--> Running transaction check
---> Package log4cxx.x86_64 0:0.10.0-16.el7 will be installed
---> Package tncfhh.x86_64 0:0.8.3-16.el7 will be installed
---> Package tncfhh-utils.x86_64 0:0.8.3-16.el7 will be installed
---> Package xerces-c.x86_64 0:3.1.1-8.el7_2 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==================================================================================
Package Arch Version Repository Size
=================================================================================
Installing:
freeradius x86_64 3.0.4-6.el7 base 985 k
freeradius-mysql x86_64 3.0.4-6.el7 base 81 k
freeradius-utils x86_64 3.0.4-6.el7 base 188 k
Installing for dependencies:
log4cxx x86_64 0.10.0-16.el7 base 452 k
tncfhh x86_64 0.8.3-16.el7 base 680 k
tncfhh-libs x86_64 0.8.3-16.el7 base 160 k
https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 6/13
4/5/2019 install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7 - Computingforgeeks

tncfhh-utils x86_64 0.8.3-16.el7 base 33 k

xerces-c x86_64 3.1.1-8.el7_2 updates 878 k

Transaction Summary
=================================================================================
Install 3 Packages (+5 Dependent packages)

Total download size: 3.4 M

Installed size: 11 M
Is this ok [y/d/N]: y
Downloading packages:
(1/8): freeradius-mysql-3.0.4-6.el7.x86_64.rpm | 81 kB 00:00:00
(2/8): freeradius-3.0.4-6.el7.x86_64.rpm | 985 kB 00:00:00
(3/8): freeradius-utils-3.0.4-6.el7.x86_64.rpm | 188 kB 00:00:00
(4/8): log4cxx-0.10.0-16.el7.x86_64.rpm | 452 kB 00:00:00
(5/8): tncfhh-0.8.3-16.el7.x86_64.rpm | 680 kB 00:00:00
(6/8): tncfhh-libs-0.8.3-16.el7.x86_64.rpm | 160 kB 00:00:00
(7/8): tncfhh-utils-0.8.3-16.el7.x86_64.rpm | 33 kB 00:00:00
(8/8): xerces-c-3.1.1-8.el7_2.x86_64.rpm | 878 kB 00:00:00
---------------------------------------------------------------------------------
Total 11 MB/s | 3.4 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : log4cxx-0.10.0-16.el7.x86_64 1/8
Installing : xerces-c-3.1.1-8.el7_2.x86_64 2/8
Installing : tncfhh-utils-0.8.3-16.el7.x86_64 3/8
Installing : tncfhh-0.8.3-16.el7.x86_64 4/8
Installing : tncfhh-libs-0.8.3-16.el7.x86_64 5/8
Installing : freeradius-3.0.4-6.el7.x86_64 6/8
Installing : freeradius-mysql-3.0.4-6.el7.x86_64 7/8
Installing : freeradius-utils-3.0.4-6.el7.x86_64 8/8
Verifying : freeradius-mysql-3.0.4-6.el7.x86_64 1/8
Verifying : tncfhh-0.8.3-16.el7.x86_64 2/8
Verifying : xerces-c-3.1.1-8.el7_2.x86_64 3/8
Verifying : freeradius-utils-3.0.4-6.el7.x86_64 4/8
Verifying : tncfhh-libs-0.8.3-16.el7.x86_64 5/8
Verifying : freeradius-3.0.4-6.el7.x86_64 6/8
Verifying : log4cxx-0.10.0-16.el7.x86_64 7/8
Verifying : tncfhh-utils-0.8.3-16.el7.x86_64 8/8

Installed:
freeradius.x86_64 0:3.0.4-6.el7 freeradius-mysql.x86_64 0:3.0.4-6.el7

https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 7/13
4/5/2019 install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7 - Computingforgeeks

freeradius-utils.x86_64 0:3.0.4-6.el7

Dependency Installed:
log4cxx.x86_64 0:0.10.0-16.el7 tncfhh.x86_64 0:0.8.3-16.el7
tncfhh-libs.x86_64 0:0.8.3-16.el7 tncfhh-utils.x86_64 0:0.8.3-16.el7
xerces-c.x86_64 0:3.1.1-8.el7_2

Complete!

You have to start and enable freeradius to start at boot up.

# systemctl start radiusd.service

# systemctl enable radiusd.service

Created symlink from /etc/systemd/system/multi-user.target.wants/radiusd.service t

Now you can check the status:

# systemctl status radiusd.service

Also, con gure rewalld to allow radius and httpd packets in and out
– Radius server uses udp ports 1812 and 1813. This can be con rmed by viewing the contents of
the le /usr/lib/ rewalld/services/radius.xml

# cat /usr/lib/firewalld/services/radius.xml

1. First start and enable rewalld for security

# systemctl enable firewalld

# systemctl start firewalld
# systemctl status firewalld

2. Con rm rewalld is running

https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 8/13
4/5/2019 install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7 - Computingforgeeks

# firewall-cmd --state
running

3. Add permanent rules to default zone to allow http,https and radius services

# firewall-cmd --get-services | egrep 'http|https|radius'

# firewall-cmd --add-service={http,https,radius} --permanent
success

4. Reload rewalld for changes to take e ect

# firewall-cmd --reload

5. Con rm that services were successfully added to default zone

# firewall-cmd --get-default-zone
public
# firewall-cmd --list-services --zone=public
dhcpv6-client http https radius ssh

We can see the three services present hence we’re good to proceed.
Test radius server by running it in debug mode with option -X

# ss -tunlp | grep radiusd

If it’s running, debug mode will fail to bind to ports, you may have to kill radius server daemon
rst

# pkill radius

Then start radius server in debugging mode to see if it runs successfully:

# radiusd -X

https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 9/13
4/5/2019 install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7 - Computingforgeeks

Con gure FreeRADIUS

To Con gure FreeRADIUS to use MariaDB, follow steps below.

1. Import the Radius database scheme to populate radius database

# mysql -u root -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql

2. Con gure Radius at this point

– First you have to create a soft link for SQL under /etc/raddb/mods-enabled

# ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/

Con gure SQL module /raddb/mods-available/sql and change the database connection
parameters to suite your environment:

# vim /etc/raddb/mods-available/sql

sql section should look similar to below.

sql {

driver = "rlm_sql_mysql"
dialect = "mysql"

# Connection info:

server = "localhost"

port = 3306
login = "radius"
password = "radiuspassword"

# Database table configuration for everything except Oracle

https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 10/13
4/5/2019 install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7 - Computingforgeeks

radius_db = "radius"
}

# Set to ‘yes’ to read radius clients from the database (‘nas’ table)
# Clients will ONLY be read on server startup.
read_clients = yes

# Table to keep radius client info

client_table = “nas”

Then change group right of /etc/raddb/mods-enabled/sql to radiusd:

# chgrp -h radiusd /etc/raddb/mods-enabled/sql

Installing and Con guring Daloradius

Installing Daloradius

You can use Daloradius to manage radius server. This is optional and should not be done before
install FreeRADIUS. There are two ways to download daloradius, either from github or
sourceforge
Github method:

# wget https://github.com/lirantal/daloradius/archive/master.zip
# unzip master.zip
# mv daloradius-master/ daloradius

Sourceforge way:

# wget http://liquidtelecom.dl.sourceforge.net/project/daloradius/daloradius/dalor
# tar zxvf daloradius-0.9-9.tar.gz
# mv daloradius-0.9-9 daloradius

Change directory for con guration

# cd daloradius

Con guring daloradius

Now import Daloradius mysql tables

# mysql -u root -p radius < contrib/db/fr2-mysql-daloradius-and-freeradius.sql

# mysql -u root -p radius < contrib/db/mysql-daloradius.sql

Con gure daloRADIUS database connection details:

https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 11/13
4/5/2019 install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7 - Computingforgeeks

# cd ..
# mv daloradius /var/www/html/

Then change permissions for http folder and set the right permissions for daloradius
con guration le.

# chown -R apache:apache /var/www/html/daloradius/

# chmod 664 /var/www/html/daloradius/library/daloradius.conf.php

You should now modify daloradius.conf.php le to adjust the MySQL database information .
Therefore, open the daloradius.conf.php and add the database username, password and db
name.

# vim /var/www/html/daloradius/library/daloradius.conf.php

Especially relevant variables to con gure are:

CONFIG_DB_USER
CONFIG_DB_PASS
CONFIG_DB_NAME

To be sure everything works, restart radiusd,httpd and mysql:

# systemctl restart radiusd.service

# systemctl restart mariadb.service
# systemctl restart httpd

Then run:

yum install php-pear

pear install DB

Up to this point, we’ve covered complete installation and con guration of daloradius and
freeradius, to access daloradius, open the link using your IP address:

http://ip-address/daloradius/login.php

Default login details are:

Username: administrator
Password: radius

https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 12/13
4/5/2019 install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7 - Computingforgeeks

Conclusion

You have learned how to Install FreeRADIUS, perform simple essential con gurations and
Installation of Daloradius which is a web-based tool used to administer FreeRADIUS. You may
have to consider further reading to be a guru in FreeRADIUS administration.

Recommended books to read:

Tags:
install FreeRADIUS on CentOS 7 and RHEL 7
install freeradius and con gure it with daloradius on CentOS 7 and RHEL 7

Josphat Mutai
https://computingforgeeks.com/

Co-founder of Computingforgeeks. Expertise in Virtualization, Cloud Computing, Linux/UNIX systems,

Programming,Storage systems,HA, Server Clustering e.t.c.

https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/ 13/13