This document describes how to setup a FreeRADIUS server. A MySQL server is used as backend and for the user accounting.
RADIUS is an industry-standard protocol for providing authentication, authorization, and accounting services.
Authentication is the process of verifying a user’s identity and associating additional information (attributes) to the user’s login session.
Authorization is the process of determining whether the user is allowed on the network and controlling network access values based on a defined security policy.
Accounting is the process of generating log files that record session statistics used for billing, system diagnosis, and usage planning.
Installation:
Download freeradius source from http://freeradius.org/
tar -xzvf freeradius-server-3.0.3.tar.gz
cd freeradius
./configure –prefix=/usr/local/freeradius-server-3.0.3
make
sudo make install
sudo ldconfig
Configuration:
1.Create softlink for modules that you want to add.
cd mods-enabled/
ln -s ../mods-available/sql ./
ln -s ../mods-available/redis ./
ln -s ../mods-available/rediswho ./
2.Edit radiusd.conf
modules {
$INCLUDE mods-enabled/
}
policy {
$INCLUDE sites-enabled/
}
3. Enable SQL configuration in the default enabled site /etc/freeradius/sites-available/default:
authorize {
…
sql
…
}
accounting {
…
sql
…
}
session {
…
sql
…
}
post-auth {
…
sql
…
}
Post-Auth-Type REJECT {
sql
}
Now on to MySQL setup. First, create a database where FreeRADIUS will store AAA data. We’ll call it radius:
create database radius;
Import the MySQL schema from /mods-config/sql/main/mysql/schema.sql
mysql -u root -p < /raddb/sql/mysql/schema.sql
4.Configure SQL module /raddb/mods-available/sql and change the database connection parameters to suite your environment:
sql {
driver = “rlm_sql_mysql”
server = “192.168.1.1”
port = 3306
login = “radius”
password = “radiuspwd”
# Database table configuration for everything except Oracle
radius_db = “radius”
}
# Set to ‘yes’ to read radius clients from the database (‘nas’ table)
# Clients will ONLY be read on server startup.
read_clients = yes
# Table to keep radius client info
client_table = “nas”
5.Configure AAA queries (edit /mods-config/sql/main/mysql/queries.conf)
Test to see if Free Radius works by issuing the following command:
./radiusd -X
This will start FreeRadius in debug mode ( To stop it -> Ctrl+c).
FreeRADIUS has a start-up script. The following will ensure automatic start-up between reboots.
sudo cp sbin/rc.radiusd /etc/init.d/radiusd
sudo update-rc.d radiusd start 80 2 3 4 5 . stop 20 0 1 6 .
FreeRadius Detail logs under /usr/local/freeradius-server-3.0.3/var/log/radius/radacct/
All set!!!