How to Setup Radius Server On Ubuntu 1604

Before we start we will slightly explain what is Radius Server.

Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service. RADIUS allows a company to maintain user profiles in a central database that all remote servers can share. It provides better security, allowing a company to set up a policy that can be applied at a single administered network point. Having a central service also means that it’s easier to track usage for billing and for keeping network statistics. Created by Livingston (now owned by Lucent), RADIUS is a de facto industry standard used by a number of network product companies and is a proposed IETF standard.

You will need a Ubuntu 1604 on your Virtual Machines or a real server to complete the tutorial.

Step 1 : Install package that radius server is needed.

apt-get install libauthen-radius-perl libauthen-simple-radius-perl libgcrypt11-dev wget build-essential

Step 2 : Install freeradius package

apt-get install freeradius freeradius-mysql

Step3 : Edit /etc/freeradius/sites-enabled/default

vim /etc/freeradius/sites-enabled/default
Uncomment every sql and comment every files

authorize {

# files sql


authenticate {


preacct {

# files


accounting {



session {



post-auth {


Post-Auth-Type REJECT {

# log failed authentications in SQL, too.





Save & Quit.

Step4 : Edit /etc/freeradius/radiusd.conf

vim /etc/freeradius/radiusd.conf
Uncomment the $INCLUDE sql.conf
Save & Quit.

Step 5 : Edit /etc/freeradius/sql.conf

vim /etc/freeradius/sql.conf 
NOTE : all the content should be same in mysql which we will do later.
login = "myuser"
password = "mypassword"
radius_db = "mydatabase"
Uncomment read_groups = yes & readclients = yes
Save & Quit.

Step 6: Install the mysql server

 apt-get install mysql-server -y
enter and repeat the password for new mysql root user.

Step 7 : Create a database , user and password for radius.

Log in to your mysql with the your password .
mysql -u root -p
mysql> create database mydatabase;
mysql> CREATE USER 'myuser'@'localhost' IDENTIFIED BY 'mypassword';
mysql> GRANT ALL PRIVILEGES ON * . * TO 'myuser'@'localhost';
mysql> flush privileges;

Step 8 : We’ll need to import the sql files for freeradius into the radius database. The schema.sql and nas.sql file is located at /etc/freeradius/sql/mysql folder.

mysql -u root -p mydatabase < /etc/freeradius/sql/mysql/schema.sql;
mysql -u root -p mydatabase < /etc/freeradius/sql/mysql/nas.sql;
mysql -u root -p
mysql> use mydatabase;
mysql> show tables;

| Tables_in_mydatabase |
| nas                                      |
| radacct                               |
| radcheck                            |
| radgroupcheck                 |
| radgroupreply                  |
| radpostauth                      |
| radreply                             |
| radusergroup                    |

Test radius server

1. Login to your mysql

mysql -u root -p
mysql> use mydatabase;
mysql> INSERT INTO nas VALUES (NULL , '', 'myNAS', 'other', NULL , 'mysecret', NULL , NULL , 'RADIUS Client');
mysql> INSERT INTO radcheck (username, attribute, op, value) VALUES ('user','User-Password',':=','123123');
mysql> insert into radusergroup (username,groupname,priority) values ('user','test','1');
mysql> INSERT INTO radgroupreply (groupname, attribute, op, value) VALUES ('test', 'Service-Type', ':=', 'Framed-User'), ('test', 'Framed-Protocol', ':=', 'PPP'), ('test', 'Framed-Compression', ':=', 'Van-Jacobsen-TCP-IP');
You may quit mysql now.
Restart freeradius and mysql to make sure all the things was loaded.
service mysql restart
service freeradius restart

2. Download NTRAdPing (Windows only) and enter the following information.

a) your radius server ip.
b) Your username and password (you entered into radcheck earlier)
c) Your secret (you entered into nas table earlier)
d) Port is standard 1812 for authentication (do not change it)

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *