FreeRadius 3.0.x Installation and configuration with Mysql



This document describes how to setup a FreeRADIUS server. A MySQL server is used as backend and for the user accounting.
RADIUS is an industry-standard protocol for providing authentication, authorization, and accounting services.
  • Authentication is the process of verifying a user’s identity and associating additional information (attributes) to the user’s login session.
  • Authorization is the process of determining whether the user is allowed on the network and controlling network access values based on a defined security policy.
  • Accounting is the process of generating log files that record session statistics used for billing, system diagnosis, and usage planning.

Installation:
Download freeradius source from http://freeradius.org/

tar -xzvf freeradius-server-3.0.3.tar.gz
cd freeradius
mkdir -p /opt/freeradius
./configure --with-mysql-lib-dir=/usr/lib64/mysql --prefix=/opt/freeradius
make
sudo make install
sudo ldconfig

Configuration:
1.Create softlink for modules that you want to add.

cd /opt/freeradius/etc/raddb/mods-enabled/
ln -s ../mods-available/sql ./
ln -s ../mods-available/redis ./
ln -s ../mods-available/rediswho ./

2.Edit /opt/freeradius/etc/raddb/radiusd.conf

modules {
$INCLUDE mods-enabled/


3. Enable SQL configuration in the default enabled site  /opt/freeradius/etc/raddb/sites-available/default:

authorize {

sql

}
accounting {

sql

}
session {

sql

}
post-auth {

sql

}
Post-Auth-Type REJECT {
sql
}

Now on to MySQL setup. First, create a database where FreeRADIUS will store AAA data. We’ll call it radius:

mysql -uroot -p -e 'CREATE DATABASE radius; GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "1qa2ws3ed";'
mysql -uroot -p radius < /opt/freeradius/etc/raddb/mods-config/sql/main/mysql/schema.sql


4.Configure SQL module /opt/freeradius/etc/raddb/mods-available/sql and change the database connection parameters to suite your environment:

sql {
driver = “rlm_sql_mysql”
server = “192.168.1.1”
port = 3306
login = “radius”
password = “radiuspwd”
# Database table configuration for everything except Oracle
radius_db = “radius”
}
# Set to ‘yes’ to read radius clients from the database (‘nas’ table)
# Clients will ONLY be read on server startup.
read_clients = yes
# Table to keep radius client info
client_table = “nas”

5.Configure AAA queries (edit /mods-config/sql/main/mysql/queries.conf)
Test to see if Free Radius works by issuing the following command:
/opt/freeradius/sbin/radiusd -X

This will start FreeRadius in debug mode ( To stop it -> Ctrl+c).
FreeRADIUS has a start-up script. The following will ensure automatic start-up between reboots.
sudo cp /opt/freeradius/sbin/rc.radiusd /etc/init.d/radiusd
sudo update-rc.d radiusd start 80 2 3 4 5 . stop 20 0 1 6 .

6. Add user and test
Add new user:

mysql> INSERT INTO `radcheck` (`id`, `username`, `attribute`, `op`, `value`) VALUES (1,'testuser','Cleartext-Password',':=','secretmysql');

Test: /opt/freeradius/bin/radtest testuser secretmysql localhost 0 testing123

FreeRadius Detail logs under /usr/local/freeradius-server-3.0.3/var/log/radius/radacct/
NOTE: package mysql-devel or XXXXX-devel is very important to enable support by freeradius

Nhận xét

Bài đăng phổ biến