Share your love
Install FreeRADIUS and daloRADIUS on AlmaLinux 8
This guide intends to teach you to Install and Configure Radius Server (FreeRADIUS and daloRADIUS) on AlmaLinux 8.
RADIUS (Remote Authentication Dial-In User Service) is a client-server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.
FreeRADIUS is the most popular and most widely deployed RADIUS server in the world. It serves as the basis for multiple commercial offerings, and it supplies the authentication, authorization, and accounting (AAA) needs of many Fortune 500 companies and Tier 1 ISPs.
DaloRADIUS is an advanced RADIUS web management application aimed at managing hotspots and general-purpose ISP deployments.
what you read in this post?
Steps To Install FreeRADIUS and Daloradius on AlmaLinux 8
To complete this guide, you must log in to your server as a non-root user with sudo privileges and set up a basic firewall. To do this, you can follow our guide on Initial Server Setup with AlmaLinux 8.
Also, you need to have LAMP Stack installed on your server. To do this, you can follow our guide on Installing LAMP Stack on AlmaLinux 8.
Install PHP Extensions on AlmaLinux 8
At this point, you need to install some PHP extensions on your server by using the command below:
sudo dnf -y install php-{cli,curl,mysqlnd,devel,gd,pear,mbstring,xml,pear}Also, you need to use the following commands to install other required packages:
# sudo pear install DB
# sudo pear install MDB2PEAR DB is an advanced, object-oriented database library that provides full database abstraction – that is, you use the same code in all your databases.
PEAR MDB2 is a merge of the PEAR DB and Metabase php database abstraction layers. It provides a common API for all supported RDBMS.
If you don’t start your Apache and PHP-FPM services, use the command below to start and enable them:
sudo systemctl enable --now httpd php-fpmAlso, you must allow HTTP and HTTPS ports through the firewall:
# sudo firewall-cmd --add-service={http,https} --permanent
# sudo firewall-cmd --reloadCreate Radius Database and User on AlmaLinux 8
At this point, you need to log in to your MariaDB shell by using the command below:
sudo mysql -u root -pFrom your MariaDB shell, run the command below to create the database, here we named it radiusdb:
MariaDB [(none)]> CREATE DATABASE radiusdb;Then, use the command below to create a user with a strong password and grant all the privileges to it:
MariaDB [(none)]> GRANT ALL ON radiusdb.* TO radiususer@localhost IDENTIFIED BY "StrongPass";Next, flush the privileges and exit from your MariaDB shell:
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> \qInstall FreeRADIUS on AlmaLinux 8
At this point, you can easily install FreeRADIUS. The packages are available in the default AlmaLinux repository. To check it, run the command below:
sudo dnf module list freeradiusOutput
Name Stream Profiles Summary
freeradius 3.0 [d] server [ High-performance and highly configurable free RADIUS
d] server
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
Now use the command below to install FreeRADIUS:
sudo dnf install -y @freeradius freeradius-utils freeradius-mysqlStart and Enable FreeRADIUS Service
When your installation is completed, start and enable your service by using the following command:
sudo systemctl enable --now radiusd.serviceVerify your FreeRadius service is active and running on your AlmaLinux 8:
sudo systemctl status radiusd.serviceOutput
● radiusd.service - FreeRADIUS high performance RADIUS server.
Loaded: loaded (/usr/lib/systemd/system/radiusd.service; enabled; vendor pre>
Active: active (running) since Tue 2023-01-17 02:41:42 EST; 33s ago
Process: 60308 ExecStart=/usr/sbin/radiusd -d /etc/raddb (code=exited, status>
Process: 60305 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=0/SUCCE>
Process: 60267 ExecStartPre=/bin/sh /etc/raddb/certs/bootstrap (code=exited, >
Process: 60265 ExecStartPre=/bin/chown -R radiusd.radiusd /var/run/radiusd (c>
Main PID: 60311 (radiusd)
Tasks: 6 (limit: 23668)
Memory: 77.0M
CGroup: /system.slice/radiusd.service
└─60311 /usr/sbin/radiusd -d /etc/raddb
...Configure Firewall for FreeRadius Service
At this point, you need to allow FreeRadius port through the AlmaLinux firewall:
sudo firewall-cmd --add-service=radius --permanentReload the firewall to apply the new rules:
sudo firewall-cmd --reloadConfigure FreeRADIUS on AlmaLinux 8
At this step, you need to configure FreeRADIUS to use MariaDB. To do this, follow the steps below.
First, you need to import the Radius database scheme to populate the radius database. To do this, use the following commands:
# sudo su -
# mysql -u root -p radiusdb < /etc/raddb/mods-config/sql/main/mysql/schema.sqlThen, you need to create a soft link for SQL under /etc/raddb/mods-enabled. To do this, run the command below:
sudo ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/Next, you need to configure SQL module /raddb/mods-available/sql and change the database connection parameters to suit your environment. To do this, open the file with your favorite text editor, here we use vi editor:
sudo vi /etc/raddb/mods-available/sqlEdit the file as shown below:
sql {
# Allowed dialects are:
#
# mssql
# mysql
# oracle
# postgresql
# sqlite
# mongo
#
dialect = "mysql"
# The driver module used to execute the queries. Since we
driver = "rlm_sql_mysql"
.........
##Comment out the TLS part##
mysql {
# If any of the files below are set, TLS encryption is enabled
# tls {
# ca_file = "/etc/ssl/certs/my_ca.crt"
# ca_path = "/etc/ssl/certs/"
# certificate_file = "/etc/ssl/certs/private/client.crt"
# private_key_file = "/etc/ssl/certs/private/client.key"
# cipher = "DHE-RSA-AES256-SHA:AES128-SHA"
# tls_required = yes
# tls_check_cert = no
# tls_check_cert_cn = no
# }
# If yes, (or auto and libmysqlclient reports warnings are
# available), will retrieve and log additional warnings from
# the server if an error has occured. Defaults to 'auto'
warnings = auto
}
# Connection info:
server = "localhost"
port = 3306
login = "radiususer"
password = "your-password"
# Database table configuration for everything except Oracle
radius_db = "radiusdb"
}
# Set to ‘yes’ to read radius clients from the database (‘nas’ table)
# Clients will ONLY be read on server startup.
read_clients = yes
# Table to keep radius client info
client_table = "nas"When you are done, save and close the file.
Then, change group right of /etc/raddb/mods-enabled/sql to radiusd by using the command below:
sudo chgrp -h radiusd /etc/raddb/mods-enabled/sqlRestart your Radius service to apply the changes:
sudo systemctl restart radiusdInstall Daloradius on AlmaLinux 8
If you want to manage a radius server from a web interface, you can use DaloRADIUS. To do this, follow the steps below.
First, download the DaloRADIUS release archive from GitHub:
# sudo dnf -y install wget unzip
# sudo wget https://github.com/lirantal/daloradius/archive/master.zipThen, extract your downloaded file:
sudo unzip master.zipMove the file to the new directory:
sudo mv daloradius-master/ daloradiusSwitch to your DaloRADIUS directory:
cd daloradiusImport Daloradius mysql tables with the command below:
# mysql -u root -p radiusdb < contrib/db/fr2-mysql-daloradius-and-freeradius.sql
# mysql -u root -p radiusdb < contrib/db/mysql-daloradius.sqlMove the Daloradius folder to the path in /var/www/html:
# cd ..
# sudo mv daloradius /var/www/html/Then change permissions for the http folder and set the right permissions for the Daloradius configuration file:
# sudo mv /var/www/html/daloradius/library/daloradius.conf.php.sample /var/www/html/daloradius/library/daloradius.conf.php
# sudo chown -R apache:apache /var/www/html/daloradius/
# sudo chmod 664 /var/www/html/daloradius/library/daloradius.conf.phpAt this point, you need to modify the daloradius.conf.php file to adjust the MySQL database information. To do this, open the file with your favorite text editor:
sudo vi /var/www/html/daloradius/library/daloradius.conf.phpSet database name, user, and password for the connection:
$configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_PORT'] = '3306';
$configValues['CONFIG_DB_USER'] = 'radiususer';
$configValues['CONFIG_DB_PASS'] = 'your-password';
$configValues['CONFIG_DB_NAME'] = 'radiusdb';When you are done, save and close the file.
To be sure everything works, restart radiusd and httpd services:
sudo systemctl restart radiusd.service httpdConfigure SELinux
At this point, you need to configure SELinux Relabel directories to allow apache user access. To do this, run the following commands:
# sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/daloradius(/.*)?"
# sudo restorecon -Rv /var/www/html/daloradiusNote: If you don’t have the semanage command on your server, run the command below to install it:
sudo dnf install policycoreutils-python-utilsAccess DaloRADIUS Web Interface
At this point, you can access your DaloRADIUS management web interface on AlmaLinux 8 by typing your server’s IP address in your web browser followed by /daloradius/login.php:
http://server_ip_or_hostname/daloradius/login.phpYou will see the Login screen. The default login details are:
Username: administrator
Password: radius
Here you should see your daloRADIUS dashboard on AlmaLinux 8.
Change daloRADIUS Administrator Password
At this point, you can change your daloRADIUS password on AlmaLinux 8 by logging into daloRADIUS > Config (In the top menu) > Operators (In the submenu) > List Operators (In the gray sidebar) > Click on the administrator.
And in the next screen change the password and click Apply.
Conclusion
At this point, you have learned to Install and Configure Radius Server (FreeRADIUS and daloRADIUS) on AlmaLinux 8.
Hope you enjoy it. You may be like these articles on the Orcacore website:
Install Symfony PHP Framework on AlmaLinux 8
