FreeRadius 3.0.x Installation and configuration with Mysql
This document describes how to setup a FreeRADIUS server. A MySQL server is used as backend and for the user accounting.
RADIUS is an industry-standard protocol for providing authentication, authorization, and accounting services.
Installation:
Download freeradius source from http://freeradius.org/
tar -xzvf freeradius-server-3.0.3.tar.gz
cd freeradius
mkdir -p /opt/freeradius
./configure --with-mysql-lib-dir=/usr/lib64/mysql --prefix=/opt/freeradius
make
sudo make install
sudo ldconfig
Configuration:
1.Create softlink for modules that you want to add.
cd /opt/freeradius/etc/raddb/mods-enabled/
ln -s ../mods-available/sql ./
ln -s ../mods-available/redis ./
ln -s ../mods-available/rediswho ./
2.Edit /opt/freeradius/etc/raddb/radiusd.conf
modules {
$INCLUDE mods-enabled/
}
3. Enable SQL configuration in the default enabled site /opt/freeradius/etc/raddb/sites-available/default:
authorize {
…
sql
…
}
accounting {
…
sql
…
}
session {
…
sql
…
}
post-auth {
…
sql
…
}
Post-Auth-Type REJECT {
sql
}
Now on to MySQL setup. First, create a database where FreeRADIUS will store AAA data. We’ll call it radius:
mysql -uroot -p -e 'CREATE DATABASE radius; GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "1qa2ws3ed";'
mysql -uroot -p radius < /opt/freeradius/etc/raddb/mods-config/sql/main/mysql/schema.sql
4.Configure SQL module /opt/freeradius/etc/raddb/mods-available/sql and change the database connection parameters to suite your environment:
sql {
driver = “rlm_sql_mysql”
server = “192.168.1.1”
port = 3306
login = “radius”
password = “radiuspwd”
# Database table configuration for everything except Oracle
radius_db = “radius”
}
# Set to ‘yes’ to read radius clients from the database (‘nas’ table)
# Clients will ONLY be read on server startup.
read_clients = yes
# Table to keep radius client info
client_table = “nas”
5.Configure AAA queries (edit /mods-config/sql/main/mysql/queries.conf)
Test to see if Free Radius works by issuing the following command:
/opt/freeradius/sbin/radiusd -X
This will start FreeRadius in debug mode ( To stop it -> Ctrl+c).
FreeRADIUS has a start-up script. The following will ensure automatic start-up between reboots.
sudo cp /opt/freeradius/sbin/rc.radiusd /etc/init.d/radiusd
sudo update-rc.d radiusd start 80 2 3 4 5 . stop 20 0 1 6 .
6. Add user and test
Add new user:
mysql> INSERT INTO `radcheck` (`id`, `username`, `attribute`, `op`, `value`) VALUES (1,'testuser','Cleartext-Password',':=','secretmysql');
Test: /opt/freeradius/bin/radtest testuser secretmysql localhost 0 testing123
FreeRadius Detail logs under /usr/local/freeradius-server-3.0.3/var/log/radius/radacct/
NOTE: package mysql-devel or XXXXX-devel is very important to enable support by freeradius
RADIUS is an industry-standard protocol for providing authentication, authorization, and accounting services.
- Authentication is the process of verifying a user’s identity and associating additional information (attributes) to the user’s login session.
- Authorization is the process of determining whether the user is allowed on the network and controlling network access values based on a defined security policy.
- Accounting is the process of generating log files that record session statistics used for billing, system diagnosis, and usage planning.
Installation:
Download freeradius source from http://freeradius.org/
tar -xzvf freeradius-server-3.0.3.tar.gz
cd freeradius
mkdir -p /opt/freeradius
./configure --with-mysql-lib-dir=/usr/lib64/mysql --prefix=/opt/freeradius
make
sudo make install
sudo ldconfig
Configuration:
1.Create softlink for modules that you want to add.
cd /opt/freeradius/etc/raddb/mods-enabled/
ln -s ../mods-available/sql ./
ln -s ../mods-available/redis ./
ln -s ../mods-available/rediswho ./
2.Edit /opt/freeradius/etc/raddb/radiusd.conf
modules {
$INCLUDE mods-enabled/
}
3. Enable SQL configuration in the default enabled site /opt/freeradius/etc/raddb/sites-available/default:
authorize {
…
sql
…
}
accounting {
…
sql
…
}
session {
…
sql
…
}
post-auth {
…
sql
…
}
Post-Auth-Type REJECT {
sql
}
Now on to MySQL setup. First, create a database where FreeRADIUS will store AAA data. We’ll call it radius:
mysql -uroot -p -e 'CREATE DATABASE radius; GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "1qa2ws3ed";'
mysql -uroot -p radius < /opt/freeradius/etc/raddb/mods-config/sql/main/mysql/schema.sql
4.Configure SQL module /opt/freeradius/etc/raddb/mods-available/sql and change the database connection parameters to suite your environment:
sql {
driver = “rlm_sql_mysql”
server = “192.168.1.1”
port = 3306
login = “radius”
password = “radiuspwd”
# Database table configuration for everything except Oracle
radius_db = “radius”
}
# Set to ‘yes’ to read radius clients from the database (‘nas’ table)
# Clients will ONLY be read on server startup.
read_clients = yes
# Table to keep radius client info
client_table = “nas”
5.Configure AAA queries (edit /mods-config/sql/main/mysql/queries.conf)
Test to see if Free Radius works by issuing the following command:
/opt/freeradius/sbin/radiusd -X
This will start FreeRadius in debug mode ( To stop it -> Ctrl+c).
FreeRADIUS has a start-up script. The following will ensure automatic start-up between reboots.
sudo cp /opt/freeradius/sbin/rc.radiusd /etc/init.d/radiusd
sudo update-rc.d radiusd start 80 2 3 4 5 . stop 20 0 1 6 .
6. Add user and test
Add new user:
mysql> INSERT INTO `radcheck` (`id`, `username`, `attribute`, `op`, `value`) VALUES (1,'testuser','Cleartext-Password',':=','secretmysql');
Test: /opt/freeradius/bin/radtest testuser secretmysql localhost 0 testing123
FreeRadius Detail logs under /usr/local/freeradius-server-3.0.3/var/log/radius/radacct/
NOTE: package mysql-devel or XXXXX-devel is very important to enable support by freeradius
Nhận xét
Đăng nhận xét