LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Blogs > Kashif Aziz Awan
User Name
Password

Notices

Rate this Entry

Dalo Radius Server how to...?

Posted 11-27-2008 at 06:44 AM by kashifazizawan

Freeradius 2.05.1 Howto with mysql
(date: 28-7-2008 by Osman)


This tutorial explains how you can set up a FreeRadius server with Wifi authentication and accounting in conjunction with mysql & web management with daloradius on Ubuntu 8.04. This howto should work for a newbie. Production deployment is also possible with minor tweaking. But as usual I do not guarantee anything & take no responsibilities if something goes wrong.
(For basic how-to refer to my doc http://howtoforge.org/wifi-authentic...ius-on-centos5)


Following steps are involved:

1- Building Ubuntu 8.04.x binary rpms
2- Installing the binary packages
3- Configuring the FR with mysql
4- Setting up web management with Daloradius


Step 1- Building Ubuntu 8.04. packages
before building freeradius Ubuntu 8.04 package we have to apt-get some packages, necessary for build process.
apt-get install debhelper libltdl3-dev libpam0g-dev libmysqlclient15-dev libmysqlclient-dev libgdbm-dev libldap2-dev libsasl2-dev libiodbc2-dev libkrb5-dev snmp autotools-dev dpatch libperl-dev libtool dpkg-dev libpq-dev libsnmp-dev libssl-dev

Get hold of source of Freeradius and start building package like given below.

cd ~
apt-get source freeradius


Note: It is recommended that u carry this building process on a non-production server. & move over the final binary rpms over to the produtions server. But it isn't mandatory if u know what ur doing.



cd freeradius-1.1.7/
edit rule file ( debian/rule )
vi debian/rule
now search for these lines
--without-rlm_eap_tls \
--without-rlm_eap_ttls \
--without-rlm_eap_peap \
and change them to look like this.
--with-rlm_eap_tls \
--with-rlm_eap_ttls \
--with-rlm_eap_peap \
now search for these lines and delete them.
for pkg in $(shell grep ^Package debian/control | awk '{print $$2}') ; d
o \
if dh_shlibdeps -p $$pkg -- -O | grep -q libssl; then \
echo "$$pkg links to openssl" ;\
exit 1 ;\
fi ;\
done
Save changes and quit vi. Now edit the control file (debian/control)
vi debian/control
search for the line
Build-Depends: debhelper (>= 5), libltdl3-dev, libpam0g-dev, libmysqlclient15-dev | libmysqlclient-dev, libgdbm-dev, libldap2-dev, libsasl2-dev, libiodbc2-dev, libkrb5-dev, snmp, autotools-dev, dpatch (>= 2), libperl-dev, libtool, dpkg-dev (>= 1.13.19), libpq-dev, libsnmp-dev

and append libssl-dev to the end of this line so that it look like this.

Build-Depends: debhelper (>= 5), libltdl3-dev, libpam0g-dev, libmysqlclient15-dev | libmysqlclient-dev, libgdbm-dev, libldap2-dev, libsasl2-dev, libiodbc2-dev, libkrb5-dev, snmp, autotools-dev, dpatch (>= 2), libperl-dev, libtool, dpkg-dev (>= 1.13.19), libpq-dev, libsnmp-dev, libssl-dev

Save changes and quit vi.
Note: You still might require some package for these. apt-get/aptitiude them. & rerun the rebuild process.

Assuming you are here ~/freeradius-1.1.7. Start Building packages.

dpkg-buildpackage -rfakeroot
After a while (depending on ur system) u should have .deb built in home directory.

freeradius_1.1.7-1build4_i386.deb
freeradius-dbg_1.1.7-1build4_i386.deb
freeradius-dialupadmin_1.1.7-1build4_all.deb
freeradius-iodbc_1.1.7-1build4_i386.deb
freeradius-krb5_1.1.7-1build4_i386.deb
freeradius-ldap_1.1.7-1build4_i386.deb
freeradius-mysql_1.1.7-1build4_i386.deb
freeradius-postgresql_1.1.7-1build4_i386.deb

Move these to a production server if this is ur development workstation.


Step 2- Installing the binary packages

dpkg -i reeradius_1.1.7-1build4_i386.deb
dpkg -i freeradius-mysql_1.1.7-1build4_i386.deb



After running with the out of the box configuration validate against a local user

E.g: run radius is debug mode

radiusd -X


From another shell run this while the radius -X is running

radtest abc 123 localhost 1812 testing123


Make sure the user abc with password 123 is set in the /etc/freeradius/users file)


Setp 3- Configuring the FR with mysql

Get hold of daloradius from http://sourceforge.net/projects/daloradius

tar -zxvf daloradius.tar.gz
cp daloradius/ /var/www -R

First the mysql bits (Creating the db & its admin user). Do the following
from ur shell.


mysqladmin -u root password 123456
mysql -u root -p
CREATE DATABASE radius;
exit


Import the the freeradius's schema

mysql -u root -p radius < /var/www/daloradius/contrib/db/mysql-daloradius-and-freeradius.sql
mysql -u root -p # Provide passoward and you will arrive at sql environment
use database radius; #This will select database radius.
show tables; #This will show all tables from database radius.
quit


Now edit ur /etc/freeradius/sql.conf

Reset the user/password/database parameters to reflect the the changes (eg. root/radpass/radius)
and search for the line
readclients = no
and change it to
readclients = yes

Edit the file /etc/freeradius/radius.conf

& add a line saying 'sql' to the authorize{} section (which is towards the end of the file). Also add a line saying 'sql' to the accounting{} section to tell FreeRADIUS to store accounting records in SQL as well. Optionally add 'sql' to the session{} section if you want to do Simultaneous-Use detection. Optionally add 'sql' to the post-auth{} section if you want to log all Authentication attempts to SQL.

Here is the authorize section:

authorise {
preprocess
chap
mschap
suffix
eap
sql
pap
And the accounting section:

accounting {
detail
sql
}


Insert a test user in the database. go to mysql shell & run this.



mysql -u root -p
mysql>use database radius;
mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('sqltest', 'Password', 'testpwd');
mysql>select * from radcheck where UserName='sqltest'; # This will show information about sqltest
mysql> exit


Fire up the radius in debug mode

radiusd -X


Go to another shell run the test

radtest sqltest testpwd localhost 1812 testing123


Congratulations freeradius + mysql setup is working.


4- Setting up web management with Daloradius

For fancy web based GUI managment & more read on.



############# For daloRADIUS version 0.9-7 stable release ##############
# by Liran Tal of Enginx <liran@enginx.com>

Prerequisites are

=============

Apache 1/2, PHP 4/5, PHP GD , PHP DB Abstraction Layer (may require PHP Pear), MySQL 4/5


apt-get install apache2
apt-get install php php-mysql php-pear php-gd php-pear-DB


Change permission and ownership.

chown apache:apache /var/www/daloradius -R
chmod 644 /var/www/daloradius/library/daloradius.conf

Daloradius needs to add few more tables to the radius database we already created earlier
.
(Note: The schemas in the daloradius/contrib/db folder won't work out of the box u need to modify them to get them working)


Now, simply adjust the MySQL database information in daloRADIUS's config file.



cd /var/www/daloradius/library/
vi daloradius.conf


Fill in the database details, few important parameters are listed below

CONFIG_DB_ENGINE = mysql
CONFIG_DB_HOST = 127.0.0.1
CONFIG_DB_USER = root
CONFIG_DB_PASS = radpass
CONFIG_DB_NAME = radius


Save the file and exit.


Setup the apache server

Edit the /etc/apache2/apache2.conf file & append this to the end of the file. (customize to ur likings)

Alias /daloradius "/var/www/daloradius/"
<Directory /var/www/daloradius/>
Options None
order deny,allow
deny from all
allow from 127.0.0.1
</Directory>

Save & exit

Restart the httpd server

/etc/init.d/httpd restart

Fire up the firefox (or neother borowser) & go to the url http://localhost/daloradius

(If this is a production server without GUI, set the "allow from <ip >" in the httpd.conf & url to it)

Login to the management:

username: administrator
password: radius


Change this information first for the sake of security. (Info is located in the operator table)

Congratulations you are done.


References:

http://freeradius.org/

http://wiki.freeradius.org/SQL_HOWTO

http://sourceforge.net/projects/daloradius

http://howtoforge.org/wifi-authentic...ius-on-centos5

Regards:
Posted in Uncategorized
Views 20333 Comments 1
« Prev     Main     Next »
Total Comments 1

Comments

  1. Old Comment
    Posted 10-25-2010 at 07:57 AM by kashifazizawan kashifazizawan is offline
 

  



All times are GMT -5. The time now is 12:32 AM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration