Wir schaffen das! – We can do IT!

Message Us on WhatsApp
Save My Contact
English
Deutsch
العربية
Blog

FreeRADIUS with MySQL Setup Guide

by

Suar
in



This guide will walk you through setting up FreeRADIUS with MySQL on an Ubuntu server. You’ll install necessary packages, configure MySQL, and set up FreeRADIUS to work with network devices and users.

Prerequisites

  • A fresh Ubuntu server.
  • Basic knowledge of Linux command-line operations.
  • Administrative access to the server.

Step 1: Update and Upgrade the System

  1. Update package lists: 
    sudo apt update
  2. Upgrade installed packages: 
    sudo apt upgrade -y
  3. Perform distribution upgrade: 
    sudo apt dist-upgrade -y

Step 2: Install Required Packages

  1. Install FreeRADIUS, MySQL, PHP, Apache, and additional utilities: 
    sudo apt install php apache2 php8.1-fpm freeradius libapache2-mod-php mariadb-server freeradius-mysql freeradius-utils php-{gd,common,mail,mail-mime,mysql,pear,db,mbstring,xml,curl} -y
  2. Enable and start services: 
    sudo systemctl enable --now apache2 && sudo systemctl enable freeradius

Step 3: Secure the MariaDB Installation

  1. Run the security script: 
    sudo mysql_secure_installation
    • Enter current password for root: Press Enter if there is no current password.
    • Switch to unix_socket authentication: Type n.
    • Change the root password: Type n.
    • Remove anonymous users: Type y.
    • Disallow root login remotely: Type y.
    • Remove test database: Type y.
    • Reload privilege tables: Type y.

Step 4: Create the FreeRADIUS Database and User

  1. Log in to MySQL: 
    sudo mysql -u root -p
  2. Create database and user: 
    CREATE DATABASE radius;
CREATE USER 'radius'@'localhost' IDENTIFIED BY 'securepassword';
GRANT ALL PRIVILEGES ON radius.* TO 'radius'@'localhost';
FLUSH PRIVILEGES;
quit;

Step 5: Import the FreeRADIUS Schema

sudo su -
mysql -u root -p radius < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql
exit

Step 6: Enable the SQL Module in FreeRADIUS

sudo ln -s /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-enabled/

Step 7: Configure the SQL Module

  1. Edit SQL configuration: 
    sudo nano /etc/freeradius/3.0/mods-enabled/sql
    • Set driver = "rlm_sql_mysql".
    • Set dialect = "mysql".
    • Uncomment read_clients = yes.
    • Uncomment client_table = "nas".

Step 8: Set Correct Permissions

sudo chgrp -h freerad /etc/freeradius/3.0/mods-available/sql
sudo chown -R freerad:freerad /etc/freeradius/3.0/mods-enabled/sql

Step 9: Configure Dynamic VLAN Assignment

sudo nano /etc/freeradius/3.0/mods-enabled/eap

Set use_tunneled_reply = yes in the peap section.

Step 10: Reload FreeRADIUS Configuration

sudo service freeradius reload

Step 11: Add Network Devices

sudo nano /etc/freeradius/3.0/clients.conf

Add the following entry:

client network_device {
    ipaddr = 192.168.1.1
    secret = secretkey
}

Step 12: Add Users

sudo nano /etc/freeradius/3.0/users

Add the following entries:

user1 Cleartext-Password := "password1"
    Tunnel-Type = 13,
    Tunnel-Medium-Type = 6,
    Tunnel-Private-Group-Id = 4

Step 13: Reboot the Server

sudo reboot

Step 14: Test the FreeRADIUS Configuration

radtest user1 password1 127.0.0.1 0 testing123

Troubleshooting Tips

  • No Reply from Server: Run FreeRADIUS in debug mode: 
    sudo /usr/sbin/freeradius -X
  • Error Binding to Port: Stop the FreeRADIUS service: 
    sudo service freeradius stop
  • Unknown Client Error: Verify the IP address in clients.conf.
  • Client Name Resolution Error: Ensure the IP address is correctly specified in clients.conf.

Conclusion

You have now set up FreeRADIUS with MySQL on your Ubuntu server. This setup allows you to manage user authentication and dynamic VLAN assignments effectively.


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *