FreeRadius 3.0.x Installation and configuration with Mysql

This document describes how to setup a FreeRADIUS server. A MySQL server is used as backend and for the user accounting.

RADIUS is an industry-standard protocol for providing authentication, authorization, and accounting services.

  • Authentication is the process of verifying a user’s identity and associating additional information (attributes) to the user’s login session.
  • Authorization is the process of determining whether the user is allowed on the network and controlling network access values based on a defined security policy.
  • Accounting is the process of generating log files that record session statistics used for billing, system diagnosis, and usage planning.

Installation:

Download freeradius source from http://freeradius.org/

tar -xzvf freeradius-server-3.0.3.tar.gz
cd freeradius
./configure –prefix=/usr/local/freeradius-server-3.0.3

make
sudo make install
sudo ldconfig

Configuration:

1.Create softlink for modules that you want to add.
cd mods-enabled/
ln -s ../mods-available/sql ./
ln -s ../mods-available/redis ./
ln -s ../mods-available/rediswho ./

2.Edit radiusd.conf
modules {
$INCLUDE mods-enabled/
}
policy {
$INCLUDE sites-enabled/
}

3. Enable SQL configuration in the default enabled site /etc/freeradius/sites-available/default:
authorize {

sql

}
accounting {

sql

}
session {

sql

}
post-auth {

sql

}
Post-Auth-Type REJECT {
sql
}

Now on to MySQL setup. First, create a database where FreeRADIUS will store AAA data. We’ll call it radius:

create database radius;

Import the MySQL schema from /mods-config/sql/main/mysql/schema.sql

mysql -u root -p < /raddb/sql/mysql/schema.sql

4.Configure SQL module /raddb/mods-available/sql and change the database connection parameters to suite your environment:
sql {
driver = “rlm_sql_mysql”
server = “192.168.1.1”
port = 3306
login = “radius”
password = “radiuspwd”
# Database table configuration for everything except Oracle
radius_db = “radius”
}

# Set to ‘yes’ to read radius clients from the database (‘nas’ table)
# Clients will ONLY be read on server startup.
read_clients = yes

# Table to keep radius client info
client_table = “nas”

5.Configure AAA queries (edit /mods-config/sql/main/mysql/queries.conf)

Test to see if Free Radius works by issuing the following command:
./radiusd -X

This will start FreeRadius in debug mode ( To stop it -> Ctrl+c).
FreeRADIUS has a start-up script. The following will ensure automatic start-up between reboots.

sudo cp sbin/rc.radiusd /etc/init.d/radiusd
sudo update-rc.d radiusd start 80 2 3 4 5 . stop 20 0 1 6 .

FreeRadius Detail logs under /usr/local/freeradius-server-3.0.3/var/log/radius/radacct/

All set!!!

Advertisements