Архив метки: FreeRADIUS Step by Step Configuration Guides

Ubuntu RADIUS Server Configuration with freeRADIUS

Ubuntu Server is one of most popular open-source Linux Server distribution. It is stable and reliable than other Linux distributions. So, enterprise level application can be hosted on Ubuntu Server. Ubuntu RADIUS Server is popularly used for remote authentication and mostly used with the freeRADIUS open source RAIDUS application.




freeRADIUS is one of the most popular and powerful AAA (Authorization, Authentication and Accounting) application. Any enterprise (specially ISP company) can use freeRADIUS for AAA solution and can develop billing system. freeRADIUS can be easily installed and configured in Ubuntu Linux Server and can be used as Ubuntu RADIUS Server.




In my previous article, I discussed how to installed Ubuntu Linux Server with LVM and in this article I am going to discuss how to install and configure freeRADIUS daemon in Ubuntu Linux Server and how to use Ubuntu RADIUS Server with freeRADIUS.



How to install and configure freeRADIUS in Ubuntu Server
How to install and configure freeRADIUS in Ubuntu Server



freeRADIUS installation in Ubuntu Server 




freeRADIUS package is available in Ubuntu Server package repository. At the time of writing this article, the available version of freeRADIUS is freeRADIUS 3. You can find the current available version with the following command.




# sudo apt search freeradius




With the above command, you will find a lot of freeRADIUS packages available in Ubuntu Repository. Among these packages, we will only install the basic freeradius and freeradius-utils package initially.




Issue the following command to install freeRADIUS basic packages in Ubuntu Server.




# sudo apt install freeradius freeradius-utils -y




Within few times, the freeRADIUS daemon will be installed in your Ubuntu Server. You can verify freeRADIUS installation in Ubuntu Server with the following command.




# sudo apt list –installed | grep freeradius






Managing freeRADIUS Service in Ubuntu Server




The freeradius service will be started by default after installing the freeradius package. We can see the status of the freeradius service with the following command.




# sudo systemctl status freeradius




We will now find that the freeradius service is active and running. To make it start automatically when Ubuntu Server rebooted, issue the following command.




# sudo systemctl enable freeradius




We can also start or restart the freeradius service with the following two commands respectively.




# sudo systemctl start freeradius # sudo systemctl restart freeradius




If we need to stop the freeradius service for any reason, we can issue the following command.




# sudo systemctl stop freeradius






Testing freeRADIUS Installation and Default Configuration




To test and debug freeRADIUS installation and configuration as well as freeRADIUS data send and receive, we can run freeRADIUS as debug mode. To run freeradius as debug mode in Ubuntu Server, issue the following command but make sure the freeradius service is stopped.




# sudo freeradius -X




With the above command, you will find the following output at the bottom that means your server is ready to accept NAS authentication, authorization and accounting request.




Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel Listening on auth address * port 1812 bound to server default Listening on acct address * port 1813 bound to server default Listening on auth address :: port 1812 bound to server default Listening on acct address :: port 1813 bound to server default Listening on proxy address * port 54279 Listening on proxy address :: port 52868 Ready to process requests




Allowing RADIUS Ports in Firewall




From the above command, you can see that freeradius is listening the auth (Authorization and Authentication) request on UDP port 1812 and the acct (Accounting) request on UDP port 1813. So, we have to keep allowed these UDP ports in our installed firewall in Ubuntu Server. As I am fond of Firewalld daemon for firewalling in Ubuntu Server, I am showing how to enable these UDP ports in firewalld service. If you use any other firewall daemon, use that service to allow these two UDP ports.




Issue the following command to allow these ports in firewalld service (on public zone, if you have any other zone, enable these ports on that zone also if required).




# sudo firewall-cmd –zone=public –add-port=1812/udp # sudo firewall-cmd –zone=public –add-port=1813/udp




freeRADIUS Server Basic Configuration in Ubuntu Server




We will now do FreeRADIUS basic configuration which includes RADIUS client (NAS) and RADIUS User configuration. In Ubuntu FreeRADIUS Server, all the configuration files are placed in /etc/freeradius/version_number directory. So, go to this directory and open clients.conf file.




# cd /etc/freeradius/3.0/ # vim clients.conf




In this file, a default RADIUS client named localhost is configured by default for testing purpose. So, we will use this client for testing FreeRADIUS configuration. The default configuration of the localhost client looks like the following lines.




client localhost { ipaddr = 127.0.0.1 secret = testing123 require_message_authenticator = no nas_type = other }




Similarly, we can add other NAS devices such MikroTik Router, Cisco Router etc. We will discuss how to add NAS devices in clients configuration file in the upcoming tutorials. Now we will add our test users in FreeRADIUS Server.






By default, user will be authorized and authenticated from users file in FreeRADIUS Server. So, open the users file located in this directory and add the following bob user at the top of this file. Also make sure that the second and third lines are indented by a single tab character.




# vim users




“bob” Cleartext-Password := “password”    Framed-IP-Address = 192.168.10.10,    Reply-Message = “Hello, %{User-Name}”




In the above user information, the first line contains authorization and authentication information which is user name and password, and the rest of the line contains AVPs (Attribute Value Pair) those will be returned when the user will be authenticated.




FreeRADIUS basic configuration has been completed. Now it is time to test the configuration. FreeRADIUS provides radtest and radclient tools to test user and its configuration. We will use radclient tool test our bob user.




So, reload the freeradius daemon and issue the following radclient command and observe the output of this command.




# systemctl restart freeradius




# echo “User-Name=bob,User-Password=password” |  /usr/bin/radclient -x 127.0.0.1:1812 auth testing123




Output




Sent Access-Request Id 10 from 0.0.0.0:60243 to 127.0.0.1:1812 length 43




        User-Name = “bob”




        User-Password = “password”




        Cleartext-Password = “password”




Received Access-Accept Id 10 from 127.0.0.1:1812 to 127.0.0.1:60243 length 38




        Framed-IP-Address = 192.168.10.10




        Reply-Message = “Hello, bob”




The above output of the radclient command is showing how auth request is being sent to the radius server and how the response is being sent to the Radius client.




So, Ubuntu RADIUS Server with freeRADIUS is now ready to accept Radius client (NAS) request and sent response to the NAS.  In the next article, we will learn how to add MikroTik Router as NAS device of the freeRADIUS Server and authenticated RouterOS system user from Ubuntu RADIUS Server.




How to install and configure freeRADIUS Server in Ubuntu Server has been discussed in this article.  I hope, you will now be able to install and configure freeRADIUS Server in Ubuntu Server. However, if you face any issue to install and to do basic configuration of freeRADIUS Server, feel free to discuss in comment or contact me from Contact page. I will try my best to stay with you.



2022-09-03T20:19:38
FreeRADIUS Step by Step Configuration Guides

FreeRADIUS MySQL Database GUI with phpMyAdmin on CentOS 7

FreeRADIUS is a high performance RADIUS Server that accepts a large number of networking devices as RADIUS Client including MikroTik Router. MySQL is one of the best user sources for freeRADIUS server. In my previous article, I discussed how to install freeRADIUS server on CentOS 7 and how to integrate MySQL module with freeRADIUS server. I also discussed how to create user group and profile in MySQL database server and authenticate MikroTik PPPoE client with MySQL database user. I used MySQL Command Line Interface (CLI) to insert user information in database server. But most of the people like Graphical User Interface (GUI) rather than Command Line Interface (CLI). A lot of Graphical Software (such as MySQL Workbench, DBTools Manager, phpMyAdmin and so on) can be found to manage MySQL (MariaDB) database graphically. Among these, in this article I will show how to install and configure phpMyAdmin to manage freeRADIUS MySQL database because phpMyAdmin is a free MySQL (MariaDB) management tool over Web Interface.




phpMyAdmin Installation and Configuration on CentOS 7




phpMyAdmin is a free and open source MySQL and MariaDB database administration tool that is written in PHP and can manage over Web Interface. So, to get phpMyAdmin we should have PHP installed and Web Server (http service) running. As our freeRADIUS Server and MariaDB Database Server are running on CentOS 7, we will only install and configure Web Server, PHP and phpMyAdmin and then login to our MariaDB Database Server with phpMyAdmin Web Interface and manage our freeRADIUS users. The following steps will show how to install and configure Web Server, PHP and phpMyAdmin.






Step 1: Apache Web Server Installation and Configuration




Apache is an open-source and multi-platform web server application. Apache has a full range of web server features including CGI, SSL and virtual domains. In CentOS Linux, the Apache Server package is httpd (HTTP Daemon). So, we will now install httpd package that will turn on Apache HTTP Server in CentOS Linux.To install Apache HTTP Server, issue the following command from your CentOS 7 terminal.




[root@freeradius ~]# yum install httpd -y




The httpd package will be installed within a few second. After installing apache httpd package, we have to start the Apache service with the following command.




[root@freeradius ~]# systemctl start httpd




Apache service is now active and running and waiting for the incoming web (http) requests. The daemon will now answer any incoming http request.




But if your server gets rebooted in any case, the httpd daemon will not be stated automatically. So, run the following commend to start apache service automatically if any system restart is occurred.




[root@freeradius ~]# systemctl enable httpd




You can check your web server status at any time with the following command.




[root@ freeradius ~]# systemctl status httpd




HTTP Service runs on TCP 80 port. So, we have to allow port 80 or http service in CentOS firewall.




So, issue the following firewall commands to allow http service through your firewall.




[root@webserver ~]# firewall-cmd –zone=public –add-service=http
[root@webserver ~]# firewall-cmd –zone=public –add-service=http –permanent
[root@webserver ~]# firewall-cmd –reload




Now open your web browser and navigate to http://localhost/ from your server or http://server-ip-address/ from any network workstation. If everything is OK, you will get the apache test page like the below image.




Apache Server on Centos 7
Apache Server on Centos 7




Step 2: PHP Installation




After installing http service, we have to install PHP because phpMyAdmin is written in PHP (hypertext preprocessor) server side scripting language. To install PHP in CentOS Linux, issue the following command in your terminal.




[root@freeradius ~]# yum install php php-mysql -y




Now install some common PHP modules that are sometimes required with the following command.




[root@freeradius ~]# yum install php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-soap curl curl-devel-y




To test PHP installation, create a simple php file (testphp.php) in Apache document root folder (by default /var/www/html) with the following command.




[root@freeradius ~]# vim /var/www/html/testphp.php




And add the following php code in this file.




<?php
phpinfo();
?>




Now restart httpd service with the following command.




[root@freeradius ~]# systemctl restart httpd






Type http://ip-address/testphp.php in your browser to open phptest.php file. If everything is OK, you will fing all the details about PHP such as PHP version, build date and commands etc like the below image.




PHP Installation on CentOS 7
PHP Installation on CentOS 7




Step 3: phpMyAdmin Installation




We will now install phpMyAdmin in our CentOS Linux. By default phpMyAdmin is not found in CentOS official repositories. So, we have to install it using EPEL repository. To install EPEL repository, first download EPEL package with the wget command and then install it in your CentOS system according to the following command.






[root@freeradius ~]# yum install wget -y
[root@freeradius ~]# wget  http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
[root@freeradius ~]# wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
[root@freeradius ~]# rpm -Uvh remi-release-7.rpm epel-release-latest-7.noarch.rpm




EPEL repository is now ready. So, issue the following command to install phpMyAdmin.




[root@freeradius ~]# yum install phpmyadmin –y




phpMyAdmin is now installed in our CentOS Linux. But before getting phpMyAdmin web interface, we have to do a simple configuration.




phpMyAdmin Configuration




To get phpMyAdmin web interface, we have to edit the phpmyadmin.conf file. So, open phpmyadmin.conf file with a text editor.




[root@freeradius ~]# vim /etc/httpd/conf.d/phpMyAdmin.conf




Now find and comment the whole <Directory> section as shown below.




[…]
Alias /phpMyAdmin /usr/share/phpMyAdmin

Alias /phpmyadmin /usr/share/phpMyAdmin

 

#<Directory /usr/share/phpMyAdmin/>

#   <IfModule mod_authz_core.c>

#     # Apache 2.4

#     Require local

#   </IfModule>

#   <IfModule !mod_authz_core.c>

#     # Apache 2.2

#     Order Deny,Allow

#     Deny from All

#     Allow from 127.0.0.1

#     Allow from ::1

#   </IfModule>

#</Directory>

[…]




And add the following lines just below the commented section.




<Directory /usr/share/phpMyAdmin/>
Options none
AllowOverride Limit
Require all granted
</Directory>




Restart the httpd service with the following command.




[root@freeradius ~]# systemctl restart httpd




Now phpMyAdmin can be found by navigating http://server-ip-address/phpmyadmin/ from your web browser.




phpMyAdmin Login Page
phpMyAdmin Login Page




Now login to phpMyAdmin with your root user credential and you will find all the databases in your MySQL or MariaDB database server including our desired radius database. Click on the radius database and you will find the tables created in radius database in the right panel. Click on any table and you will find inserted data in your table.




phpMyAdmin with radius database
phpMyAdmin with radius database




You can export your database or import a backup database with the Export and Import tab respectively as well as you can do any database operation from here graphically.




We will now insert a new user (jack) who will get 2M_Profile. So, his two entries in radcheck table will be…




usernameattributeopvalue
jackCleartext-Password:=passme
jackUser-Profile:=2M_Profile






By default phpMyAdmin provides two rows at a time to insert. But we want to insert one row at a time. So, we need to change the default settings. The following steps will show how to change default edit mode in phpMyAdmin.




  • Click on Settings tab from phpMyAdmin home page.
  • Under Settings tab, click on Main panel button and then click on Edit mode tab.
  • From Edit mode tab, change Number of inserted rows from 2 to 1.
  • Now click Apply button.




Change default inserted row
Change default inserted row




Default insert row has been changed. Now click on radius database and click on radcheck table and then click on Insert tab. Put username (jack), attribute (Cleartext-Password), op (:=) and value (passme) for jack user and click Go button.




user input in radcheck table
user input in radcheck table




You will find 1 row inserted message. Click on Browse button and you will find jack is inserted here. Now click Insert tab again to insert jack’s profile. Put username (jack), attribute (User-Profile), op (:=) and value (2M_Profile) for jack user and click Go button.




input user profile in radcheck table
input user profile in radcheck table




Clicking browse button, you will also find that the profile of jack user has been inserted there.




radcheck table of radius database
radcheck table of radius database




New user creation with user profile has been completed with the phpMyAdmin database management tool. You can create as many users as you need following this step. Now we will check this user with the radtest program. So, login to the radius server with root user credential and issue the following command.






[root@freeradius ~]# radtest jack passme 127.0.0.1 100 testing123 1

Sent Access-Request Id 73 from 0.0.0.0:36674 to 127.0.0.1:1812 length 80

User-Name = “jack”

User-Password = “passme”

NAS-IP-Address = 192.168.40.10

NAS-Port = 100

Message-Authenticator = 0x00

Framed-Protocol = PPP

Cleartext-Password = “passme”

Received Access-Accept Id 73 from 127.0.0.1:1812 to 0.0.0.0:0 length 136

Framed-Protocol = PPP

Framed-Compression = Van-Jacobson-TCP-IP

Framed-Pool = “2M_pool”

Mikrotik-Rate-Limit = “2M/2M 4M/4M 2M/2M 40/40”

Reply-Message = “Hello jack! The database time is now 01:56:07. Your usage is 0”

[root@freeradius ~]#




If everything is OK, you will find the above output that means jack is a freeRADIUS user who is able to use PPP service and his bandwidth limit is 2mbps. So, you can use this user to authenticate as a MikroTik PPPoE client that I described in the previous article.




If you face any confusion to follow above steps properly, follow the below video about phpMyAdmin installation and configuration for freeRADIUS MySQL management. I hope it will reduce your any confusion.