Freeradius 2.05.1 Howto with mysql
(date: 28-7-2008 by Osman)
This tutorial explains how you can set up a FreeRadius server with Wifi authentication and accounting
in conjunction with mysql & web management with daloradius on CentOS 5. This howto should work
for a newbie. Production deployment is also possible with minor tweaking. But as usual I do not
guarantee anything & take no responsibilities if something goes wrong.
(For basic how-to refer to my doc http://howtoforge.org/wifi-authentication-accounting-with-freeradius-oncentos5)
Following steps are involved:
1- Building Centos 5.x binary rpms
2- Installing the binary packages
3- Configuring the FR with mysql
4- Setting up web management with Daloradius
Step 1- Building Centos 5.X packages
Get hold of src.rpms from http://rpmfind.net//linux/RPM/fedora/devel/src/freeradius-2.0.51.fc10.src.html
rpm -Uvh freeradius-2.0.5-1.fc10.src
Note: It is recommended that u carry this building process on a non-production server. & move over
the final binary rpms over to the produtions server. But it isn't mandatory if u know what ur doing.
cd /usr/src/redhat/RPMS/SPECS
rpmbuild -bb freeradius.spec
Note: You might require some package for these. yum them. & rerun the rebuild process. (if I remember
correctly I got prompted for the followings)
beecrypt-devel - 4.1.2-10.1.1.i386
sqlite-devel - 3.3.6-2.i386
unixODBC - 2.2.11-7.1.i386
unixODBC-devel - 2.2.11-7.1.i386
python-devel - 2.4.3-21.el5.i386
pam-devel - 0.99.6.2-3.27.el5.i386
elfutils-libelf-devel - 0.125-3.el5.i386
elfutils-libelf-devel-static - 0.125-3.el5.i386
rpm-devel - 4.4.2-48.el5.i386
elfutils-devel - 0.125-3.el5.i386
elfutils-devel-static - 0.125-3.el5.i386
net-snmp-devel - 1:5.3.1-24.el5_2.1.i386
mysql - 5.0.45-7.el5.i386
cyrus-sasl-devel - 2.1.22-4.i386
mysql-devel - 5.0.45-7.el5.i386
openldap-devel - 2.3.27-8.el5_2.4.i386
gdbm-devel - 1.8.0-26.2.1.i386
libtool-ltdl-devel - 1.5.22-6.1.i386
postgresql - 8.1.11-1.el5_1.1.i386
postgresql-devel - 8.1.11-1.el5_1.1.i386
After a while (depending on ur system specs) u should have rpms built at the following locations (if
using x86)
cd /usr/src/redhat/RPMS/i386
Move these to a production server if this is ur development workstation.
Step 2- Installing the binary packages
rpm -Uvh freeradius-libs-2.0.5-1.i386.rpm
rpm -Uvh freeradius-2.0.5-1.i386.rpm
rpm -Uvh freeradius-utils-2.0.5-1.i386.rpm
rpm -Uvh freeradius-mysql-2.0.5-1.i386.rpm
After running with the out of the box configuration validate against a local user
E.g: run radius is debug mode
radiusd -X
From another shell run this while the radius -X is running
radtest abc 123 localhost 1812 testing123
Make sure the user abc with password 123 is set in the /etc/raddb/users file)
Setp 3- Configuring the FR with mysql
First the mysql bits (Creating the db & its admin user). Do the following
from ur shell.
mysql -u root -p
CREATE DATABASE radius;
GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radpass";
exit
Import the the freeradius's schema
mysql -u root -p radius < /etc/raddb/sql/mysql/schema.sql
Now edit ur /etc/raddb/sql.conf
Reset the user/password/database parameters to reflect the the changes (eg. root/radpass/radius)
Edit the file /etc/raddb/sites-enabled/default
& add a line saying 'sql' to the authorize{} section (which is towards the end of the file). The best place
to put it is just after the 'files' entry. Indeed, if you'll just be using SQL, and not falling back to text
files, you could comment out or delete the 'files' entry altogether. Also add a line saying 'sql' to the
accounting{} section to tell FreeRADIUS to store accounting records in SQL as well. Optionally add
'sql' to the session{} section if you want to do Simultaneous-Use detection. Optionally add 'sql' to the
post-auth{} section if you want to log all Authentication attempts to SQL.
Here is the authorize section:
authorise {
preprocess
chap
mschap
suffix
eap
files
sql
pap
And the accounting section:
accounting {
detail
sql
}
Insert a test user in the database. go to mysql shell & run this.
mysql -u root -p
mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('sqltest',
'Password', 'testpwd');
mysql> exit
Fire up the radius in debug mode
radiusd -X
Go to another shell run the test
radtest sqltest testpwd localhost 1812 testing123
Congratulations freeradius + mysql setup is working.
4- Setting up web management with Daloradius
For fancy web based GUI managment & more read on.
############# For daloRADIUS version 0.9-7 stable release ##############
#
by Liran Tal of Enginx <[email protected]>
Prerequisites are
=============
Apache 1/2, PHP 4/5, PHP GD , PHP DB Abstraction Layer (may require PHP Pear), MySQL 4/5
yum install httpd
yum install php php-mysql php-pear php-gd php-per-DB
Note: u might need to add this repository for some of the packages
rpm -Uvh http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.61.el4.rf.i386.rpm
Get hold of daloradius from http://sourceforge.net/projects/daloradius
tar -zxvf daloradius.tar.gz
cp daloradius/ /var/www -R
chown apache:apache /var/www/daloradius -R
chmod 644 /var/www/daloradius/library/daloradius.conf
Daloradius needs to add few more tables to the radius database we already created earlier
.
(Note: The schemas in the daloradius/contrib/db folder won't work out of the box u need to modify them to get them
working)
cd /var/www/daloradius/contrib/db
mysql -u root -p radius < mysql-daloradius.sql
Now, simply adjust the MySQL database information in daloRADIUS's config file.
cd /var/www/daloradius/library/
vi daloradius.conf
Fill in the database details, few important parameters are listed below
CONFIG_DB_ENGINE = mysql
CONFIG_DB_HOST = 127.0.0.1
CONFIG_DB_USER = root
CONFIG_DB_PASS = radpass
CONFIG_DB_NAME = radius
ONFIG_DB_TBL_RADUSERGROUP = radusergroup
..........................................................
Save the file and exit.
Setup the apache server
Edit the /etc/httpd/conf/httpd.conf file & append this to the end of the file. (customize to ur likings)
Alias /daloradius "/var/www/daloradius/"
<Directory /var/www/daloradius/>
Options None
order deny,allow
deny from all
allow from 127.0.0.1
</Directory>
Save & exit
Restart the httpd server
/etc/init.d/httpd restart
Fire up the firefox (or neother borowser) & go to the url http://localhost/daloradius
(If this is a production server without GUI, set the "allow from <ip >" in the httpd.conf & url to it)
Login to the management:
username: administrator
password: radius
Change this information first for the sake of security. (Info is located in the operator table)
Congratulations your done.
References:
http://freeradius.org/
http://wiki.freeradius.org/SQL_HOWTO
http://sourceforge.net/projects/daloradius
http://howtoforge.org/wifi-authentication-accounting-with-freeradius-on-centos5