FreeRadius 3.0.x Installation and configuration with Mysql

This document describes how to setup a FreeRADIUS server. A MySQL server is used as backend and for the user accounting.

RADIUS is an industry-standard protocol for providing authentication, authorization, and accounting services.

  • Authentication is the process of verifying a user’s identity and associating additional information (attributes) to the user’s login session.
  • Authorization is the process of determining whether the user is allowed on the network and controlling network access values based on a defined security policy.
  • Accounting is the process of generating log files that record session statistics used for billing, system diagnosis, and usage planning.

Installation:

Download freeradius source from http://freeradius.org/

tar -xzvf freeradius-server-3.0.3.tar.gz
cd freeradius
./configure –prefix=/usr/local/freeradius-server-3.0.3

make
sudo make install
sudo ldconfig

Configuration:

1.Create softlink for modules that you want to add.
cd mods-enabled/
ln -s ../mods-available/sql ./
ln -s ../mods-available/redis ./
ln -s ../mods-available/rediswho ./

2.Edit radiusd.conf
modules {
$INCLUDE mods-enabled/
}
policy {
$INCLUDE sites-enabled/
}

3. Enable SQL configuration in the default enabled site /etc/freeradius/sites-available/default:
authorize {

sql

}
accounting {

sql

}
session {

sql

}
post-auth {

sql

}
Post-Auth-Type REJECT {
sql
}

Now on to MySQL setup. First, create a database where FreeRADIUS will store AAA data. We’ll call it radius:

create database radius;

Import the MySQL schema from /mods-config/sql/main/mysql/schema.sql

mysql -u root -p < /raddb/sql/mysql/schema.sql

4.Configure SQL module /raddb/mods-available/sql and change the database connection parameters to suite your environment:
sql {
driver = “rlm_sql_mysql”
server = “192.168.1.1”
port = 3306
login = “radius”
password = “radiuspwd”
# Database table configuration for everything except Oracle
radius_db = “radius”
}

# Set to ‘yes’ to read radius clients from the database (‘nas’ table)
# Clients will ONLY be read on server startup.
read_clients = yes

# Table to keep radius client info
client_table = “nas”

5.Configure AAA queries (edit /mods-config/sql/main/mysql/queries.conf)

Test to see if Free Radius works by issuing the following command:
./radiusd -X

This will start FreeRadius in debug mode ( To stop it -> Ctrl+c).
FreeRADIUS has a start-up script. The following will ensure automatic start-up between reboots.

sudo cp sbin/rc.radiusd /etc/init.d/radiusd
sudo update-rc.d radiusd start 80 2 3 4 5 . stop 20 0 1 6 .

FreeRadius Detail logs under /usr/local/freeradius-server-3.0.3/var/log/radius/radacct/

All set!!!

Advertisements

26 thoughts on “FreeRadius 3.0.x Installation and configuration with Mysql

  1. I am newbie in the Freeradius, can you clarify what do you mean by the
    2.Edit radiusd.conf
    modules {
    $INCLUDE mods-enabled/
    }
    policy {
    $INCLUDE sites-enabled/
    }
    Thanks

    • radiusd.conf is main conf file,if you want include any module in order to use with freeradius you have to mention INCLUDE path for that module under modules section.The above example will include all modules like sql,ldap,redis,etc.. under mods-enable location. same with policy, you will define policy eg. policy for user login and network access under sites-enable files and include file path under policy section.

      NOTE: Most of the %-enables directories are having symbolic link of %-available dir files.
      eg. mods-enabled/ dir contains symbolic links for mods-available dir files.

  2. Hi,

    When I run command : radiusd -X
    I get error :
    ——————————
    rlm_sql (sql): Released connection (4)
    /etc/raddb/mods-enabled/redis[10]: Failed to link to module ‘rlm_redis’: rlm_redis.so: cannot open shared object file: No such file or directory
    ——————————

    Can you help?
    Thanks,

    • recheck module path under rediusd.conf or may be it’s an issue with permission or
      version mismatch for modules .so files

  3. Hi
    I have the following error message when issuing radiusd -X, any experience? Thanks

    Debugger not attached
    Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 0x1000105f (1.0.1e release) (in range 1.0.1 dev – 1.0.1f release)
    Security advisory CVE-2014-0160 (Heartbleed)
    For more information see http://heartbleed.com
    Once you have verified libssl has been correctly patched, set security.allow_vulnerable_openssl = ‘CVE-2014-0160’

  4. Hi,
    I did the allow vulnerable ssl. Now I am getting the error
    Debugger not attached
    # Creating Auth-Type = digest
    radiusd: #### Instantiating modules ####
    /usr/local/etc/raddb/mods-enabled/redis[10]: Failed to link to module ‘rlm_redis’: /usr/local/lib/rlm_redis.so: cannot open shared object file: No such file or directory

    Also, there is no rlm_redis in /usr/local/lib/. Sorry, But I am new to freeradius. Thank you for your help.

  5. would you please post the accountig query that you have implemented, because i have implemented a query but in log file i get acctinputoctets= 0 and acctoutputoctets= 0
    this is the file: sqlcounter monthlytrafficcounter {
    counter-name = Monthly-Traffic
    check-name = Max-Monthly-Traffic
    reply-name = Monthly-Traffic-Limit
    sqlmod-inst = sql
    key = User-Name
    reset = monthly
    query = “SELECT IFNULL (acctinputoctets + acctoutputoctets),0) as counter FROM radacct WHERE Username=’%{%k}’ AND UNIX_TIMESTAMP (AcctStartTime > ‘%b’ ”
    }

    i really need help !

  6. I am also getting this error when i create above soft links,
    radiusd: #### Instantiating modules ####
    /usr/local/etc/raddb/mods-enabled/redis[10]: Failed to link to module ‘rlm_redis’: /usr/local/lib/rlm_redis.so: cannot open shared object file: No such file or directory

      • Sorry I don’t know because I’ve already downgraded to 2.2.9.
        Version 3.x wasn’t stable under Ubuntu 14.04 and I don’t have enough time to play with it and I need a working radius server in production environment 🙂
        (I tried 3.0.3, 3.0.8, 3.0.9).

  7. same problem…centos 7

    /etc/raddb/mods-enabled/redis[10]: Failed to link to module ‘rlm_redis’: /usr/local/lib/rlm_redis.so: cannot open shared object file: No such file or directory

  8. Pingback: Freeradius How To Start | ItHowTo
  9. Hi Lalit,
    I was finding it difficult to understand, on what basis does freeradius picks up a particular module among may enabled modules for authentcation or any request.

  10. Hi Lalit,
    Thank you for your article but, for me, it doesn’t work.
    My SO is CentOS 7.3, I have installed freeradius 3.0.4 and MariaDB.
    When start freeradius in debugging mode I can see the accounting information in log but no in ‘raddact’ table.
    The connection Freeradius -> MariaDB is good because radius can read the user from ‘radcheck’ and ,after authentication, a line is added in ‘radpostauth’ table.
    Why ‘raddact’ table is empty?
    Thank you

  11. make sure you enabled sql for following in /etc/freeradius/sites-available/default

    accounting {

    sql

    }
    session {

    sql

    }

    Also look for sql table options in /raddb/mods-available/sql

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s