Install FreeRadius and Daloradius on CentOS 7

FreeRADIUS is an open source RADIUS server commonly used on Linux, Unix and embedded systems. daloRADIUS is a web-based RADIUS management tool written in PHP. It was created to ease the management and administration of RADIUS server and hotspots devices (NAS). It comes with a powerful graphical reporting and accounting, billing and advanced user management features.

This post will show the steps how to install FreeRADIUS and Daloradius on CentOS 7 Linux with minimum installation.

Install CentOS and Configure Nework

1. Minimum installation CentOS

2. System Update

yum -y update
reboot

3. Change Network Interface Eth0 IP

[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
[root@localhost ~]# systemctl restart network
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:15:5d:cc:01:07 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.12/24 brd 192.168.2.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::215:5dff:fecc:107/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

Create or Modify a file named /etc/sysconfig/network-scripts/ifcfg-eth0 as follows:

DEVICE=eth0

BOOTPROTO=none

ONBOOT=yes

PREFIX=24

IPADDR=192.168.2.12

GATEWAY=192.168.2.1

DNS1=192.168.2.1



Or use “nmtui”  to configure eth0 interface with IP, gateway and DNS.

Install httpd server and Development Tools

yum -y groupinstall "Development Tools"
yum -y install httpd httpd-devel

Start and enable httpd server

systemctl enable --now httpd
systemctl status httpd

Installing and Configuring MariaDB

• Add MariaDB official repo content to CentOS 7 system

sudo tee /etc/yum.repos.d/MariaDB.repo<<EOF 

[mariadb]

name = MariaDB baseurl = http://yum.mariadb.org/10.4/centos7-amd64 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1 EOF

• Install MariaDB to configure Database server

sudo yum -y install MariaDB-server MariaDB-client

You’ll be prompted to install MariaDB GPG Signing key. Just press y to allow installation.

• Start and enable MariaDB to run on boot

sudo systemctl start --now mariadb

Check if running and if enabled

systemctl status mariadb

Configure initial MariaDB settings to secure it. Here you’ll set root password and answer y to all security questions.

[root@freeradius ~]$ sudo mysql_secure_installation

Configure Database for freeradius

$ mysql -u root -p

CREATE DATABASE radius;
GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "Cyberark1";
FLUSH PRIVILEGES;
\q

Installing and Configuring Php7

Add EPEL and Remi repositories then install PHP and other extensions required for running Daloradius on CentOS 7.

sudo yum -y install epel-release
sudo yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
sudo yum -y install yum-utils
sudo yum-config-manager --disable remi-php54
sudo yum-config-manager --enable remi-php72
sudo yum -y install php php-{cli,curl,mysqlnd,devel,gd,pear,mcrypt,mbstring,xml,pear}

Check PHP version to confirm

$ php -v
PHP 7.2.23 (cli) (built: Sep 25 2019 07:38:48) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies

Installing FreeRadius

sudo yum -y install freeradius freeradius-utils freeradius-mysql

You have to start and enable freeradius to start at boot up.

sudo systemctl enable --now radiusd.service

Now you can check the status:

$ systemctl status radiusd.service

If you have Firewalld service running, allow radius and http traffic in and out. Radius server uses udp ports 1812 and 1813. This can be confirmed by viewing the contents of the file /usr/lib/firewalld/services/radius.xml

sudo firewall-cmd --add-service={http,https,radius} --permanent

Reload firewalld for changes to take effect

sudo firewall-cmd --reload

Test radius server by running it in debug mode with option -X

$ sudo ss -tunlp | grep radiusd

Configuring FreeRadius

Import the Radius database scheme to populate radius database

sudo su -
mysql -u root -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql

First you have to create a soft link for SQL under /etc/raddb/mods-enabled

sudo ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/

Configure SQL module /raddb/mods-available/sql and change the database connection parameters to suite your environment:

sudo vi /etc/raddb/mods-available/sql

• sql section should look similar to below.

sql {
driver = "rlm_sql_mysql"
dialect = "mysql"

# Connection info:

server = "localhost"
port = 3306
login = "radius"
password = "Cyberark1"

# Database table configuration for everything except Oracle

radius_db = "radius"
}

# Set to ‘yes’ to read radius clients from the database (‘nas’ table)
# Clients will ONLY be read on server startup.
read_clients = yes

# Table to keep radius client info
client_table = "nas"

Then change group right of /etc/raddb/mods-enabled/sql to radiusd:

sudo chgrp -h radiusd /etc/raddb/mods-enabled/sql

Install and Configure Daloradius

You can use Daloradius to manage radius server. This is optional and should not be done before install FreeRADIUS. Download daloradius release archive from Github.

sudo yum -y install wget
wget https://github.com/lirantal/daloradius/archive/master.zip
unzip master.zip
mv daloradius-master/ daloradius

Change directory for configuration

cd daloradius

Import Daloradius mysql tables

mysql -u root -p radius < contrib/db/fr2-mysql-daloradius-and-freeradius.sql 
mysql -u root -p radius < contrib/db/mysql-daloradius.sql

Move daloradius folder to path in /var/www/html

cd ..
sudo mv daloradius /var/www/html/

Then change permissions for http folder and set the right permissions for daloradius configuration file.

sudo chown -R apache:apache /var/www/html/daloradius/
sudo chmod 664 /var/www/html/daloradius/library/daloradius.conf.php

You should now modify daloradius.conf.php file to adjust the MySQL database information .

sudo vi /var/www/html/daloradius/library/daloradius.conf.php

Set database name, user and password for connection.

$configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_PORT'] = '3306';
$configValues['CONFIG_DB_USER'] = 'radius';
$configValues['CONFIG_DB_PASS'] = 'Cyberark1';
$configValues['CONFIG_DB_NAME'] = 'radius';

To be sure everything works, restart radiusd and httpd services.

sudo systemctl restart radiusd.service httpd
systemctl status radiusd.service httpd

There should be no error is service status output: Finally run the commands:

sudo pear install DB
sudo pear install MDB2

Up to this point, we’ve covered complete installation and configuration of daloradius and freeradius, to access daloradius, open the link using your IP address:

http://ip-address/daloradius/login.php

The default login details are:

Username: administrator
Password: radius

This is how daloRADIUS interface looks like.