Installing and Configuring Freeradius + MySQL and Daloradius + MySQL on Ubuntu Server 11.04 for Mikrotik Hotspot/PPoE/PPTP (Tested on VirtualBox)



Installing and Configuring Freeradius

The first step is to Install Freeradius (ensure you already update your apt with apt-update)
$sudo apt-get install freeradius 
 * Starting FreeRADIUS daemon freeradius                                 [ OK ] 
Setting up freeradius-utils (2.1.10+dfsg-3build2) ...

Then prepare the database for freeradius. Create database radius and assign username and password for accessing it. 

# mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 51
Server version: 5.5.24-0ubuntu0.12.04.1 (Ubuntu)

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database radius; 
mysql> grant all on radius.* to radius@localhost identified by "thepassword";
Query OK, 0 rows affected (0.00 sec)

The next step was to insert the database schema and I realized that I could not find the database scheme in /etc/freeradius.

Obviously I should install freeradius-mysql package first. 

#apt-get install freeradius-mysql
Setting up freeradius-mysql (2.1.10+dfsg-3build2) ...
 * Reloading FreeRADIUS daemon freeradius                                [ OK ] 

Then insert the database scheme 

# mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql 
Enter password:
# mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sql 
Enter password: 

Now we try to insert new user for testing purpose in database. 

# mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 72
Server version: 5.5.24-0ubuntu0.12.04.1 (Ubuntu)

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> use radius;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('sqltest', 'Password', 'testpwd');
Query OK, 1 row affected (0.04 sec)

mysql> exit
Bye

The next step is we need to configure the Freeradius files. 

Edit /etc/freeradius/sql.conf file. Setting database type, login and password that we already setup before.

# vim /etc/freeradius/sql.conf
  
  database = mysql
  login = radius
  password = thepassword

  readclients = yes

Then edit the /etc/freeradius/sites-enabled/default file

# vim /etc/freeradius/sites-enabled/default 

    Uncomment sql on authorize{}
    # See “Authorization Queries” in sql.conf
    sql

    Uncomment sql on accounting{}
    # See “Accounting queries” in sql.conf
    sql

    Uncomment sql on session{}
    # See “Simultaneous Use Checking Queries” in sql.conf
    sql

    Uncomment sql on post-auth{}
    # See “Authentication Logging Queries” in sql.conf
    sql 
      
Then we edit /etc/freeradius/radiusd.conf file

# vim /etc/freeradius/radiusd.conf 

  #Uncomment #$INCLUDE sql.conf
  $INCLUDE sql.conf

To test our configuration, first we must stop the freeradius service (if already running) 
# /etc/init.d/freeradius stop
 * Stopping FreeRADIUS daemon freeradius                                 [ OK ]

Then run this command to run freeradius in debugging mode. If there is no error, you are good to go.
#freeradius -X

On a new shell or window we tested the connection

$ radtest sqltest testpwd localhost 18128 testing123
Sending Access-Request of id 65 to 127.0.0.1 port 1812
User-Name = "sqltest"
User-Password = "testpwd"
NAS-IP-Address = 127.0.1.1
NAS-Port = 18128
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=65, length=20

The test running well with Accept response from the server.

To enable Mikrotik device to access our server we need to add client in clients.conf file.

#vim /etc/freeradius/clients.conf

client 10.0.0.0/8 {

        secret = testingpassword
        shortname = testing
        nastype= mikrotik
}

*note: we need to stop freeradius -X and then running it again to test our configuration

Update (Jan 27, 2013):  If we want to add specific value for Mikrotik, we need to add mikrotik dictionary

#vim /etc/freeradius/dictionary 


Then add this line below


$INCLUDE  /usr/share/freeradius/dictionary.mikrotik

Mikrotik Configuration

We need to configure our Mikrotik devices to use our new radius server.  We need to login to Mikrotik device and configure the radius in Radius menu. 

Below image is an example of our configuration. 


*Note: we increase timeout settting to 3000ms to enable invalid login notifications. (not working with default 300ms)
You can setting Mikrotik Hotspot using that Radius if you want, or can use another hotspot software like easyHotspot


Daloradius Installation 

First, we need to download daloradius file 

$wget http://downloads.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fdaloradius%2Ffiles%2F&ts=1345296201&use_mirror=nchc

Rename and extract the file 

# tar xvfz daloradius-0.9-9.tar.gz
# mv daloradius-0.9-9 daloradius

Move the file to the web server directory. In this case I use apache on Ubuntu so the location is at /var/www

# mv daloradius-0.9-9 daloradius
# mv daloradius /var/www

Then we need to setup the database. Because already setup the freeradius using MySQL, so we don't need new database. All we need to do is to import the daloradius scheme into our existing radius database.

# cd /var/www/daloradius/contrib/db
# mysql -u root -p radius < mysql-daloradius.sql

After database successfully altered, we need to configure the daloradius setting.

#vim /var/www/daloradius/library/daloradius.conf.php

Change the database password 

$configValues['CONFIG_DB_PASS'] = 'thepassword';

Then we can try to access daloradius using http://ipaddressoftheserver/daloradius

*Note: In my installation, i had a problem because I didn't have php5-gd php-pear and php-db packages installed on my Ubuntu server. 

To deal with this problem you can install the packages using

# apt-get install php5-gd php-pear php-db 




If some time going wrong..cek this
DEBUG : 

Failed binding to authentication address * port 1812: Address already in use
/etc/freeradius/radiusd.conf[240]: Error binding to port for 0.0.0.0 port 1812
ps aux | grep free
or
ps ax | grep radius
check for the process already running.
kill -9 PID
then start radius in debug mode.
/usr/sbin/freeradius -X you probably have one started manually and one from init.d, and they are arguing over port access.
After all, when you kill the PID.
Just start the freeradius from demon.
/etc/init.d/freeradius start
Start normally.
Now to confirm everything is working fine, restart the server.
/etc/init.d/freeradius restart
If there is any issue, Comments here.

References, 

http://andrewpakpahan.blogspot.com/2012/08/installing-and-configuring-freeradius.html
http://techinfozone.net/failed-binding-authentication-address-port-1812-address-already-use-freeradius/

Share this

Related Posts

Previous
Next Post »