Install Freeradius on ubuntu 16.10 Server and manage using daloradius (Freeradius web management application)
Sponsored Link
• Authenticates users or devices before allowing them access to a network
• Authorizes those users or devices for specific network services
• Accounts for and tracks the usage of those services
Freeradius Features
• An open and scalable solution
• Broad support by a large vendor base
• Easy modification
• Separation of security and communication processes
• Adaptable to most security systems
• Workable with any communication device that supports RADIUS client protocol
daloRADIUS is an advanced RADIUS web platform aimed at managing Hotspots and general-purpose ISP deployments. It features rich user management, graphical reporting, accounting, and integrates with GoogleMaps for geo-locating (GIS). daloRADIUS is written in PHP and JavaScript and utilizes a database abstraction layer which means that it supports many database systems, among them the popular MySQL, PostgreSQL, Sqlite, MsSQL, and many others.
It is based on a FreeRADIUS deployment with a database server serving as the backend. Among other features it implements ACLs, GoogleMaps integration for locating hotspots/access points visually and many more features. daloRADIUS is essentially a web application to manage a radius server so theoretically it can manage any radius server but specifically it manages FreeRADIUS and it's database structure. Since version 0.9-3 daloRADIUS has introduced an application-wide database abstraction layer based on PHP's PEAR::DB package which support a range of database servers.
Before Installing make sure you have Ubuntu 16.04 LAMP server installed and ready for freeradius.
Preparing your system
Open the terminal and run the following command
sudo apt-get install php-common php-gd php-curl php-mail php-mail-mime php-pear php-db php-mysql
Install freeradius using the following command
sudo apt-get install freeradius freeradius-mysql freeradius-utils
Create Freeradius Database
You can use the following command to create freeradius database
sudo mysql -u root -p
Enter password:
mysql> create database radius;
mysql> grant all on radius.* to [email protected] identified by "password";
Query OK, 0 rows affected (0.00 sec)
Insert the freeradius database scheme using the following commands
sudo mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql
Enter password:
sudo mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sql
Enter password:
Create new user for radius database
sudo mysql -u root -p
mysql> use radius;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES (‘sqltest', ‘Password', ‘testpwd');
Query OK, 1 row affected (0.04 sec)
mysql> exit
Bye
Freeradius Configuration
You need to edit /etc/freeradius/sql.conf file
sudo vi /etc/freeradius/sql.conf
Make sure you have the following details
database = mysql
login = radius
password = passwordUncomment the following
readclients = yes
Save and Exit the file
Now you need to edit the /etc/freeradius/sites-enabled/default file
sudo vi /etc/freeradius/sites-enabled/default
Uncomment the sql option in the following sections
accounting
# See “Authorization Queries” in sql.conf
sql
session
# See “Authorization Queries” in sql.conf
sql
Post-Auth-Type
# See “Authorization Queries” in sql.conf
sql
Save and Exit the file
Now edit /etc/freeradius/radiusd.conf file
sudo vi /etc/freeradius/radiusd.conf
#Uncomment the following option
$INCLUDE sql.conf
Save and exit the file
Now you can stop the free radius server using the following command
sudo /etc/init.d/freeradius stop
Run freeradius in debugging mode. If there is no error, you are ready to go.
sudo freeradius -X
Start the freeradius using the following command
sudo /etc/init.d/freeradius start
Test the radius server using the following command
sudo radtest sqltest testpwd localhost 18128 testing123
Ouput as follows
Sending Access-Request of id 68 to 127.0.0.1 port 1812
User-Name = "sqltest"
User-Password = "testpwd"
NAS-IP-Address = 127.0.1.1
NAS-Port = 18128
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=68, length=20
Daloradius Installation
You can download the Daloradius latest version from here
Once you downloaded the daloradius-0.9-9.tar.gz file you need to extract using the following command
$ tar xvfz daloradius-0.9-9.tar.gz
$ mv daloradius-0.9-9 daloradius
$ mv daloradius /var/www/html
Change Permissions
sudo chown www-data:www-data /var/www/html/daloradius -R
sudo chmod 644 /var/www/html/daloradius/library/daloradius.conf.php
Mysql database need to setup for daloradius.We need to do is to import the daloradius scheme into our existing radius database.
$ cd /var/www/html/daloradius/contrib/db
sudo mysql -u root -p radius < mysql-daloradius.sql
configure the following daloradius setting.
sudo vi /var/www/html/daloradius/library/daloradius.conf.php
Change the database password
$configValues[‘CONFIG_DB_PASS'] = ‘password';
Save and exit the file
Now you need to configure daloradius website under /etc/apache2/sites-available
sudo vi /etc/apache2/sites-available/daloradius.conf
add the following lines
Alias /daloradius "/var/www/html/daloradius/"
<Directory /var/www/html/daloradius/>
Options None
Order allow,deny
allow from all
</Directory>
Save and exit the file
Enable daloradius website using the following command
sudo a2ensite daloradius
Enabling site daloradius.
To activate the new configuration, you need to run:
sudo service apache2 reload
Daloradius Web GUI
you can access daloradius GUI using http://server-ip/daloradius and the login screen as follows
Use the following login details
username: administrator
password: radius
If you are running PHP 7 then you might see the following error
Database connection error
Error Message: DB Error: extension not found
To fix the above error you need to do the following changes Credit goes here
Changing file library/daloradius.conf.php
It's required to update daloRADIUS's database connection code so that it identifies the MySQL server using the new and improved mysqli driver:
Open for editing the file library/daloradius.conf.php and locate the configuration variable CONFIG_DB_ENGINE and change it to the value of mysqli (it is now probably set to mysql, notice the extra i). It should end up looking as follows: $configValues[‘CONFIG_DB_ENGINE'] = ‘mysqli';
Changing file library/opendb.php
Open for editing the file library/opendb.php
At the very end of the file just add this new line of code: $dbSocket->query("SET GLOBAL sql_mode = ";"); which makes the MySQL version work with less strict SQL syntax
Once you logged in you should see similar to the following screen
You have $dbSocket->query(“SET GLOBAL sql_mode = “;”);
The second quotation mark should actually be 2 apostrophes. Having 3 quotation marks in that line will give a PHP parse error
directions need to include to comment file and uncomment SQL in that one section or else accept-reject
It’s wonderful! I suceed by following your guide! Thx!!
For any installation involving PHP 7 (i.e. like current Ubuntu since 16.04), it’s important not to download 0.9.9 from Sourceforge – as mentioned above -, but to checkout the current daloradius master from Github instead. That master contains various fixes to make it compatible with PHP 7.
The changes mentioned in the blogpost above are good enough to get a first webpage from daloradius, but not to make it actually work.
^JustTryingToHelp
If sourceforge version was installed, do you just download github version and install over it? and redo the config?
THanks
in sites-enabled/default file, you need to comment out the sql as well in the authorize{} section (line 177 possibly)
Hi All,
just installed!
If I perform a “Test Connectivity”, on every user configured I’ve “Access-Reject “, see below.
Thanks!
Executed:
echo User-Name=’gigio’,User-Password=’gigio’ | radclient -c ‘1’ -n ‘3’ -r ‘3’ -t ‘3’ -x ‘127.0.0.1:1812’ ‘auth’ ‘testing123’ 2>&1
Results:
Sending Access-Request of id 241 to 127.0.0.1 port 1812
User-Name = “gigio”
User-Password = “gigio”
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=241, length=20
I had the same issue as Giacomo. This will fix the problem.
In sudo vi /etc/freeradius/sites-enabled/default
Uncomment the following in addition to the author’s recommendation
authorize
# See “Authorization Queries” in sql.conf
sql