RADIUS (Remote Authentication and Dial-In User Service) is network protocol and software that authenticate dial-in users and authorize their access to the requested service. RADIUS provides centralized Authentication, Authorization and Accounting (AAA) management for a user, who connect and use a network service. RADIUS allows an organization to maintain user profiles in a central database that all remote servers can share.
RADIUS servers are mostly used by ISPs (Internet Service Providers) to manage access to the Internet.
freeRADIUS is an free and open-source software to implement RADIUS services. freeRADIUS does not have any native web interface. But we have many third-party web interfaces are available to use with freeRADIUS.
daloRADIUS is a easy to use, but advanced RADIUS web interface, that aimed at managing hotspots and general-purpose ISP deployments. daloRADIUS is written in PHP and supports famous database systems.
In this article, we will install freeRADIUS and daloRADIUS on CentOS 7 without disabling SELinux.
This article emphasize on the installation and initial configuration of freeRADIUS and daloRADIUS on CentOS 7. If you want to know, how to use freeRADIUS or daloRADIUS, then we recommend you to read FreeRADIUS Beginner's Guide (PAID LINK) and daloRADIUS User Guide (Volume 1) (PAID LINK).
Table of Contents:
- System Specification
- Installing prerequisite packages
- Installing MariaDB on CentOS 7
- Installing Apache Web Server on CentOS 7
- Installing PHP on CentOS 7
- Installing freeRADIUS on CentOS 7
- Configure freeRADIUS to use MariaDB database
- Installing daloRADIUS on CentOS 7
System Specification:
We are using a CentOS 7 virtual machine with following specifications:
- Hostname - radius-01.example.com
- IP Address - 192.168.116.158 /24
- Operating System - CentOS 7.6
- freeRADIUS version - 3.0
- daloRADIUS version - 1.0
Installing prerequisite packages:
Connect with radius-01.example.com using ssh as root user.
We will require some utiliies during installation of freeRADIUS and daloRADIUS, therefore, we are installing them now, using yum command.
# yum install -y wget unzip
Some prereqiusite packages are available through extras yum repository, therefore, we are installing EPEL (Extra Packages for Enterprise Linux) yum repository.
# yum install -y epel-release
Build yum cache using following command.
# yum makecache fast
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
epel/x86_64/metalink | 4.6 kB 00:00
* base: centos.mirror.net.in
* epel: mirror.horizon.vn
* extras: centos.mirror.net.in
* updates: centos.mirror.net.in
base | 3.6 kB 00:02
extras | 3.4 kB 00:00
mariadb | 2.9 kB 00:00
updates | 3.4 kB 00:00
Metadata Cache Created
Installing MariaDB on CentOS 7:
Follow my previous article to install latest version of MariaDB.
After installation, connect with MariaDB database as root user.
# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 16
Server version: 10.3.14-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
Create a database, that serves as the repository for our RADIUS server.
MariaDB [(none)]> create database radius;
Query OK, 1 row affected (0.001 sec)
Create a database owner for radius database.
MariaDB [(none)]> grant all on radius.* to radius@localhost identified by '123';
Query OK, 0 rows affected (0.001 sec)
Reload privileges tables.
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.001 sec)
Exit from MariaDB prompt.
MariaDB [(none)]> exit
Bye
Installing Apache Web Server on CentOS 7:
daloRADIUS is a web application developed in PHP. Therefore, we need Apache Web Server with PHP to deploy daloRADIUS.
Install Apache Web Server using yum command.
# yum install -y httpd
Start and enable httpd.service.
# systemctl enable httpd.service Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service. # systemctl start httpd.service
Apache Webserver has been configured successfully. It is advised that, you should read our previous article Chroot Apache Web Server in CentOS 7 to increase the security.
Installing PHP on CentOS 7:
Install PHP (Hypertext Preprocessor) and related packages using yum command.
# yum install -y php php-mysql php-pear php-devel php-common php-gd php-mbstring php-mcrypt php-xml php-pear-DB
Restart httpd.service to load changes, made by PHP installation.
# systemctl restart httpd.service
Installing freeRADIUS on CentOS 7:
freeRADIUS and relevant packages are available through CentOS base repository. Therefore, we can easily install it using yum command.
# yum install -y freeradius freeradius-utils freeradius-mysql
Start and enable radiusd.service.
# systemctl start radiusd.service # systemctl enable radiusd.service Created symlink from /etc/systemd/system/multi-user.target.wants/radiusd.service to /usr/lib/systemd/system/radiusd.service.
Allow RADIUS service in Linux firewall.
# firewall-cmd --permanent --add-service=radius success # firewall-cmd --reload success
Configure freeRADIUS to use MariaDB database:
By default, freeRADIUS uses flat-files to store data. Therefore, we have to configure it to use MariaDB database as its repository.
Use the following script to create database objects.
# mysql -u root -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql
Enter password:
You can either copy sql module from /etc/raddb/mods-available/sql or create using following script.
# vi /etc/raddb/mods-enabled/sql
Add following lines therein:
sql {
driver = "rlm_sql_mysql"
dialect = "mysql"
# Connection info:
server = "localhost"
port = 3306
login = "radius"
password = "123"
# Database table configuration for everything except Oracle
radius_db = "radius"
}
# Set to "yes" to read radius clients from the database ("nas" table)
# Clients will ONLY be read on server startup.
read_clients = yes
# Table to keep radius client info
client_table = "nas"
Adjust file permissions.
# chgrp -h radiusd /etc/raddb/mods-enabled/sql
Restart radiusd.service.
# systemctl restart radiusd.service
Installing daloRADIUS on CentOS 7:
daloRADIUS is open source and distributed under GPL 2.0 license. It’s complete source is available at GitHub.
# wget https://github.com/lirantal/daloradius/archive/master.zip
--2019-04-25 19:37:59-- https://codeload.github.com/lirantal/daloradius/zip/master
Resolving codeload.github.com (codeload.github.com)... 192.30.253.121, 192.30.253.120
Connecting to codeload.github.com (codeload.github.com)|192.30.253.121|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/zip]
Saving to: âmaster.zip.1â
[ <=> ] 5,447,362 386KB/s in 14s
2019-04-25 19:38:14 (375 KB/s) - âmaster.zip.1â saved [5447362]
Unzip downloaded file.
# unzip master.zip
Place the extracted directory at the document root of Apache Web server.
# rm -f master.zip # mv daloradius-master/ /var/www/html/daloradius
Restore SELinux security context as follows.
# restorecon -Rv /var/www/html/daloradius/
Adjust permissions and ownership of daloRADIUS software.
# chown -R apache:apache /var/www/html/daloradius # chmod -R 664 /var/www/html/daloradius/library/daloradius.conf.php
Allow HTTP service in Linux firewall.
# firewall-cmd --permanent --add-service=http success # firewall-cmd --reload success
Create daloRADIUS objects in MariaDB database.
# mysql -u root -p radius < /var/www/html/daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql Enter password: # mysql -u root -p radius < /var/www/html/daloradius/contrib/db/mysql-daloradius.sql Enter password:
Edit daloRADIUS configuration file.
# vi /var/www/html/daloradius/library/daloradius.conf.php
and define MariaDB database password in it.
$configValues['CONFIG_DB_PASS'] = '123';
Browse URL http://radius-01.example.com/daloradius using a client's browser.
Login using default credentials i.e.
Username: administrator
Password: radius
freeRADIUS and daloRADIUS has been installed on CentOS 7.
Hi Dear
ReplyDeleteHope you are good
when i apply the command below i got error :
chgrp: cannot access '/etc/raddb/mods-enabled/sql': No such file or directoryhgrp -h radiusd /etc/raddb/mods-enabled/sql
what is the solution for this
Hi,
DeleteThanks for highlighting the problem.
The above article has been corrected now.
You can continue from the step "Configure freeRADIUS to use MariaDB database:".
Hi,
ReplyDeleteDo you think you could explain how to get the logs working following installation as they show as unreadable in the gui and services show as disabled
Check the user rights and SELinux file contexts on the log files.
Deleteplease , how I change the password of daloradius ( OS: Centos 7) ?
ReplyDeleteThe login information is located in operator table in MariaDB. You can change the password here.
DeleteHello, first thanks for this tutorial!
ReplyDeleteI followed step by step, but i get this error after logging in the GUI :
Database connection error
Error Message: DB Error: connect failed
Do you know what it could be ?
Giacomo
Please check daloradius username/password in /var/www/html/daloradius/library/daloradius.conf.php file . Try to connect with MariaDB instance using username/password directly with mysql command.
DeleteThanks for your reply, i fixed it!
DeleteAnother question, when i add users or Nas from Daloradius GUI i see no changes to the files clients.conf and users (i see no error messages). i am running a Vps with centos 7
Am i doing something wrong?
Giacomo
Please discuss it on our Facebook Page.
DeleteHello there. I am having the same problem. I have tried to look into the conf file you mentioned above and there is like root / 123 for user/pwd combo. but nothing is working and i am getting the same error. i have also tried checking which version of PHP I am using and the version is 5. What should be wrong? I have tried all the combos. I can login using radius/123 with mysql cmd line. But the GUI is not working.
DeleteI am sorry I just fixed the error by myself. The error was caused due to the bad configuration. I was putting the root as DB user whereas I have to put "radius" as the DB user.
DeleteThat's good.
DeleteHi,
DeleteFantastic tutorial, unfortunately I'm seeing the same problem. I realise that it's user error, but just can tee what?
Here is the error I see:-
$configValues['CONFIG_DB_PASS'] = '123'; Database connection error
Error Message: DB Error: not found
I would appreciate any help.
Many thanks
Hi,
DeleteMost probably it is a typo static error.
Well, it is very difficult to guess the actual cause of this error. Although you can discuss it with me on Facebook and share the credentials, so I can access and see the configurations.
Hi I really appreciate the easy apprehensive tutorial.
ReplyDeleteI was able to get to the last step but i am getting the error for logging the Daloradius website.
It comes up with the login page but after I put the cred, it comes up with error
This page isn’t working 172.17.51.52 is currently unable to handle this request.
HTTP ERROR 500
Do you know what could be cause of this?
Thanks,
Hi, Thanks for appreciation.
DeleteHTTP ERROR 500 is a generic error. Please look for actual error in /var/log/httpd/error_log and /var/log/radius.log
Hi,
ReplyDeleteWhen I try to login with credentials created using daloRADIUS I get following error:
(5) sql: ERROR: rlm_sql_mysql: ERROR 1054 (Unknown column 'acctupdatetime' in 'field list'): 42S22
Do You know how I can fix this?
Thanks,
Hi,
DeletePlease ensure that you are using compatible versions of MySQL, FreeRadius and DaloRadius.
Hi Ahmer. When I browse http://server-IP/daloradius/, content shows a list of files. How can I solve this?
ReplyDeleteIf there isn't solution I want to remove daloradius, how can do it?
Thanks for yor attention and help.
Hi, Please contact me at my FB Page to discuss the problem in detail.
DeleteHi , i have the exact same problem , did you manage to solve this?
DeletePlease discuss it with me on our Facebook page.
DeleteThanks for this clear Tutorial, I can now explore the software, please what it's your facebook page for futher discussions?
ReplyDeleteServer: CentOS 7.7
MariaDB: 10.4
FreeRadius: 3.0.13
daloRadius: 1.1-2
There is lot to do before pushing it on production. I plan to control PPPoE via daloRadius
You are welcome.
DeleteOur Facebook link is available at the top of this page.
hello, thanks for the great contribution.
ReplyDeleteI reached the last step and after creating the user in the daloradius I get this answer from the Debug command:
radiusd -X
Sat Feb 22 19:26:45 2020 : Info: Dropping packet without response because of error: Received packet from 127.0.0.1 with invalid Message-Authenticator! (Shared secret is incorrect.)
Pudiera ser la version de 64 bit de Centos?
Please discuss it on our Facebook Page.
Deletehi, i configed but i see status disable on radius-services & mysql
ReplyDeletePlease discuss it on our Facebook Page.
DeleteError: Ignoring request to auth address * port 1812 bound to server default from unknown client
ReplyDeleteNeed more details to identify the problem. Pls discuss it with me on our Facebook page.
DeleteCan you help me with this error?
ReplyDeleteDatabase connection error
Error Message: DB Error: extension not found
What OS and PHP versions you are using?
Delete