How to Setup Radius Server On Ubuntu 1604
Before we start we will slightly explain what is Radius Server.
Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service. RADIUS allows a company to maintain user profiles in a central database that all remote servers can share. It provides better security, allowing a company to set up a policy that can be applied at a single administered network point. Having a central service also means that it’s easier to track usage for billing and for keeping network statistics. Created by Livingston (now owned by Lucent), RADIUS is a de facto industry standard used by a number of network product companies and is a proposed IETF standard.
You will need a Ubuntu 1604 on your Virtual Machines or a real server to complete the tutorial.
Step 1 : Install package that radius server is needed.
apt-get install libauthen-radius-perl libauthen-simple-radius-perl libgcrypt11-dev wget build-essential
Step 2 : Install freeradius package
apt-get install freeradius freeradius-mysql
Step3 : Edit /etc/freeradius/sites-enabled/default
vim /etc/freeradius/sites-enabled/default
Uncomment every sql and comment every files
authorize {
# files sql
}
authenticate {
}
preacct {
# files
}
accounting {
sql
}
session {
sql
}
post-auth {
sql
Post-Auth-Type REJECT {
# log failed authentications in SQL, too.
sql
attr_filter.access_reject
}
}
Save & Quit.
Step4 : Edit /etc/freeradius/radiusd.conf
vim /etc/freeradius/radiusd.conf
Uncomment the $INCLUDE sql.conf
Save & Quit.
Step 5 : Edit /etc/freeradius/sql.conf
vim /etc/freeradius/sql.conf
NOTE : all the content should be same in mysql which we will do later.
login = "myuser"
password = "mypassword"
radius_db = "mydatabase"
Uncomment read_groups = yes & readclients = yes
Save & Quit.
Step 6: Install the mysql server
apt-get install mysql-server -y
enter and repeat the password for new mysql root user.
Step 7 : Create a database , user and password for radius.
Log in to your mysql with the your password .
mysql -u root -p
mysql> create database mydatabase;
mysql> CREATE USER 'myuser'@'localhost' IDENTIFIED BY 'mypassword';
mysql> GRANT ALL PRIVILEGES ON * . * TO 'myuser'@'localhost';
mysql> flush privileges;
Step 8 : We’ll need to import the sql files for freeradius into the radius database. The schema.sql and nas.sql file is located at /etc/freeradius/sql/mysql folder.
mysql -u root -p mydatabase < /etc/freeradius/sql/mysql/schema.sql;
mysql -u root -p mydatabase < /etc/freeradius/sql/mysql/nas.sql;
mysql -u root -p
mysql> use mydatabase;
mysql> show tables;
+—————————-+
| Tables_in_mydatabase |
+—————————-+
| nas |
| radacct |
| radcheck |
| radgroupcheck |
| radgroupreply |
| radpostauth |
| radreply |
| radusergroup |
+—————————-+
Test radius server
1. Login to your mysql
mysql -u root -p
mysql> use mydatabase;
mysql> INSERT INTO nas VALUES (NULL , '0.0.0.0/0', 'myNAS', 'other', NULL , 'mysecret', NULL , NULL , 'RADIUS Client');
mysql> INSERT INTO radcheck (username, attribute, op, value) VALUES ('user','User-Password',':=','123123');
mysql> insert into radusergroup (username,groupname,priority) values ('user','test','1');
mysql> INSERT INTO radgroupreply (groupname, attribute, op, value) VALUES ('test', 'Service-Type', ':=', 'Framed-User'), ('test', 'Framed-Protocol', ':=', 'PPP'), ('test', 'Framed-Compression', ':=', 'Van-Jacobsen-TCP-IP');
You may quit mysql now.
Restart freeradius and mysql to make sure all the things was loaded.
service mysql restart
service freeradius restart
2. Download NTRAdPing (Windows only) and enter the following information.
a) your radius server ip.
b) Your username and password (you entered into radcheck earlier)
c) Your secret (you entered into nas table earlier)
d) Port is standard 1812 for authentication (do not change it)
Leave a Reply
Want to join the discussion?Feel free to contribute!