How to install and configure freeradius on CentOS 7 linux

In today tutorial, we have decided to show how to install and configure freeradius on CentOS 7 linux.

Radius protocol has majority use in Authentication, Authorization and Accounting protocol. many administrator use this protocol to manage their users day by day.

In this tutorial, we install and configure freeradius to use mariadb database. also for managing freeradius, we install daloRADIUS web interface.
Here is our environment:

OS: CentOS 7 on VMWare
Firewall: firewalld
SElinux: enforcing
IP address: 192.168.1.128

1- Install and setup mariadb

To install mariadb, we create mariadb repository file and install required packages. here we install mariadb 10.5:

# vim /etc/yum.repos.d/mariadb.repo

then put the following content in it:

[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.5/centos7-amd64/
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

now install mariadb:

# yum install mariadb-server mariadb-client

then start mariadb service:

# systemctl start mariadb
# systemctl enable mariadb

then do initial mariadb setup:

# mysql_secure_installation

now we should create a user and database for freeradius in mariadb:

Note: change “radiuspassword” with your desired password.

# mysql -u root -p
# CREATE DATABASE radius;
# GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radiuspassword";
# FLUSH PRIVILEGES;
# quit;

2- Install apache and php

for a managing freeradius through daloRADIUS  web interface we need to install apache and php:

# yum install epel-release yum-utils
# yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
# yum-config-manager --enable remi-php73
# yum install php php-common php-opcache php-mcrypt php-cli php-gd php-curl php-mysqlnd php-pear php-pear-DB

then install apache:

# yum install httpd

3- Install and configure freeradius

after installing prerequisites, now we install freeradius and configure it.
freeradius and its dependencies is available through base centos 7 repository. so just issue this command:

# yum install freeradius freeradius-utils freeradius-mysql freeradius-perl php-pear

then we import freeradius schema:

# mysql -u root -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql

and create a soft link to available mods:

# ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/sql

ok. now open etc/raddb/mods-available/sql and make change to be like the following:

# vim /etc/raddb/mods-available/sql

sql {
driver = "rlm_sql_mysql"
dialect = "mysql"
# Connection info:
server = "localhost"
port = 3306
login = "radius"
password = "radiuspassword"
# Database table configuration for everything except Oracle
radius_db = "radius"
}
read_clients = yes
client_table = "nas"

then open /etc/raddb/clients.conf and change ipaddr and proto to be same as the following:

ipaddr = *
proto = tcp

4- Install and configure daloRADIUS

now we install and configure daloRADIUS. its package is available in github. so download it and extract:

# wget https://github.com/lirantal/daloradius/archive/master.zip
# unzip master.zip
# mv daloradius-master/ daloradius
# cd daloradius

now import daloRadius tables into database:

# mysql -u root -p radius < contrib/db/fr2-mysql-daloradius-and-freeradius.sql
# mysql -u root -p radius < contrib/db/mysql-daloradius.sql

then move its directory to apache root document:

# cd ..
# mv daloradius /var/www/html/

change owner of daloRadius and set proper selinux policy:

# chown -R apache:apache /var/www/html/daloradius/
# chmod 664 /var/www/html/daloradius/library/daloradius.conf.php
# restorecon -R /var/www/html/daloradius/

now open daloRadius config file and set the following parameters:

# vim /var/www/html/daloradius/library/daloradius.conf.php
$configValues['CONFIG_DB_USER'] = 'radius';
$configValues['CONFIG_DB_PASS'] = 'radiuspassword';
$configValues['CONFIG_DB_NAME'] = 'radius';

5- Configure firewall

we need to open radius and web port. so issue these commands:

# firewall-cmd --permanent --add-port=1812/tcp
# firewall-cmd --permanent --add-port=1812/udp
# firewall-cmd --permanent --add-port=1813/tcp
# firewall-cmd --permanent --add-port=1813/udp
# firewall-cmd --permanent --add-port=80/tcp

then reload firewall:

# firewall-cmd --reload

6- Start services

In rare circumstances, selinux policy manager may be crashed when we start freeradius server. so first update some selinux packages:

# yum update setools checkpolicy policycoreutils

now freeradius and daloRadius installation and configurations has been done. last thing is to start services:

# systemctl start radiusd.service
# systemctl restart mariadb.service
# systemctl restart httpd
# systemctl enable radiusd.service
# systemctl enable mariadb.service
# systemctl enable httpd

then in your browser, point to this address: (remember to change IP address with your own)

http://localhost/daloradius/login.php

default username and password of dolaRadius is:

Username: administrator
Password: radius

dolaRadius admin panel 1to allow remote devices to authenticate their users through freeradius, we must define NAS. so click on Management>NAS>New NAS. then fill NAS IP/Host field with remote device IP address or hostname and choose a strong secret.
dolaRadius admin panel 2
then define user accounts by navigating to Management>Users>New User.
dolaRadius admin panel 3then navigate to Management>Users>List Users and select created user and then click on Test Connectivity button.
dolaRadius admin panel 4Finally click on Perform Test to make sure created user will be authenticated successfully.
dolaRadius admin panel 5

also to test freeradius, there is great tool called NTRadPing. you can download it from:

http://www.novell.com/coolsolutions/tools/downloads/ntradping.zip