Install FreeRADIUS and daloRADIUS on AlmaLinux 8: Comprehensive Guide

This guide intends to teach you to Install and Configure Radius Server (FreeRADIUS and daloRADIUS) on AlmaLinux 8.

RADIUS (Remote Authentication Dial-In User Service) is a client-server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.

FreeRADIUS is the most popular and most widely deployed RADIUS server in the world. It serves as the basis for multiple commercial offerings, and it supplies the authentication, authorization, and accounting (AAA) needs of many Fortune 500 companies and Tier 1 ISPs.

DaloRADIUS is an advanced RADIUS web management application aimed at managing hotspots and general-purpose ISP deployments.

You can now proceed to the following steps on the Orcacore website to Install FreeRADIUS and daloRADIUS on AlmaLinux 8.

Table of Contents

Steps To Install FreeRADIUS and Daloradius on AlmaLinux 8

To Install FreeRADIUS and Daloradius on AlmaLinux 8, you must log in to your server as a non-root user with sudo privileges and set up a basic firewall. To do this, you can follow our guide on Initial Server Setup with AlmaLinux 8.

Also, you need to have LAMP Stack installed on your server. To do this, you can follow our guide on Installing LAMP Stack on AlmaLinux 8.

Follow the steps below to Install FreeRADIUS and Daloradius on AlmaLinux 8.

Step 1- Install PHP Extensions on AlmaLinux 8

To Install FreeRADIUS and Daloradius on AlmaLinux 8, you need to install some PHP extensions on your server by using the command below:

sudo dnf -y install php-{cli,curl,mysqlnd,devel,gd,pear,mbstring,xml,pear}

Also, you need to use the following commands to install other required packages:

# sudo pear install DB 
# sudo pear install MDB2

PEAR DB is an advanced, object-oriented database library that provides full database abstraction – that is, you use the same code in all your databases.

PEAR MDB2 is a merge of the PEAR DB and Metabase php database abstraction layers. It provides a common API for all supported RDBMS.

If you don’t start your Apache and PHP-FPM services, use the command below to start and enable them:

sudo systemctl enable --now httpd php-fpm

Also, you must allow HTTP and HTTPS ports through the firewall:

# sudo firewall-cmd --add-service={http,https} --permanent 
# sudo firewall-cmd --reload

Step 2 – Create Radius Database and User on AlmaLinux 8

To Install FreeRADIUS and Daloradius on AlmaLinux 8, you need to log in to your MariaDB shell by using the command below:

sudo mysql -u root -p

From your MariaDB shell, run the command below to create the database, here we named it radiusdb:

MariaDB [(none)]> CREATE DATABASE radiusdb;

Then, use the command below to create a user with a strong password and grant all the privileges to it:

MariaDB [(none)]> GRANT ALL ON radiusdb.* TO radiususer@localhost IDENTIFIED BY "StrongPass";

Next, flush the privileges and exit from your MariaDB shell:

MariaDB [(none)]> FLUSH PRIVILEGES; 
MariaDB [(none)]> \q

Step 3 – Install FreeRADIUS on AlmaLinux 8

At this point, you can easily Install FreeRADIUS and Daloradius on AlmaLinux 8. The packages are available in the default AlmaLinux repository. To check it, run the command below:

sudo dnf module list freeradius

Output
Name       Stream  Profiles Summary
freeradius 3.0 [d] server [ High-performance and highly configurable free RADIUS
                   d]        server

Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled

Now use the command below to install FreeRADIUS:

sudo dnf install -y @freeradius freeradius-utils freeradius-mysql

Start and Enable FreeRADIUS Service

When your installation is completed, start and enable your service by using the following command:

sudo systemctl enable --now radiusd.service

Verify your FreeRadius service is active and running on your AlmaLinux 8:

sudo systemctl status radiusd.service

Output
● radiusd.service - FreeRADIUS high performance RADIUS server.
   Loaded: loaded (/usr/lib/systemd/system/radiusd.service; enabled; vendor pre>
   Active: active (running) since Tue 2023-01-17 02:41:42 EST; 33s ago
  Process: 60308 ExecStart=/usr/sbin/radiusd -d /etc/raddb (code=exited, status>
  Process: 60305 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=0/SUCCE>
  Process: 60267 ExecStartPre=/bin/sh /etc/raddb/certs/bootstrap (code=exited, >
  Process: 60265 ExecStartPre=/bin/chown -R radiusd.radiusd /var/run/radiusd (c>
 Main PID: 60311 (radiusd)
    Tasks: 6 (limit: 23668)
   Memory: 77.0M
   CGroup: /system.slice/radiusd.service
           └─60311 /usr/sbin/radiusd -d /etc/raddb
...

Configure Firewall for FreeRadius Service

At this point, you need to allow FreeRadius port through the AlmaLinux firewall:

sudo firewall-cmd --add-service=radius --permanent

Reload the firewall to apply the new rules:

sudo firewall-cmd --reload

Step 4 – Configure FreeRADIUS on AlmaLinux 8

At this step, you need to configure FreeRADIUS to use MariaDB. To do this, follow the steps below.

First, you need to import the Radius database scheme to populate the radius database. To do this, use the following commands:

# sudo su - 
# mysql -u root -p radiusdb < /etc/raddb/mods-config/sql/main/mysql/schema.sql

Then, you need to create a soft link for SQL under /etc/raddb/mods-enabled. To do this, run the command below:

sudo ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/

Next, you need to configure SQL module /raddb/mods-available/sql and change the database connection parameters to suit your environment. To do this, open the file with your favorite text editor, here we use vi editor:

sudo vi /etc/raddb/mods-available/sql

Edit the file as shown below:

sql {
        #  Allowed dialects are:
        #
        #       mssql
        #       mysql
        #       oracle
        #       postgresql
        #       sqlite
        #       mongo
        #
dialect = "mysql"

        #  The driver module used to execute the queries.  Since we
driver = "rlm_sql_mysql"
.........
##Comment out the TLS part##
        mysql {
                # If any of the files below are set, TLS encryption is enabled
#               tls {
#                       ca_file = "/etc/ssl/certs/my_ca.crt"
#                       ca_path = "/etc/ssl/certs/"
#                       certificate_file = "/etc/ssl/certs/private/client.crt"
#                       private_key_file = "/etc/ssl/certs/private/client.key"
#                       cipher = "DHE-RSA-AES256-SHA:AES128-SHA"

#                       tls_required = yes
#                       tls_check_cert = no
#                       tls_check_cert_cn = no
#               }

                # If yes, (or auto and libmysqlclient reports warnings are
                # available), will retrieve and log additional warnings from
                # the server if an error has occured. Defaults to 'auto'
                warnings = auto
        }


# Connection info:

server = "localhost"
port = 3306
login = "radiususer"
password = "your-password"

# Database table configuration for everything except Oracle

radius_db = "radiusdb"
}

# Set to ‘yes’ to read radius clients from the database (‘nas’ table)
# Clients will ONLY be read on server startup.
read_clients = yes

# Table to keep radius client info
client_table = "nas"

When you are done, save and close the file.

Then, change group right of /etc/raddb/mods-enabled/sql to radiusd by using the command below:

sudo chgrp -h radiusd /etc/raddb/mods-enabled/sql

Restart your Radius service to apply the changes:

sudo systemctl restart radiusd

Step 5 – Install Daloradius on AlmaLinux 8

If you want to manage a radius server from a web interface, you can use DaloRADIUS. To do this, follow the steps below.

First, download the DaloRADIUS release archive from GitHub:

# sudo dnf -y install wget unzip
# sudo wget https://github.com/lirantal/daloradius/archive/master.zip

Then, extract your downloaded file:

sudo unzip master.zip

Move the file to the new directory:

sudo mv daloradius-master/ daloradius

Switch to your DaloRADIUS directory:

cd daloradius

Import Daloradius mysql tables with the command below:

# mysql -u root -p radiusdb < contrib/db/fr2-mysql-daloradius-and-freeradius.sql 
# mysql -u root -p radiusdb < contrib/db/mysql-daloradius.sql

Move the Daloradius folder to the path in /var/www/html:

# cd ..
# sudo mv daloradius /var/www/html/

Then change permissions for the http folder and set the right permissions for the Daloradius configuration file:

# sudo mv /var/www/html/daloradius/library/daloradius.conf.php.sample /var/www/html/daloradius/library/daloradius.conf.php
# sudo chown -R apache:apache /var/www/html/daloradius/
# sudo chmod 664 /var/www/html/daloradius/library/daloradius.conf.php

At this point, you need to modify the daloradius.conf.php file to adjust the MySQL database information. To do this, open the file with your favorite text editor:

sudo vi /var/www/html/daloradius/library/daloradius.conf.php

Set database name, user, and password for the connection:

$configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_PORT'] = '3306';
$configValues['CONFIG_DB_USER'] = 'radiususer';
$configValues['CONFIG_DB_PASS'] = 'your-password';
$configValues['CONFIG_DB_NAME'] = 'radiusdb';

When you are done, save and close the file.

To be sure everything works, restart radiusd and httpd services:

sudo systemctl restart radiusd.service httpd

Step 6 – Configure SELinux

At this point, you have learned to Install FreeRADIUS and Daloradius on AlmaLinux 8. Now you need to configure SELinux Relabel directories to allow Apache user access. To do this, run the following commands:

# sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/daloradius(/.*)?" 
# sudo restorecon -Rv /var/www/html/daloradius

Note: If you don’t have the semanage command on your server, run the command below to install it:

sudo dnf install policycoreutils-python-utils

Step 7 – Access the DaloRADIUS Web Interface

At this point, you have learned to Install FreeRADIUS and Daloradius on AlmaLinux 8. Now you can access your DaloRADIUS management web interface on AlmaLinux 8 by typing your server’s IP address in your web browser followed by /daloradius/login.php:

http://server_ip_or_hostname/daloradius/login.php

You will see the Login screen. The default login details are:

Username: administrator 
Password: radius

daloradius login page — Install FreeRADIUS and Daloradius on AlmaLinux 8 – DaloRadius Login

Here you should see your daloRADIUS dashboard on AlmaLinux 8.

daloradius dashboard AlmaLinux 8 — Install FreeRADIUS and Daloradius on AlmaLinux 8 – daloRADIUS dashboard

Change daloRADIUS Administrator Password

At this point, you can change your daloRADIUS password on AlmaLinux 8 by logging into daloRADIUS > Config (In the top menu) > Operators (In the submenu) > List Operators (In the gray sidebar) > Click on the administrator.

daloradius admin password — Install FreeRADIUS and Daloradius on AlmaLinux 8 – daloRADIUS Operators

And in the next screen change the password and click Apply.

Change daloRADIUS Administrator Password — Install FreeRADIUS and Daloradius on AlmaLinux 8 – Change daloRADIUS Password

Conclusion

At this point, you have learned to Install FreeRADIUS and Daloradius on AlmaLinux 8. By following the guide steps you can easily install and configure FreeDADIUS and access the daloRADIUS dashboard.

Hope you enjoy it. You may also like these articles:

Install Symfony PHP Framework on AlmaLinux 8

Install Python 3.11 on AlmaLinux 8

How To Install Postman on AlmaLinux 8