RADIUS (Remote Authentication and Dial-In User Service) is network protocol and software that authenticate dial-in users and authorize their access to the requested service. RADIUS provides centralized Authentication, Authorization and Accounting (AAA) management for a user, who connect and use a network service. RADIUS allows an organization to maintain user profiles in a central database that all remote servers can share.
RADIUS servers are mostly used by ISPs (Internet Service Providers) to manage access to the Internet.
freeRADIUS is an free and open-source software to implement RADIUS services. freeRADIUS does not have any native web interface. But we have many third-party web interfaces are available to use with freeRADIUS.
daloRADIUS is a easy to use, but advanced RADIUS web interface, that aimed at managing hotspots and general-purpose ISP deployments. daloRADIUS is written in PHP and supports famous database systems.
In this article, we will install freeRADIUS and daloRADIUS on CentOS 7 without disabling SELinux.
This article emphasize on the installation and initial configuration of freeRADIUS and daloRADIUS on CentOS 7. If you want to know, how to use freeRADIUS or daloRADIUS, then we recommend you to read FreeRADIUS Beginner's Guide and daloRADIUS User Guide (Volume 1).
Table of Contents:
- System Specification
- Installing prerequisite packages
- Installing MariaDB on CentOS 7
- Installing Apache Web Server on CentOS 7
- Installing PHP on CentOS 7
- Installing freeRADIUS on CentOS 7
- Configure freeRADIUS to use MariaDB database
- Installing daloRADIUS on CentOS 7
System Specification:
We are using a CentOS 7 virtual machine with following specifications:
- Hostname - radius-01.example.com
- IP Address - 192.168.116.158 /24
- Operating System - CentOS 7.6
- freeRADIUS version - 3.0
- daloRADIUS version - 1.0
Installing prerequisite packages:
Connect with radius-01.example.com using ssh as root user.
We will require some utiliies during installation of freeRADIUS and daloRADIUS, therefore, we are installing them now, using yum command.
# yum install -y wget unzip
Some prereqiusite packages are available through extras yum repository, therefore, we are installing EPEL (Extra Packages for Enterprise Linux) yum repository.
# yum install -y epel-release
Build yum cache using following command.
# yum makecache fast
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
epel/x86_64/metalink | 4.6 kB 00:00
* base: centos.mirror.net.in
* epel: mirror.horizon.vn
* extras: centos.mirror.net.in
* updates: centos.mirror.net.in
base | 3.6 kB 00:02
extras | 3.4 kB 00:00
mariadb | 2.9 kB 00:00
updates | 3.4 kB 00:00
Metadata Cache Created
Installing MariaDB on CentOS 7:
Follow my previous article to install latest version of MariaDB.
After installation, connect with MariaDB database as root user.
# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 16
Server version: 10.3.14-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
Create a database, that serves as the repository for our RADIUS server.
MariaDB [(none)]> create database radius;
Query OK, 1 row affected (0.001 sec)
Create a database owner for radius database.
MariaDB [(none)]> grant all on radius.* to radius@localhost identified by '123';
Query OK, 0 rows affected (0.001 sec)
Reload privileges tables.
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.001 sec)
Exit from MariaDB prompt.
MariaDB [(none)]> exit
Bye
Installing Apache Web Server on CentOS 7:
daloRADIUS is a web application developed in PHP. Therefore, we need Apache Web Server with PHP to deploy daloRADIUS.
Install Apache Web Server using yum command.
# yum install -y httpd
Start and enable httpd.service.
# systemctl enable httpd.service Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service. # systemctl start httpd.service
Apache Webserver has been configured successfully. It is advised that, you should read our previous article Chroot Apache Web Server in CentOS 7 to increase the security.
Installing PHP on CentOS 7:
Install PHP (Hypertext Preprocessor) and related packages using yum command.
# yum install -y php php-mysql php-pear php-devel php-common php-gd php-mbstring php-mcrypt php-xml php-pear-DB
Restart httpd.service to load changes, made by PHP installation.
# systemctl restart httpd.service
Installing freeRADIUS on CentOS 7:
freeRADIUS and relevant packages are available through CentOS base repository. Therefore, we can easily install it using yum command.
# yum install -y freeradius freeradius-utils freeradius-mysql
Start and enable radiusd.service.
# systemctl start radiusd.service # systemctl enable radiusd.service Created symlink from /etc/systemd/system/multi-user.target.wants/radiusd.service to /usr/lib/systemd/system/radiusd.service.
Allow RADIUS service in Linux firewall.
# firewall-cmd --permanent --add-service=radius success # firewall-cmd --reload success
Configure freeRADIUS to use MariaDB database:
By default, freeRADIUS uses flat-files to store data. Therefore, we have to configure it to use MariaDB database as its repository.
Use the following script to create database objects.
# mysql -u root -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql
Enter password:
You can either copy sql module from /etc/raddb/mods-available/sql or create using following script.
# vi /etc/raddb/mods-enabled/sql
Add following lines therein:
sql {
driver = "rlm_sql_mysql"
dialect = "mysql"
# Connection info:
server = "localhost"
port = 3306
login = "radius"
password = "123"
# Database table configuration for everything except Oracle
radius_db = "radius"
}
# Set to "yes" to read radius clients from the database ("nas" table)
# Clients will ONLY be read on server startup.
read_clients = yes
# Table to keep radius client info
client_table = "nas"
Adjust file permissions.
# chgrp -h radiusd /etc/raddb/mods-enabled/sql
Restart radiusd.service.
# systemctl restart radiusd.service
Installing daloRADIUS on CentOS 7:
daloRADIUS is open source and distributed under GPL 2.0 license. It’s complete source is available at GitHub.
# wget https://github.com/lirantal/daloradius/archive/master.zip
--2019-04-25 19:37:59-- https://codeload.github.com/lirantal/daloradius/zip/master
Resolving codeload.github.com (codeload.github.com)... 192.30.253.121, 192.30.253.120
Connecting to codeload.github.com (codeload.github.com)|192.30.253.121|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/zip]
Saving to: âmaster.zip.1â
[ <=> ] 5,447,362 386KB/s in 14s
2019-04-25 19:38:14 (375 KB/s) - âmaster.zip.1â saved [5447362]
Unzip downloaded file.
# unzip master.zip
Place the extracted directory at the document root of Apache Web server.
# rm -f master.zip # mv daloradius-master/ /var/www/html/daloradius
Restore SELinux security context as follows.
# restorecon -Rv /var/www/html/daloradius/
Adjust permissions and ownership of daloRADIUS software.
# chown -R apache:apache /var/www/html/daloradius # chmod -R 664 /var/www/html/daloradius/library/daloradius.conf.php
Allow HTTP service in Linux firewall.
# firewall-cmd --permanent --add-service=http success # firewall-cmd --reload success
Create daloRADIUS objects in MariaDB database.
# mysql -u root -p radius < /var/www/html/daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql Enter password: # mysql -u root -p radius < /var/www/html/daloradius/contrib/db/mysql-daloradius.sql Enter password:
Edit daloRADIUS configuration file.
# vi /var/www/html/daloradius/library/daloradius.conf.php
and define MariaDB database password in it.
$configValues['CONFIG_DB_PASS'] = '123';
Browse URL http://radius-01.example.com/daloradius using a client's browser.
Login using default credentials i.e.
Username: administrator
Password: radius
freeRADIUS and daloRADIUS has been installed on CentOS 7.
