What is FreeRADIUS?

FreeRADIUS is the most popular open-source RADIUS server. It supports all common authentication protocols and supplies the AAA protocol ( Authentication, Authorization and Accounting ) for many companies around the world, including many Fortune-500 companies.

It was developed in the dial-up era and used to manage users and keep track of bandwidth usage for billing purposes, however it is still going strong and used by a great deal of companies to this day. It’s commonly used with networking software such as OpenVPN, SoftEther, Squid Proxies and WiFi managing tools.

NOTE: If you’d like to set up FreeRADIUS on an Ubuntu 18.04 machine, visit our other tutorial Install and Configure FreeRADIUS on Ubuntu 18.04 with MySQL

How to set up a RADIUS server?

We present 2 methods of setting up FreeRADIUS:

1. The hard way: Manually setting it up by connecting to your machine via SSH, as well as configuring it and troubleshooting. Depending on your end goal, this can take from 30 if you know what you’re doing, to several hours if you’re just getting started.

2. The easy way: Deploying a server with FreeRADIUS + daloRADIUS + phpMyAdmin installed out of the box in just a few minutes. You can do this by ordering our FreeRADIUS VPS that comes with the software installed and also offers you the possibility to also order priority support, so you’ll have our assistance with any RADIUS related issue you have going forward. To proceed, check out our FreeRADIUS Server Plans.

Method 1 — The Easy Way – 5 minutes

Should you be pressed for time and need to deploy RADIUS servers fast and troubleshoot problems quickly, your best option may be an out of the box solution. As mentioned, you can also upgrade your service to receive Priority Support, should you find yourself tackling complex problems. To order, proceed to our FreeRADIUS VPS Plans.

Pre-Installed FreeRADIUS Servers

Automatic FreeRADIUS 3 + daloRADIUS Set Up

Instantly deploy machines with FreeRADIUS + MySQL + daloRADIUS GUI Panel already set up, receive the credentials and take over from there! You also get our custom WHMCS Module to help you manage it from our dashboard.

Pick one of our FreeRADIUS KVM plans

Method 2 — The Hard Way

Prefer to do it yourself? Then this is the way to go. Moving forward, we’ll install FreeRADIUS along with daloRADIUS on a machine running a fresh installation of CentOS 7.

Step 1 – Install FreeRADIUS & Additional Modules on CentOS 7

Run the following command to update the system’s package index:

We want to install the following packages:

  • freeradius
  • freeradius-utils
  • freeradius-mysql
  • freeradius-perl

We normally can install the above mentioned packages from the CentOS YUM repository.

With the following line we’ll perform a quick search for all the available freeRADIUS packages, to make sure they’re available:

The output should look something like this:

Looking through the output we can see the packages we want to install are available so we can go through with the installation.

With the following line we’ll install freeradius, freeradius-utils, freeradius-mysql and freeradius-perl:

After the installation’s finished, start and enable freeRADIUS so it’s running and so it also starts up on boot:

Output for enable radiusd.service:

Check the status of radiusd.service:

Output:

Configure CentOS 7 Firewall for freeRADIUS

We’ll configure firewalld to allow radius and httpd packets.

RADIUS server uses UDP ports 1812 and 1813. You can check this by issuing the following command:

Output:

  1. Start, enable firewalld and check it’s status

    Output of status check:

  2. Check to make sure firewalld is running

  3. Create permanent rules to default zone to allow http, https and radius services

  4. Reload firewalld for the changes to take effect

  5. Confirm that the services were successfully added to default zone

    The services that we just allowed (http, https & radius) are all listed in the output, which means we can proceed.

Test RADIUS Server

We’ll test the RADIUS server in debug mode, which means we’ll have to run the service. The problem is that the server’s already running from earlier, and running in debug mode will fail to bind ports, as such we’ll have to kill the radius service first:

Now run the RADIUS server in debug mode to check if everything’s working:

You should see a long output ending in:

The basic installation of FreeRADIUS seems to have been successful.

Now we’ll proceed with configuring our RADIUS server to use MariaDB or MySQL ( depending on which you prefer ).

Step 2 – Install & Configure MariaDB 10 on CentOS 7

NOTE: MariaDB 5.5 is the default database engine in CentOS at the time of writing. Installing MySQL should be somewhat similar. Should you want us to add instructions for MySQL, then just hit us up and we’ll add in the instructions for MySQL.

MariaDB 10 is not the default version on CentOS, as such we’ll add the official MariaDB repositories to our system.

Create a new file, we’ll call it /etc/yum.repos.d/MariaDB.repo using your favorite text editor:

Add the following content to it, and save and exit the file when you’re done:

Update the package index:

And install MariaDB:

After the installation is finished, start MariaDB and enable it so it runs on boot:

Check to make sure it’s running and enabled:

Securing MariaDB / MySQL

MariaDB/MySQL comes with a script that helps you conveniently secure it and remove some insecure defaults. Some important things it allows you to do:

  • set the root password
  • remove anonymous users
  • disallow remote login

Run it with the following command and you’ll be guided through the process.

We recommend you proceed as follows:

Enter current password for root (enter for none): ENTER
Set root password? [Y/n] y
New password: Enter password
Re-enter new password: Repeat password

You’ll also be prompted to answer some questions to remove/keep some defaults:

Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y

Step 3 – Install PHP 7 on CentOS 7

CentOS 7 ships with PHP 5.4 at the time of writing, which has been officially EOL for some time.

By using PHP 7 applications will load faster and use up less resources.

PHP 7.x is available from various repositories. For our purposes, we’ll use the Remi Repository, which provides newer versions of applications.

The Remi Repository depends on the EPEL repository. With the following line we’ll add both EPEL and Remi:

We’ll install PHP 7.3, which is the latest stable release at the time of writing.

Enable the PHP 7.3 Remi repository:

And run the following command to install PHP 7.3 along with some of the most common PHP modules:

You may be asked during the installation if you’re ok with importing a GPG Key. Answer y and hit enter.

With the following command we can check the PHP version, to make sure the installation was successful:

Step 4 – Configure FreeRADIUS to use MariaDB/MySQL

To configure FreeRADIUS to use MariaDB / MySQL, we’ll have to create a database with tables to be used by the FreeRADIUS server for finding RADIUS users and to store accounting data.

The FreeRADIUS MySQL package ships with the necessary query to create these tables, making our job a lot easier.

To begin, we’ll log into MariaDB or MySQL and create and configure a database that we’ll call radius:

Enter your password at the prompt.

Once you’re logged in, run the following commands to create and configure the database:

Next import the RADIUS database scheme to populate the radius database:

And create a soft link for SQL under /etc/raddb/mods-enabled:

Now we’ll configure the freeRADIUS server to use the database server. Do this by opening the configuration file /raddb/mods-available/sql using your favorite text editor:

The sql section should look something like the following, although yours will be a longer document due to explanations and other lines that are commented out.

The steps to follow here are:

  1. Change driver = "rlm_sql_null" to driver = "rlm_sql_mysql"

  2. Change dialect = "sqlite" to dialect = "mysql"

  3. Uncomment server, port, login and password by removing # from the beginning of the line, as well as changing password = "radpass" to password = "radiuspassword".

    To exemplify, here is how the lines look initially:

    And here is how they look after:

  4. Uncomment the read_clients = yes line, by removing the # at the beginning of the line.

  5. The other lines should be already set up according to our needs, so you can save and close the file when you’re done. ( You can check to make sure that everything’s in order, however )

Finally, change the group rights of /etc/raddb/mods-enabled/sql to radiusd:

Now let’s run FreeRADIUS in debug mode again, since we’ve made some changes.

If the RADIUS server is running, first kill the deamon:

And run the server in debug mode:

Output:

Step 5 – GUI WebPanel

There are a few freeRADIUS web panels available for easier user creation and management. We’re currently using daloRADIUS. You can follow our tutorial to installing daloRADIUS WebPanel on a RADIUS server on CentOS 7, and then return to this page.

daloradius_preview

NOTE: Should you be looking for a ready-made solution complete with FreeRADIUS + daloRADIUS installed, we offer FreeRADIUS Servers that you can deploy in a few minutes. Additionally you can opt, any time after you’ve ordered, for priority support which ensures you get help when you encounter issues.

Step 6 – Create a NAS Client & User

For other computers to connect to the RADIUS server, they need to be added to the NAS client table in the RADIUS database.

First we need to add the NAS. Do this in daloRADIUS by navigating to Managemnt > Nas > New Nas.

daloradius_create_nas_table

After adding the NAS, you can add new Users in daloRADIUS by going to Management > Users > New Users.

daloradius_add_new_user

There are more attributes that you can set to users and user groups, however that is beyond the scope of this tutorial.

Now that we’ve added a new NAS and new User, we should test them. Every time a new NAS is added, you’ll need to reload FreeRADIUS so it fetches the refreshed table. To test that everything is OK, stop the freeradius server and start it in debug mode and move on to the next step.

First we’ll kill the daemon:

And start it in debug mode:

Step 7 – Testing with NTRadPing

A great tool we can use to test our radius servers is NTRadPing. You can download it here: ntradping.

Unzip and run the executable, and in fill out the fields with the credentials you created earlier when adding the new NAS and new User. Here’s how we fill it, according to the credentials we created in this tutorial. Also keep in mind that RADIUS users port 1812, so that’s the port you want to fill in.

RADIUS Server/port: your_server_ip / 1812
RADIUS Secret Key: strongsecret!
Password: Strongpassword

And check the CHAP checkbox.

radius_test_ntradping

Now click Send and you should receive a reply that looks something like this:

The output for FreeRADIUS debug mode when a user is successfully authenticated should look something like this:

Step 8 – Conclusion

If you’ve made it this far then you should have your FreeRADIUS server up and running with daloRADIUS WebPanel on a CentOS 7 machine. Well done.

Should you have issues with setting up RADIUS servers, then do keep in mind that we offer a solution for deploying instant FreeRADIUS Servers.

Our servers come with FreeRADIUS + daloRADIUS + phpMyAdmin readily installed, and you can have them up in minutes! Additionally, you can opt for our Professional Support addon at a later time, should you find yourself needing priority support when things get more complex. To find out more info, please check our FreeRADIUS Servers Offer.


Additional tutorials you may be interested in:

Pre-Installed FreeRADIUS Servers

Automatic FreeRADIUS 3 + daloRADIUS Set Up

Instantly deploy machines with FreeRADIUS + MySQL + daloRADIUS GUI Panel already set up, receive the credentials and take over from there! You also get our custom WHMCS Module to help you manage it from our dashboard.

Pick one of our FreeRADIUS KVM plans


Vlad

Tech Support

Leave a Comment

LIMITED TIME SPECIAL 💀

Enter your email below to get 20% OFF on any of our Linux VPS plans and receive weekly deals on our services!