One of the most important services in a secure network is the Radius service. Today I will proceed to complete the installation on Ubuntu server 20.04.3 of Freeradius and Daloradius and connect to a Ruckus SmartZone. Please join me in this process to check all details about the installation process and if you have any questions you can ask in the comments of this post or in the video on YouTube.
This process has four steps:
- Installation of LAMP (Linux, Apache, Mysql, PHP)
- Installation of Freeradius 3.0
- Installation of Daloradius 1.3
- Integration with Ruckus SmartZone
- Installing LAMP Stack
APACHE
sudo apt -y install apache2 && sudo systemctl enable --now apache2 && sudo ufw allow WWW
PHP
sudo apt -y install php libapache2-mod-php php-{gd,common,mail,mail-mime,mysql,pear,db,mbstring,xml,curl}
For this deployment a few things you must have in the count in the LAMP stack. The DB of Daloradius was developed to work in MYSQL 5.7 and if you work with a new version you must change a few things in the DB importing process.
sudo apt update && sudo apt install wget -y && wget https://dev.mysql.com/get/mysql-apt-config_0.8.12-1_all.deb
To select the correct version follow the next steps
sudo dpkg -i mysql-apt-config_0.8.12-1_all.deb
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 467B942D3A79BD29
sudo apt-get update
sudo apt install -f mysql-client=5.7* mysql-community-server=5.7* mysql-server=5.7*
sudo mysql_secure_installation
Now we are able to create the database and users for the Radius server on Mysql
sudo mysql -u root -p
After login with user root and password to the MySQL, please execute the following commands to create the DB and users, please change it if you consider it accurate.
CREATE DATABASE radius;
GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "Password1234!";
FLUSH PRIVILEGES;
quit;
The second step in this procedure is the installation of Freeradius and for that reason, you must complete the following commands
sudo apt -y install freeradius freeradius-mysql freeradius-utils wget unzip -y
sudo systemctl enable --now freeradius
sudo ufw allow to any port 1812 proto udp && sudo ufw allow to any port 1813 proto udp
sudo -i
mysql -u root -p radius < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql
sudo ln -s /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-enabled/
At this moment we need to add comments to the tls section on the mods-enabled/slq file
sudo nano /etc/freeradius/3.0/mods-enabled/sql
Find and modify the following lines according to your environment
server = "localhost"
port = 3306
login = "radius"
password = "Password1234!"
radius_db = "radius"
radius_db = "radius"
read_clients = yes
client_table = "nas"
Modify the permission of the mods-available files and reload the Freeradius service
sudo chgrp -h freerad /etc/freeradius/3.0/mods-available/sql && sudo chown -R freerad:freerad /etc/freeradius/3.0/mods-enabled/sql
sudo systemctl restart freeradius.service
Three files must be modified to allow the correct operation in the radius server:
/etc/freeradius/3.0/radiusd.conf
/etc/freeradius/3.0/sites-available/default
/etc/freeradius/3.0/mods-available/sql
Go to the radiusd.conf find the lines and modified the next parameters:
auth = yes
auth_badpass = yes
auth_goodpass = yes
Go to the /etc/freeradius/3.0/sites-available/default find the lines and modified the next parameters:
Authorization Queries
Go to the /etc/freeradius/3.0/mods-available/sql find the lines and modified the next parameters:
driver = rlm_sql_mysql
dialect = "mysql"
Connection info uncomment
password = "Password1234!"
read_clients = yes
By the moment we must disable the TLS on the SQL section, in a next entry I will enable this parameter
At this point, the installation of Freeradius was completed. Now we must proceed to download Daloradius and add the Daloradius Schemes to the radius database
wget https://github.com/lirantal/daloradius/archive/master.zip
unzip master.zip
cd daloradius-master
sudo mysql -u root -p radius < contrib/db/fr2-mysql-daloradius-and-freeradius.sql
sudo mysql -u root -p radius < contrib/db/mysql-daloradius.sql
Now we must publish the Daloradius portal on the Apache webserver previously installed
cd ..
sudo mv daloradius-master /var/www/html/daloradius
sudo chown -R www-data:www-data /var/www/html/daloradius/
sudo cp /var/www/html/daloradius/library/daloradius.conf.php.sample /var/www/html/daloradius/library/daloradius.conf.php
sudo chmod 664 /var/www/html/daloradius/library/daloradius.conf.php
sudo nano /var/www/html/daloradius/library/daloradius.conf.php
Find the following lines and modified according to your parameters
$configValues['CONFIG_DB_USER'] = 'radius';
$configValues['CONFIG_DB_PASS'] = 'Password1234!';
$configValues['CONFIG_DB_NAME'] = 'radius'
sudo systemctl restart freeradius.service apache2
For some reason, the accounting is not working well in this version and I must replace the radacct table in the radius database to make it works, if you are having issues with the accounting follow the next steps:
mysql -u root -p
USE radius;
DROP TABLE radacct;
CREATE TABLE radacct (
radacctid bigint(21) NOT NULL auto_increment,
acctsessionid varchar(64) NOT NULL default '',
acctuniqueid varchar(32) NOT NULL default '',
username varchar(64) NOT NULL default '',
groupname varchar(64) NOT NULL default '',
realm varchar(64) default '',
nasipaddress varchar(15) NOT NULL default '',
nasportid varchar(32) default NULL,
nasporttype varchar(32) default NULL,
acctstarttime datetime NULL default NULL,
acctupdatetime datetime NULL default NULL,
acctstoptime datetime NULL default NULL,
acctinterval int(12) default NULL,
acctsessiontime int(12) unsigned default NULL,
acctauthentic varchar(32) default NULL,
connectinfo_start varchar(50) default NULL,
connectinfo_stop varchar(50) default NULL,
acctinputoctets bigint(20) default NULL,
acctoutputoctets bigint(20) default NULL,
calledstationid varchar(50) NOT NULL default '',
callingstationid varchar(50) NOT NULL default '',
acctterminatecause varchar(32) NOT NULL default '',
servicetype varchar(32) default NULL,
framedprotocol varchar(32) default NULL,
framedipaddress varchar(15) NOT NULL default '',
framedipv6address varchar(45) NOT NULL default '',
framedipv6prefix varchar(45) NOT NULL default '',
framedinterfaceid varchar(44) NOT NULL default '',
delegatedipv6prefix varchar(45) NOT NULL default '',
class varchar(64) default NULL,
PRIMARY KEY (radacctid),
UNIQUE KEY acctuniqueid (acctuniqueid),
KEY username (username),
KEY framedipaddress (framedipaddress),
KEY framedipv6address (framedipv6address),
KEY framedipv6prefix (framedipv6prefix),
KEY framedinterfaceid (framedinterfaceid),
KEY delegatedipv6prefix (delegatedipv6prefix),
KEY acctsessionid (acctsessionid),
KEY acctsessiontime (acctsessiontime),
KEY acctstarttime (acctstarttime),
KEY acctinterval (acctinterval),
KEY acctstoptime (acctstoptime),
KEY nasipaddress (nasipaddress),
INDEX bulk_close (acctstoptime, nasipaddress, acctstarttime)
) ENGINE = INNODB;
exit;
sudo systemctl restart freeradius.service apache2
Now you can go to the web interface of the Daloradius
0 Comments