How to Install freeRADIUS with daloRADIUS on CentOS 7

Install freeRADIUS with daloRADIUS on CentOS 7

RADIUS (Remote Authentication and Dial-In User Service) is network protocol and software that authenticate dial-in users and authorize their access to the requested service. RADIUS provides centralized Authentication, Authorization and Accounting (AAA) management for a user, who connect and use a network service. RADIUS allows an organization to maintain user profiles in a central database that all remote servers can share.

RADIUS servers are mostly used by ISPs (Internet Service Providers) to manage access to the Internet.

freeRADIUS is an free and open-source software to implement RADIUS services. freeRADIUS does not have any native web interface. But we have many third-party web interfaces are available to use with freeRADIUS.

daloRADIUS is a easy to use, but advanced RADIUS web interface, that aimed at managing hotspots and general-purpose ISP deployments. daloRADIUS is written in PHP and supports famous database systems.

In this article, we will install freeRADIUS and daloRADIUS on CentOS 7 without disabling SELinux.

This article emphasize on the installation and initial configuration of freeRADIUS and daloRADIUS on CentOS 7. If you want to know, how to use freeRADIUS or daloRADIUS, then we recommend you to read FreeRADIUS Beginner's Guide (PAID LINK) and daloRADIUS User Guide (Volume 1) (PAID LINK).

Install freeRADIUS with daloRADIUS on CentOS 7

Table of Contents:

 

System Specification:

We are using a CentOS 7 virtual machine with following specifications:

  • Hostname - radius-01.example.com
  • IP Address - 192.168.116.158 /24
  • Operating System - CentOS 7.6
  • freeRADIUS version - 3.0
  • daloRADIUS version - 1.0

 

Installing prerequisite packages:

Connect with radius-01.example.com using ssh as root user.

We will require some utiliies during installation of freeRADIUS and daloRADIUS, therefore, we are installing them now, using yum command.

# yum install -y wget unzip

Some prereqiusite packages are available through extras yum repository, therefore, we are installing EPEL (Extra Packages for Enterprise Linux) yum repository.

# yum install -y epel-release

Build yum cache using following command.

# yum makecache fast
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
epel/x86_64/metalink                                     | 4.6 kB     00:00
 * base: centos.mirror.net.in
 * epel: mirror.horizon.vn
 * extras: centos.mirror.net.in
 * updates: centos.mirror.net.in
base                                                     | 3.6 kB     00:02
extras                                                   | 3.4 kB     00:00
mariadb                                                  | 2.9 kB     00:00
updates                                                  | 3.4 kB     00:00
Metadata Cache Created

 

Installing MariaDB on CentOS 7:

Follow my previous article to install latest version of MariaDB.

After installation, connect with MariaDB database as root user.

# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 16
Server version: 10.3.14-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

Create a database, that serves as the repository for our RADIUS server.

MariaDB [(none)]> create database radius;
Query OK, 1 row affected (0.001 sec)

Create a database owner for radius database.

MariaDB [(none)]> grant all on radius.* to radius@localhost identified by '123';
Query OK, 0 rows affected (0.001 sec)

Reload privileges tables.

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.001 sec)

Exit from MariaDB prompt.

MariaDB [(none)]> exit
Bye

 

Installing Apache Web Server on CentOS 7:

daloRADIUS is a web application developed in PHP. Therefore, we need Apache Web Server with PHP to deploy daloRADIUS.

Install Apache Web Server using yum command.

# yum install -y httpd

Start and enable httpd.service.

# systemctl enable httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
# systemctl start httpd.service

Apache Webserver has been configured successfully. It is advised that, you should read our previous article Chroot Apache Web Server in CentOS 7 to increase the security.

 

Installing PHP on CentOS 7:

Install PHP (Hypertext Preprocessor) and related packages using yum command.

# yum install -y php php-mysql php-pear php-devel php-common php-gd php-mbstring php-mcrypt php-xml php-pear-DB

Restart httpd.service to load changes, made by PHP installation.

# systemctl restart httpd.service

 

Installing freeRADIUS on CentOS 7:

freeRADIUS and relevant packages are available through CentOS base repository. Therefore, we can easily install it using yum command.

# yum install -y freeradius freeradius-utils freeradius-mysql

Start and enable radiusd.service.

# systemctl start radiusd.service
# systemctl enable radiusd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/radiusd.service to /usr/lib/systemd/system/radiusd.service.

Allow RADIUS service in Linux firewall.

# firewall-cmd --permanent --add-service=radius
success
# firewall-cmd --reload
success

 

Configure freeRADIUS to use MariaDB database:

By default, freeRADIUS uses flat-files to store data. Therefore, we have to configure it to use MariaDB database as its repository.

Use the following script to create database objects.

# mysql -u root -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql
Enter password:

You can either copy sql module from /etc/raddb/mods-available/sql or create using following script.

# vi /etc/raddb/mods-enabled/sql

Add following lines therein:

sql {
 driver = "rlm_sql_mysql"
 dialect = "mysql"
 
 # Connection info:
 server = "localhost"
 port = 3306
 login = "radius"
 password = "123"

 # Database table configuration for everything except Oracle
 radius_db = "radius"
 }

# Set to "yes" to read radius clients from the database ("nas" table)
# Clients will ONLY be read on server startup.
read_clients = yes
# Table to keep radius client info
client_table = "nas"

Adjust file permissions.

# chgrp -h radiusd /etc/raddb/mods-enabled/sql

Restart radiusd.service.

# systemctl restart radiusd.service

 

Installing daloRADIUS on CentOS 7:

daloRADIUS is open source and distributed under GPL 2.0 license. It’s complete source is available at GitHub.

# wget https://github.com/lirantal/daloradius/archive/master.zip
--2019-04-25 19:37:59--  https://codeload.github.com/lirantal/daloradius/zip/master
Resolving codeload.github.com (codeload.github.com)... 192.30.253.121, 192.30.253.120
Connecting to codeload.github.com (codeload.github.com)|192.30.253.121|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/zip]
Saving to: âmaster.zip.1â

    [             <=>                       ] 5,447,362    386KB/s   in 14s

2019-04-25 19:38:14 (375 KB/s) - âmaster.zip.1â saved [5447362]

Unzip downloaded file.

# unzip master.zip

Place the extracted directory at the document root of Apache Web server.

# rm -f master.zip
# mv daloradius-master/ /var/www/html/daloradius

Restore SELinux security context as follows.

# restorecon -Rv /var/www/html/daloradius/

Adjust permissions and ownership of daloRADIUS software.

# chown -R apache:apache /var/www/html/daloradius
# chmod -R 664 /var/www/html/daloradius/library/daloradius.conf.php

Allow HTTP service in Linux firewall.

# firewall-cmd --permanent --add-service=http
success
# firewall-cmd --reload
success

Create daloRADIUS objects in MariaDB database.

# mysql -u root -p radius < /var/www/html/daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql
Enter password:
# mysql -u root -p radius < /var/www/html/daloradius/contrib/db/mysql-daloradius.sql
Enter password:

Edit daloRADIUS configuration file.

# vi /var/www/html/daloradius/library/daloradius.conf.php

and define MariaDB database password in it.

$configValues['CONFIG_DB_PASS'] = '123';

Browse URL http://radius-01.example.com/daloradius using a client's browser.

daloradius-login-page-01

Login using default credentials i.e.

Username: administrator
Password: radius

daloradius-homepage-01

freeRADIUS and daloRADIUS has been installed on CentOS 7.

33 Comments

  1. Hi Dear
    Hope you are good
    when i apply the command below i got error :
    chgrp: cannot access '/etc/raddb/mods-enabled/sql': No such file or directoryhgrp -h radiusd /etc/raddb/mods-enabled/sql

    what is the solution for this

    ReplyDelete
    Replies
    1. Hi,
      Thanks for highlighting the problem.
      The above article has been corrected now.
      You can continue from the step "Configure freeRADIUS to use MariaDB database:".

      Delete
  2. Hi,
    Do you think you could explain how to get the logs working following installation as they show as unreadable in the gui and services show as disabled

    ReplyDelete
    Replies
    1. Check the user rights and SELinux file contexts on the log files.

      Delete
  3. please , how I change the password of daloradius ( OS: Centos 7) ?

    ReplyDelete
    Replies
    1. The login information is located in operator table in MariaDB. You can change the password here.

      Delete
  4. Hello, first thanks for this tutorial!

    I followed step by step, but i get this error after logging in the GUI :
    Database connection error
    Error Message: DB Error: connect failed

    Do you know what it could be ?
    Giacomo

    ReplyDelete
    Replies
    1. Please check daloradius username/password in /var/www/html/daloradius/library/daloradius.conf.php file . Try to connect with MariaDB instance using username/password directly with mysql command.

      Delete
    2. Thanks for your reply, i fixed it!
      Another question, when i add users or Nas from Daloradius GUI i see no changes to the files clients.conf and users (i see no error messages). i am running a Vps with centos 7
      Am i doing something wrong?

      Giacomo

      Delete
    3. Please discuss it on our Facebook Page.

      Delete
    4. Hello there. I am having the same problem. I have tried to look into the conf file you mentioned above and there is like root / 123 for user/pwd combo. but nothing is working and i am getting the same error. i have also tried checking which version of PHP I am using and the version is 5. What should be wrong? I have tried all the combos. I can login using radius/123 with mysql cmd line. But the GUI is not working.

      Delete
    5. I am sorry I just fixed the error by myself. The error was caused due to the bad configuration. I was putting the root as DB user whereas I have to put "radius" as the DB user.

      Delete
    6. Hi,
      Fantastic tutorial, unfortunately I'm seeing the same problem. I realise that it's user error, but just can tee what?

      Here is the error I see:-

      $configValues['CONFIG_DB_PASS'] = '123'; Database connection error
      Error Message: DB Error: not found

      I would appreciate any help.

      Many thanks

      Delete
    7. Hi,

      Most probably it is a typo static error.

      Well, it is very difficult to guess the actual cause of this error. Although you can discuss it with me on Facebook and share the credentials, so I can access and see the configurations.

      Delete
  5. Hi I really appreciate the easy apprehensive tutorial.

    I was able to get to the last step but i am getting the error for logging the Daloradius website.
    It comes up with the login page but after I put the cred, it comes up with error

    This page isn’t working 172.17.51.52 is currently unable to handle this request.
    HTTP ERROR 500

    Do you know what could be cause of this?

    Thanks,

    ReplyDelete
    Replies
    1. Hi, Thanks for appreciation.

      HTTP ERROR 500 is a generic error. Please look for actual error in /var/log/httpd/error_log and /var/log/radius.log

      Delete
  6. Hi,
    When I try to login with credentials created using daloRADIUS I get following error:
    (5) sql: ERROR: rlm_sql_mysql: ERROR 1054 (Unknown column 'acctupdatetime' in 'field list'): 42S22
    Do You know how I can fix this?

    Thanks,

    ReplyDelete
    Replies
    1. Hi,
      Please ensure that you are using compatible versions of MySQL, FreeRadius and DaloRadius.

      Delete
  7. Hi Ahmer. When I browse http://server-IP/daloradius/, content shows a list of files. How can I solve this?

    If there isn't solution I want to remove daloradius, how can do it?

    Thanks for yor attention and help.

    ReplyDelete
    Replies
    1. Hi, Please contact me at my FB Page to discuss the problem in detail.

      Delete
    2. Hi , i have the exact same problem , did you manage to solve this?

      Delete
    3. Please discuss it with me on our Facebook page.

      Delete
  8. Thanks for this clear Tutorial, I can now explore the software, please what it's your facebook page for futher discussions?
    Server: CentOS 7.7
    MariaDB: 10.4
    FreeRadius: 3.0.13
    daloRadius: 1.1-2

    There is lot to do before pushing it on production. I plan to control PPPoE via daloRadius

    ReplyDelete
    Replies
    1. You are welcome.
      Our Facebook link is available at the top of this page.

      Delete
  9. hello, thanks for the great contribution.


    I reached the last step and after creating the user in the daloradius I get this answer from the Debug command:
    radiusd -X

    Sat Feb 22 19:26:45 2020 : Info: Dropping packet without response because of error: Received packet from 127.0.0.1 with invalid Message-Authenticator! (Shared secret is incorrect.)

    Pudiera ser la version de 64 bit de Centos?

    ReplyDelete
  10. hi, i configed but i see status disable on radius-services & mysql

    ReplyDelete
  11. Error: Ignoring request to auth address * port 1812 bound to server default from unknown client

    ReplyDelete
    Replies
    1. Need more details to identify the problem. Pls discuss it with me on our Facebook page.

      Delete
  12. Can you help me with this error?

    Database connection error
    Error Message: DB Error: extension not found

    ReplyDelete
Previous Post Next Post