Dalo Radius Server how to...?
Posted 11-27-2008 at 06:44 AM by kashifazizawan
Freeradius 2.05.1 Howto with mysql
(date: 28-7-2008 by Osman)
This tutorial explains how you can set up a FreeRadius server with Wifi authentication and accounting in conjunction with mysql & web management with daloradius on Ubuntu 8.04. This howto should work for a newbie. Production deployment is also possible with minor tweaking. But as usual I do not guarantee anything & take no responsibilities if something goes wrong.
(For basic how-to refer to my doc http://howtoforge.org/wifi-authentic...ius-on-centos5)
Following steps are involved:
1- Building Ubuntu 8.04.x binary rpms
2- Installing the binary packages
3- Configuring the FR with mysql
4- Setting up web management with Daloradius
Step 1- Building Ubuntu 8.04. packages
before building freeradius Ubuntu 8.04 package we have to apt-get some packages, necessary for build process.
apt-get install debhelper libltdl3-dev libpam0g-dev libmysqlclient15-dev libmysqlclient-dev libgdbm-dev libldap2-dev libsasl2-dev libiodbc2-dev libkrb5-dev snmp autotools-dev dpatch libperl-dev libtool dpkg-dev libpq-dev libsnmp-dev libssl-dev
Get hold of source of Freeradius and start building package like given below.
cd ~
apt-get source freeradius
Note: It is recommended that u carry this building process on a non-production server. & move over the final binary rpms over to the produtions server. But it isn't mandatory if u know what ur doing.
cd freeradius-1.1.7/
edit rule file ( debian/rule )
vi debian/rule
now search for these lines
--without-rlm_eap_tls \
--without-rlm_eap_ttls \
--without-rlm_eap_peap \
and change them to look like this.
--with-rlm_eap_tls \
--with-rlm_eap_ttls \
--with-rlm_eap_peap \
now search for these lines and delete them.
for pkg in $(shell grep ^Package debian/control | awk '{print $$2}') ; d
o \
if dh_shlibdeps -p $$pkg -- -O | grep -q libssl; then \
echo "$$pkg links to openssl" ;\
exit 1 ;\
fi ;\
done
Save changes and quit vi. Now edit the control file (debian/control)
vi debian/control
search for the line
Build-Depends: debhelper (>= 5), libltdl3-dev, libpam0g-dev, libmysqlclient15-dev | libmysqlclient-dev, libgdbm-dev, libldap2-dev, libsasl2-dev, libiodbc2-dev, libkrb5-dev, snmp, autotools-dev, dpatch (>= 2), libperl-dev, libtool, dpkg-dev (>= 1.13.19), libpq-dev, libsnmp-dev
and append libssl-dev to the end of this line so that it look like this.
Build-Depends: debhelper (>= 5), libltdl3-dev, libpam0g-dev, libmysqlclient15-dev | libmysqlclient-dev, libgdbm-dev, libldap2-dev, libsasl2-dev, libiodbc2-dev, libkrb5-dev, snmp, autotools-dev, dpatch (>= 2), libperl-dev, libtool, dpkg-dev (>= 1.13.19), libpq-dev, libsnmp-dev, libssl-dev
Save changes and quit vi.
Note: You still might require some package for these. apt-get/aptitiude them. & rerun the rebuild process.
Assuming you are here ~/freeradius-1.1.7. Start Building packages.
dpkg-buildpackage -rfakeroot
After a while (depending on ur system) u should have .deb built in home directory.
freeradius_1.1.7-1build4_i386.deb
freeradius-dbg_1.1.7-1build4_i386.deb
freeradius-dialupadmin_1.1.7-1build4_all.deb
freeradius-iodbc_1.1.7-1build4_i386.deb
freeradius-krb5_1.1.7-1build4_i386.deb
freeradius-ldap_1.1.7-1build4_i386.deb
freeradius-mysql_1.1.7-1build4_i386.deb
freeradius-postgresql_1.1.7-1build4_i386.deb
Move these to a production server if this is ur development workstation.
Step 2- Installing the binary packages
dpkg -i reeradius_1.1.7-1build4_i386.deb
dpkg -i freeradius-mysql_1.1.7-1build4_i386.deb
After running with the out of the box configuration validate against a local user
E.g: run radius is debug mode
radiusd -X
From another shell run this while the radius -X is running
radtest abc 123 localhost 1812 testing123
Make sure the user abc with password 123 is set in the /etc/freeradius/users file)
Setp 3- Configuring the FR with mysql
Get hold of daloradius from http://sourceforge.net/projects/daloradius
tar -zxvf daloradius.tar.gz
cp daloradius/ /var/www -R
First the mysql bits (Creating the db & its admin user). Do the following
from ur shell.
mysqladmin -u root password 123456
mysql -u root -p
CREATE DATABASE radius;
exit
Import the the freeradius's schema
mysql -u root -p radius < /var/www/daloradius/contrib/db/mysql-daloradius-and-freeradius.sql
mysql -u root -p # Provide passoward and you will arrive at sql environment
use database radius; #This will select database radius.
show tables; #This will show all tables from database radius.
quit
Now edit ur /etc/freeradius/sql.conf
Reset the user/password/database parameters to reflect the the changes (eg. root/radpass/radius)
and search for the line
readclients = no
and change it to
readclients = yes
Edit the file /etc/freeradius/radius.conf
& add a line saying 'sql' to the authorize{} section (which is towards the end of the file). Also add a line saying 'sql' to the accounting{} section to tell FreeRADIUS to store accounting records in SQL as well. Optionally add 'sql' to the session{} section if you want to do Simultaneous-Use detection. Optionally add 'sql' to the post-auth{} section if you want to log all Authentication attempts to SQL.
Here is the authorize section:
authorise {
preprocess
chap
mschap
suffix
eap
sql
pap
And the accounting section:
accounting {
detail
sql
}
Insert a test user in the database. go to mysql shell & run this.
mysql -u root -p
mysql>use database radius;
mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('sqltest', 'Password', 'testpwd');
mysql>select * from radcheck where UserName='sqltest'; # This will show information about sqltest
mysql> exit
Fire up the radius in debug mode
radiusd -X
Go to another shell run the test
radtest sqltest testpwd localhost 1812 testing123
Congratulations freeradius + mysql setup is working.
4- Setting up web management with Daloradius
For fancy web based GUI managment & more read on.
############# For daloRADIUS version 0.9-7 stable release ##############
# by Liran Tal of Enginx <liran@enginx.com>
Prerequisites are
=============
Apache 1/2, PHP 4/5, PHP GD , PHP DB Abstraction Layer (may require PHP Pear), MySQL 4/5
apt-get install apache2
apt-get install php php-mysql php-pear php-gd php-pear-DB
Change permission and ownership.
chown apache:apache /var/www/daloradius -R
chmod 644 /var/www/daloradius/library/daloradius.conf
Daloradius needs to add few more tables to the radius database we already created earlier
.
(Note: The schemas in the daloradius/contrib/db folder won't work out of the box u need to modify them to get them working)
Now, simply adjust the MySQL database information in daloRADIUS's config file.
cd /var/www/daloradius/library/
vi daloradius.conf
Fill in the database details, few important parameters are listed below
CONFIG_DB_ENGINE = mysql
CONFIG_DB_HOST = 127.0.0.1
CONFIG_DB_USER = root
CONFIG_DB_PASS = radpass
CONFIG_DB_NAME = radius
Save the file and exit.
Setup the apache server
Edit the /etc/apache2/apache2.conf file & append this to the end of the file. (customize to ur likings)
Alias /daloradius "/var/www/daloradius/"
<Directory /var/www/daloradius/>
Options None
order deny,allow
deny from all
allow from 127.0.0.1
</Directory>
Save & exit
Restart the httpd server
/etc/init.d/httpd restart
Fire up the firefox (or neother borowser) & go to the url http://localhost/daloradius
(If this is a production server without GUI, set the "allow from <ip >" in the httpd.conf & url to it)
Login to the management:
username: administrator
password: radius
Change this information first for the sake of security. (Info is located in the operator table)
Congratulations you are done.
References:
http://freeradius.org/
http://wiki.freeradius.org/SQL_HOWTO
http://sourceforge.net/projects/daloradius
http://howtoforge.org/wifi-authentic...ius-on-centos5
Regards:
(date: 28-7-2008 by Osman)
This tutorial explains how you can set up a FreeRadius server with Wifi authentication and accounting in conjunction with mysql & web management with daloradius on Ubuntu 8.04. This howto should work for a newbie. Production deployment is also possible with minor tweaking. But as usual I do not guarantee anything & take no responsibilities if something goes wrong.
(For basic how-to refer to my doc http://howtoforge.org/wifi-authentic...ius-on-centos5)
Following steps are involved:
1- Building Ubuntu 8.04.x binary rpms
2- Installing the binary packages
3- Configuring the FR with mysql
4- Setting up web management with Daloradius
Step 1- Building Ubuntu 8.04. packages
before building freeradius Ubuntu 8.04 package we have to apt-get some packages, necessary for build process.
apt-get install debhelper libltdl3-dev libpam0g-dev libmysqlclient15-dev libmysqlclient-dev libgdbm-dev libldap2-dev libsasl2-dev libiodbc2-dev libkrb5-dev snmp autotools-dev dpatch libperl-dev libtool dpkg-dev libpq-dev libsnmp-dev libssl-dev
Get hold of source of Freeradius and start building package like given below.
cd ~
apt-get source freeradius
Note: It is recommended that u carry this building process on a non-production server. & move over the final binary rpms over to the produtions server. But it isn't mandatory if u know what ur doing.
cd freeradius-1.1.7/
edit rule file ( debian/rule )
vi debian/rule
now search for these lines
--without-rlm_eap_tls \
--without-rlm_eap_ttls \
--without-rlm_eap_peap \
and change them to look like this.
--with-rlm_eap_tls \
--with-rlm_eap_ttls \
--with-rlm_eap_peap \
now search for these lines and delete them.
for pkg in $(shell grep ^Package debian/control | awk '{print $$2}') ; d
o \
if dh_shlibdeps -p $$pkg -- -O | grep -q libssl; then \
echo "$$pkg links to openssl" ;\
exit 1 ;\
fi ;\
done
Save changes and quit vi. Now edit the control file (debian/control)
vi debian/control
search for the line
Build-Depends: debhelper (>= 5), libltdl3-dev, libpam0g-dev, libmysqlclient15-dev | libmysqlclient-dev, libgdbm-dev, libldap2-dev, libsasl2-dev, libiodbc2-dev, libkrb5-dev, snmp, autotools-dev, dpatch (>= 2), libperl-dev, libtool, dpkg-dev (>= 1.13.19), libpq-dev, libsnmp-dev
and append libssl-dev to the end of this line so that it look like this.
Build-Depends: debhelper (>= 5), libltdl3-dev, libpam0g-dev, libmysqlclient15-dev | libmysqlclient-dev, libgdbm-dev, libldap2-dev, libsasl2-dev, libiodbc2-dev, libkrb5-dev, snmp, autotools-dev, dpatch (>= 2), libperl-dev, libtool, dpkg-dev (>= 1.13.19), libpq-dev, libsnmp-dev, libssl-dev
Save changes and quit vi.
Note: You still might require some package for these. apt-get/aptitiude them. & rerun the rebuild process.
Assuming you are here ~/freeradius-1.1.7. Start Building packages.
dpkg-buildpackage -rfakeroot
After a while (depending on ur system) u should have .deb built in home directory.
freeradius_1.1.7-1build4_i386.deb
freeradius-dbg_1.1.7-1build4_i386.deb
freeradius-dialupadmin_1.1.7-1build4_all.deb
freeradius-iodbc_1.1.7-1build4_i386.deb
freeradius-krb5_1.1.7-1build4_i386.deb
freeradius-ldap_1.1.7-1build4_i386.deb
freeradius-mysql_1.1.7-1build4_i386.deb
freeradius-postgresql_1.1.7-1build4_i386.deb
Move these to a production server if this is ur development workstation.
Step 2- Installing the binary packages
dpkg -i reeradius_1.1.7-1build4_i386.deb
dpkg -i freeradius-mysql_1.1.7-1build4_i386.deb
After running with the out of the box configuration validate against a local user
E.g: run radius is debug mode
radiusd -X
From another shell run this while the radius -X is running
radtest abc 123 localhost 1812 testing123
Make sure the user abc with password 123 is set in the /etc/freeradius/users file)
Setp 3- Configuring the FR with mysql
Get hold of daloradius from http://sourceforge.net/projects/daloradius
tar -zxvf daloradius.tar.gz
cp daloradius/ /var/www -R
First the mysql bits (Creating the db & its admin user). Do the following
from ur shell.
mysqladmin -u root password 123456
mysql -u root -p
CREATE DATABASE radius;
exit
Import the the freeradius's schema
mysql -u root -p radius < /var/www/daloradius/contrib/db/mysql-daloradius-and-freeradius.sql
mysql -u root -p # Provide passoward and you will arrive at sql environment
use database radius; #This will select database radius.
show tables; #This will show all tables from database radius.
quit
Now edit ur /etc/freeradius/sql.conf
Reset the user/password/database parameters to reflect the the changes (eg. root/radpass/radius)
and search for the line
readclients = no
and change it to
readclients = yes
Edit the file /etc/freeradius/radius.conf
& add a line saying 'sql' to the authorize{} section (which is towards the end of the file). Also add a line saying 'sql' to the accounting{} section to tell FreeRADIUS to store accounting records in SQL as well. Optionally add 'sql' to the session{} section if you want to do Simultaneous-Use detection. Optionally add 'sql' to the post-auth{} section if you want to log all Authentication attempts to SQL.
Here is the authorize section:
authorise {
preprocess
chap
mschap
suffix
eap
sql
pap
And the accounting section:
accounting {
detail
sql
}
Insert a test user in the database. go to mysql shell & run this.
mysql -u root -p
mysql>use database radius;
mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('sqltest', 'Password', 'testpwd');
mysql>select * from radcheck where UserName='sqltest'; # This will show information about sqltest
mysql> exit
Fire up the radius in debug mode
radiusd -X
Go to another shell run the test
radtest sqltest testpwd localhost 1812 testing123
Congratulations freeradius + mysql setup is working.
4- Setting up web management with Daloradius
For fancy web based GUI managment & more read on.
############# For daloRADIUS version 0.9-7 stable release ##############
# by Liran Tal of Enginx <liran@enginx.com>
Prerequisites are
=============
Apache 1/2, PHP 4/5, PHP GD , PHP DB Abstraction Layer (may require PHP Pear), MySQL 4/5
apt-get install apache2
apt-get install php php-mysql php-pear php-gd php-pear-DB
Change permission and ownership.
chown apache:apache /var/www/daloradius -R
chmod 644 /var/www/daloradius/library/daloradius.conf
Daloradius needs to add few more tables to the radius database we already created earlier
.
(Note: The schemas in the daloradius/contrib/db folder won't work out of the box u need to modify them to get them working)
Now, simply adjust the MySQL database information in daloRADIUS's config file.
cd /var/www/daloradius/library/
vi daloradius.conf
Fill in the database details, few important parameters are listed below
CONFIG_DB_ENGINE = mysql
CONFIG_DB_HOST = 127.0.0.1
CONFIG_DB_USER = root
CONFIG_DB_PASS = radpass
CONFIG_DB_NAME = radius
Save the file and exit.
Setup the apache server
Edit the /etc/apache2/apache2.conf file & append this to the end of the file. (customize to ur likings)
Alias /daloradius "/var/www/daloradius/"
<Directory /var/www/daloradius/>
Options None
order deny,allow
deny from all
allow from 127.0.0.1
</Directory>
Save & exit
Restart the httpd server
/etc/init.d/httpd restart
Fire up the firefox (or neother borowser) & go to the url http://localhost/daloradius
(If this is a production server without GUI, set the "allow from <ip >" in the httpd.conf & url to it)
Login to the management:
username: administrator
password: radius
Change this information first for the sake of security. (Info is located in the operator table)
Congratulations you are done.
References:
http://freeradius.org/
http://wiki.freeradius.org/SQL_HOWTO
http://sourceforge.net/projects/daloradius
http://howtoforge.org/wifi-authentic...ius-on-centos5
Regards:
Total Comments 1
Comments
-
Posted 10-25-2010 at 07:57 AM by kashifazizawan