Freeradius Installation Guide on CentOS 7

FreeRADIUS Installation Guide on CentOS 7

Prerequsities [github]

• CentOS 7
• freeradius-3.0.16

Reference

• http://blog.csdn.net/cluniquecui/article/details/42490423
• http://blog.csdn.net/name_kongkong/article/details/53010377

---

Downloads

git clone https://github.com/FreeRADIUS/freeradius-server.git
cd freeradius-server
git branch -a
git checkout v3.0.x

Build and Install

yum install -y libtalloc-devel openssl-devel make autoconf
rpm -ivh mysql-community-common-5.7.20-1.el7.x86_64.rpm
rpm -ivh mysql-community-libs-5.7.20-1.el7.x86_64.rpm
rpm -ivh mysql-community-client-5.7.20-1.el7.x86_64.rpm
rpm -ivh mysql-community-devel-5.7.20-1.el7.x86_64.rpm>
cd freeradius-server
./configure
make && make install

On Ubuntu15.04:
(1) talloc
$ wget https://www.samba.org/ftp/talloc/talloc-2.1.0.tar.gz
$ tar zvxf talloc-2.1.0.tar.gz
$ cd talloc-2.1.0
$ ./configure --without-gettext
$ make && sudo make install
(2) ykclient, yubikey
$ sudo apt-get install libykclient3
$ sudo apt-get install libykclient-dev
$ sudo apt-get install libyubikey-dev
(3) build
$ cd freeradius-server
$ ./configure
$ make && sudo make install

Install path is:

/usr/local/sbin/

Config files are located in:

/usr/local/etc/raddb

Run as Debug Mode

trim the first character ‘#’ in the below paragraph:

vi /usr/local/etc/raddb/users

#steve  Cleartext-Password := "testing"
#       Service-Type = Framed-User,
#       Framed-Protocol = PPP,
#       Framed-IP-Address = 172.16.3.33,
#       Framed-IP-Netmask = 255.255.255.0,
#       Framed-Routing = Broadcast-Listen,
#       Framed-Filter-Id = "std.ppp",
#       Framed-MTU = 1500,
#       Framed-Compression = Van-Jacobsen-TCP-IP

start radius server as debug mode:

/usr/local/sbin/radiusd -X

open another window and test with command:

/usr/local/bin/radtest steve testing localhost 0 testing123

Enable Support for Mysql

located in path:

cd /usr/local/etc/raddb/mods-config/sql/main/mysql
ls

will see below files:

queries.conf
schema.sql
setup.sql

logon mysql as sample:

mysql -u root -pAbc1234! -h cent7-n3.pepstack.com

then run script in mysql promote:

create database if not exists radius;
use radius;
source schema.sql;
flush privileges;
create user ‘radius’@’cent7-n1.pepstack.com’ identified by ‘radpass1234!’;
revoke all privileges,grant option from ‘radius’@’cent7-n1.pepstack.com’;
grant all privileges on radius.* to ‘radius’@’cent7-n1.pepstack.com’;
flush privileges;

backup default config file:

cd /usr/local/etc/raddb/sites-available/
cp default default.bak

replace all ‘-sql’ with ‘sql’ in ‘/usr/local/etc/raddb/site-enabled/default’ as below:

vi /usr/local/etc/raddb/sites-enabled/default

        #  See "Authorization Queries" in mods-available/sql
        sql

        ...
        #
        #  See "Accounting queries" in mods-available/sql
        sql

        ...

        #
        #  See "Authentication Logging Queries" in mods-available/sql
        sql

comment all ‘files’ as below:

vi /usr/local/etc/raddb/sites-enabled/default

        #
        #  Read the 'users' file.  In v3, this is located in
        #  raddb/mods-config/files/authorize
        #!--files
...

        #
        #  Read the 'acct_users' file
        #!--files
...

        #  Uncomment the following line if you want to change attributes
        #  as defined in the preproxy_users file.
#       files

replace section in ‘/usr/local/etc/raddb/mods-available/sql’ with below:

sql {
        # The sub-module to use to execute queries. This should match
        # the database you're attempting to connect to.
        #
        #    * rlm_sql_mysql
        #    * rlm_sql_mssql
        #    * rlm_sql_oracle
        #    * rlm_sql_postgresql
        #    * rlm_sql_sqlite
        #    * rlm_sql_null (log queries to disk)
        #
        driver = "rlm_sql_mysql"

        ...

        # Connection info:
        #
        server = "cent7-n3.pepstack.com"
        port = 3306
        login = "radius"
        password = "radpass1234!"

        # Database table configuration for everything except Oracle
        radius_db = "radius"

create link as below:

cd /usr/local/etc/raddb/mods-enabled
ln -s ../mods-available/sql sql

Create Account for Test

create a new radius user in mysql database:

mysql -u radius -pradpass1234! -h cent7-n3.pepstack.com
mysql > use radius;
mysql > insert into radcheck(id,username,attribute,op,value) values(‘2’,’zhang’,’Cleartext-Password’,’:=’,’liang’);
quit

start radius server:

/usr/local/sbin/radiusd -X

start radius test client:

/usr/local/bin/radtest zhang liang localhost 1812 testing123

that shows:

Sent Access-Request Id 147 from 0.0.0.0:54246 to 127.0.0.1:1812 length 75
    User-Name = "zhang"
    User-Password = "liang"
    NAS-IP-Address = 192.168.122.223
    NAS-Port = 1812
    Message-Authenticator = 0x00
    Cleartext-Password = "liang"
Received Access-Accept Id 147 from 127.0.0.1:1812 to 0.0.0.0:0 length 20

in the radius terminal window shows like below:

...
(0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'zhang', 'liang', 'Access-Accept', '2017-12-19 07:59:59')
(0) sql: SQL query returned: success
(0) sql: 1 record(s) updated
rlm_sql (sql): Released connection (1)
(0)     [sql] = ok
(0)     [exec] = noop
(0)     policy remove_reply_message_if_eap {
(0)       if (&reply:EAP-Message && &reply:Reply-Message) {
(0)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(0)       else {
(0)         [noop] = noop
(0)       } # else = noop
(0)     } # policy remove_reply_message_if_eap = noop
(0)   } # post-auth = ok
(0) Sent Access-Accept Id 147 from 127.0.0.1:1812 to 127.0.0.1:54246 length 0
(0) Finished request
Waking up in 4.9 seconds.
(0) Cleaning up request packet ID 147 with timestamp +9
Ready to process requests

modifiy clients.conf as below for accepting a BRAS ip:

client localhost {
ipaddr = 127.0.0.1
ipv4addr = *    # any.  127.0.0.1 == localhost
secret = testing123
}

so all are done.