Installing Daloradius and integrating with Ruckus SmartZone 2022 Updated


 

One of the most important services in a secure network is the Radius service. Today I will proceed to complete the installation on Ubuntu server 20.04.3 of Freeradius and Daloradius and connect to a Ruckus SmartZone. Please join me in this process to check all details about the installation process and if you have any questions you can ask in the comments of this post or in the video on YouTube.


This process has four steps: 

  • Installation of LAMP (Linux, Apache, Mysql, PHP)
  • Installation of Freeradius 3.0
  • Installation of Daloradius 1.3
  • Integration with Ruckus SmartZone 
  • Installing LAMP Stack 


APACHE

sudo apt -y install apache2 && sudo systemctl enable --now apache2 && sudo ufw allow WWW  


PHP

sudo apt -y install php libapache2-mod-php php-{gd,common,mail,mail-mime,mysql,pear,db,mbstring,xml,curl}


For this deployment a few things you must have in the count in the LAMP stack. The DB of Daloradius was developed to work in MYSQL 5.7 and if you work with a new version you must change a few things in the DB importing process.

sudo apt update && sudo apt install wget -y && wget https://dev.mysql.com/get/mysql-apt-config_0.8.12-1_all.deb 

 

To select the correct version follow the next steps 

sudo dpkg -i mysql-apt-config_0.8.12-1_all.deb



 





sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 467B942D3A79BD29

sudo apt-get update  

sudo apt install -f mysql-client=5.7* mysql-community-server=5.7* mysql-server=5.7*


Follow the mysql_secure_installation wizard to complete the installation of Mysql in accord with the security compliance in your organization 
sudo mysql_secure_installation


Now we are able to create the database and users for the Radius server on Mysql  

sudo mysql -u root -p


After login with user root and password to the MySQL, please execute the following commands to create the DB and users, please change it if you consider it accurate.    

CREATE DATABASE radius;

GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "Password1234!";

FLUSH PRIVILEGES;

quit; 

 

The second step in this procedure is the installation of Freeradius and for that reason, you must complete the following commands 

sudo apt -y install freeradius freeradius-mysql freeradius-utils wget unzip -y

sudo systemctl enable --now freeradius 

sudo ufw allow to any port 1812 proto udp && sudo ufw allow to any port 1813 proto udp

sudo -i

mysql -u root -p radius < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql

sudo ln -s /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-enabled/


At this moment we need to add comments to the tls section on the mods-enabled/slq file 

sudo nano /etc/freeradius/3.0/mods-enabled/sql


Find and modify the following lines according to your environment

server = "localhost"

port = 3306

login = "radius"

password = "Password1234!"

radius_db = "radius"

radius_db = "radius"

read_clients = yes

client_table = "nas"


Modify the permission of the mods-available files and reload the Freeradius service

sudo chgrp -h freerad /etc/freeradius/3.0/mods-available/sql && sudo chown -R freerad:freerad /etc/freeradius/3.0/mods-enabled/sql 

sudo systemctl restart freeradius.service

Three files must be modified to allow the correct operation in the radius server: 


/etc/freeradius/3.0/radiusd.conf

/etc/freeradius/3.0/sites-available/default

/etc/freeradius/3.0/mods-available/sql


Go to the radiusd.conf find the lines and modified the next parameters:

auth = yes

auth_badpass = yes 

auth_goodpass = yes 

Go to the /etc/freeradius/3.0/sites-available/default find the lines and modified the next parameters:

Authorization Queries







Go to the /etc/freeradius/3.0/mods-available/sql find the lines and modified the next parameters:

driver = rlm_sql_mysql

dialect = "mysql"

Connection info uncomment 

password = "Password1234!"

read_clients = yes 

By the moment we must disable the TLS on the SQL section, in a next entry I will enable this parameter



At this point, the installation of Freeradius was completed. Now we must proceed to download Daloradius and add the Daloradius Schemes to the radius database 

wget https://github.com/lirantal/daloradius/archive/master.zip

unzip master.zip

cd daloradius-master

sudo mysql -u root -p radius < contrib/db/fr2-mysql-daloradius-and-freeradius.sql

sudo mysql -u root -p radius < contrib/db/mysql-daloradius.sql

Now we must publish the Daloradius portal on the Apache webserver previously installed 

cd ..

sudo mv daloradius-master /var/www/html/daloradius 

sudo chown -R www-data:www-data /var/www/html/daloradius/

sudo cp /var/www/html/daloradius/library/daloradius.conf.php.sample /var/www/html/daloradius/library/daloradius.conf.php

sudo chmod 664 /var/www/html/daloradius/library/daloradius.conf.php

sudo nano /var/www/html/daloradius/library/daloradius.conf.php


Find the following lines and modified according to your parameters 

$configValues['CONFIG_DB_USER'] = 'radius';

$configValues['CONFIG_DB_PASS'] = 'Password1234!';

$configValues['CONFIG_DB_NAME'] = 'radius'


sudo systemctl restart freeradius.service apache2

For some reason, the accounting is not working well in this version and I must replace the radacct table in the radius database to make it works, if you are having issues with the accounting follow the next steps:  

mysql -u root -p 

       USE radius; 

DROP TABLE radacct;

CREATE TABLE radacct (

  radacctid bigint(21) NOT NULL auto_increment,

  acctsessionid varchar(64) NOT NULL default '',

  acctuniqueid varchar(32) NOT NULL default '',

  username varchar(64) NOT NULL default '',

  groupname varchar(64) NOT NULL default '',

  realm varchar(64) default '',

  nasipaddress varchar(15) NOT NULL default '',

  nasportid varchar(32) default NULL,

  nasporttype varchar(32) default NULL,

  acctstarttime datetime NULL default NULL,

  acctupdatetime datetime NULL default NULL,

  acctstoptime datetime NULL default NULL,

  acctinterval int(12) default NULL,

  acctsessiontime int(12) unsigned default NULL,

  acctauthentic varchar(32) default NULL,

  connectinfo_start varchar(50) default NULL,

  connectinfo_stop varchar(50) default NULL,

  acctinputoctets bigint(20) default NULL,

  acctoutputoctets bigint(20) default NULL,

  calledstationid varchar(50) NOT NULL default '',

  callingstationid varchar(50) NOT NULL default '',

  acctterminatecause varchar(32) NOT NULL default '',

  servicetype varchar(32) default NULL,

  framedprotocol varchar(32) default NULL,

  framedipaddress varchar(15) NOT NULL default '',

  framedipv6address varchar(45) NOT NULL default '',

  framedipv6prefix varchar(45) NOT NULL default '',

  framedinterfaceid varchar(44) NOT NULL default '',

  delegatedipv6prefix varchar(45) NOT NULL default '',

  class varchar(64) default NULL,

  PRIMARY KEY (radacctid),

  UNIQUE KEY acctuniqueid (acctuniqueid),

  KEY username (username),

  KEY framedipaddress (framedipaddress),

  KEY framedipv6address (framedipv6address),

  KEY framedipv6prefix (framedipv6prefix),

  KEY framedinterfaceid (framedinterfaceid),

  KEY delegatedipv6prefix (delegatedipv6prefix),

  KEY acctsessionid (acctsessionid),

  KEY acctsessiontime (acctsessiontime),

  KEY acctstarttime (acctstarttime),

  KEY acctinterval (acctinterval),

  KEY acctstoptime (acctstoptime),

  KEY nasipaddress (nasipaddress),

  INDEX bulk_close (acctstoptime, nasipaddress, acctstarttime)

) ENGINE = INNODB;

exit;


sudo systemctl restart freeradius.service apache2


Now you can go to the web interface of the Daloradius 



Post a Comment

0 Comments