How to Install FreeRadius on Linux / OpenBSD / FreeBSD

This brief post shows you how to install FreeRadius on Linux / OpenBSD / FreeBSD with MySQL or MariaDB as the database. The Linux distributions which we will cover including CentOS and Ubuntu.

FreeRadius is an open-source, free, fast, feature-rich, modular, and scalable Radius server. According to its official web site, many Fortune-500 companies and tier 1 ISPs are using FreeRadius as their AAA solution.

Install FreeRadius with MySQL / MariaDB

Run the command with root / superuser level

CentOS

yum -y install freeradius freeradius-mysql

Ubuntu

apt-get install freeradius freeradius-mysql

OpenBSD

pkg_add -v freeradius freeradius-mysql

FreeBSD

pkg install freeradius

FreeRadius configuration ($freeradius_config) files are located inside this directory / folder:

Centos: /etc/raddb/

Ubuntu: /etc/freeradius/

OpenBSD: /etc/raddb/

FreeBSD: /usr/local/etc/raddb/

Connect to MySQL / MariaDB to create radius database!

# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 13411
Server version: 5.5.29-0ubuntu0.12.04.1 (Ubuntu)

Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database radius;

mysql> grant all on radius.* to raduser@localhost identified by 'radpass';

mysql> flush privileges;

Import mysql database schema included under “$freeradius_config/mysql/sql”  folder.

# mysql -uroot -p radius < /etc/freeradius/sql/mysql/schema.sql

Edit the default file located under $freeradius_config/site_available/ directory to enable ‘sql’ option.

It should be something like below:

authorize {
	preprocess
	auth_log
	chap
	mschap
	digest
	suffix
	eap {
		ok = return
	}
	files
	sql
	expiration
	logintime
	pap
}

authenticate {
	Auth-Type PAP {
		pap
	}
	Auth-Type CHAP {
		chap
	}
	Auth-Type MS-CHAP {
		mschap
	}
	digest
	unix
	eap
}

preacct {
	preprocess
	acct_unique
	suffix
	files
}

accounting {
	detail
	unix
	radutmp
	sql
	exec
}

session {
	radutmp
	sql
}

post-auth {
	sql
	exec
	Post-Auth-Type REJECT {
		attr_filter.access_reject
	}
}

pre-proxy {
}

post-proxy {
	eap
}

Edit sql.conf ($freeradius_config/sql.conf) file to meet the database settings.

sql {
database = "mysql"
driver = "rlm_sql_${database}"
server = "localhost"
port = 3306
login = "raduser"
password = "radpass"
radius_db = "radius"
acct_table1 = "radacct"
acct_table2 = "radacct"
postauth_table = "radpostauth"

authcheck_table = "radcheck"
authreply_table = "radreply"

groupcheck_table = "radgroupcheck"
groupreply_table = "radgroupreply"

usergroup_table = "radusergroup"

# read_groups = yes
deletestalesessions = yes
sqltrace = no
sqltracefile = ${logdir}/sqltrace.sql
num_sql_socks = 5
connect_failure_retry_delay = 60
lifetime = 0
max_queries = 0
readclients = no
nas_table = "nas"

# Read driver-specific configuration
$INCLUDE sql/${database}/dialup.conf
}

Using PhpMyAdmin or sql command, insert a new field in radcheck table like below!

mysql> select * from radcheck;
+----+--------------------------+--------------------+----+----------+
| id | username                 | attribute          | op | value    |
+----+--------------------------+--------------------+----+----------+
|  1 | testuser                 | Cleartext-Password | := | password |
+----+--------------------------+--------------------+----+----------+
1 rows in set (0.00 sec)

Restart the FreeRadius service to read the new config.

# /etc/init.d/freeradius restart
* Stopping FreeRADIUS daemon freeradius                    [ OK ]
* Starting FreeRADIUS daemon freeradius                    [ OK ]

Now it is the time to test the configuration using “radtest” tool as follow:

# radtest testuser password localhost 1812 testing123
Sending Access-Request of id 49 to 127.0.0.1 port 1812
User-Name = "testuser"
User-Password = "password"
NAS-IP-Address = 192.168.10.10
NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=49, length=20

If you get Access-Accept as in the last line above, the FreeRadius is now successfully configured and ready to process requests.