FreeRadius 3.0.x Installation and configuration with Mysql

This document describes how to setup a FreeRADIUS server. A MySQL server is used as backend and for the user accounting.

RADIUS is an industry-standard protocol for providing authentication, authorization, and accounting services.

  • Authentication is the process of verifying a user’s identity and associating additional information (attributes) to the user’s login session.
  • Authorization is the process of determining whether the user is allowed on the network and controlling network access values based on a defined security policy.
  • Accounting is the process of generating log files that record session statistics used for billing, system diagnosis, and usage planning.

Read More »

Advertisements

freeradius refusing to start with libssl version OpenSSL Security advisory CVE-2014-0160 (Heartbleed)

When you start freeradius server ( ./radiusd -X  for debug mode), it will refuse to start with libssl version which is currently installed on your server. Root cause for this is “Security advisory CVE-2014-0160 (Heartbleed)”. FreeRadius 3.0.3 would not allow to start radius server if  you have openssl version in range 1.0.1 – 1.0.1f installed.

For more information see http://heartbleed.com  .

Here is the steps to fix this,

1.Check current Openssl version.

openssl version -a

2.First you need to completely remove the old openssl

apt-get purge openssl
apt-get autoremove && apt-get autoclean

3. Download and compile the new open version you want

wget http://www.openssl.org/source/openssl-1.0.1g.tar.gz
tar xzvf openssl-1.0.1g.tar.gz
cd  opemssl-1.0.1g

./Configure  OR  ./config
make
make install

cp /usr/local/ssl/bin/openssl /usr/bin/

4.Check Openssl version

openssl version -a

OpenSSL 1.0.1g 7 Apr 2014

5.Add “allow_vulnerable_openssl” in the “security” subsection of “radiusd.conf”

allow_vulnerable_openssl = 'CVE-2014-0160'

6. Start ./radiusd -X

All Set!! 🙂