-
Notifications
You must be signed in to change notification settings - Fork 37
Installing FreeRADIUS version 3.x on Ubuntu 20.04
Dirk van der Walt edited this page Sep 1, 2022
·
2 revisions
-
Ubuntu 20.04 now comes with a FreeRADIUS 3.x release.
-
Install FreeRADIUS and MySQL module.
sudo apt-get -y install libdatetime-perl
sudo apt-get -y install freeradius freeradius-mysql
# Answer yes to install these with their dependencies
# Please note that when this package is installed there are some things generated that can take up lots of time on slower machines.- Enable and Start FreeRADIUS
sudo systemctl enable freeradius
sudo systemctl start freeradius- Do the following to configure FreeRADIUS 3.x to work with RdCore
# Stop the service if it is already running
sudo systemctl stop freeradius
# Backup the original FreeRADIUSdirectory
sudo mv /etc/freeradius /etc/freeradius.orig
# Extract the RdCore modified FreeRADIUS directory
sudo tar xzf /var/www/rdcore/cake4/rd_cake/setup/radius/freeradius-3-radiusdesk.tar.gz --one-top-level=/etc/freeradius/
sudo mv /etc/freeradius/freeradius /etc/freeradius/3.0
sudo chown -R freerad. /etc/freeradius/3.0/
sudo mkdir /var/run/freeradius
chown freerad. /var/run/freeradius- Configure the site-wide shared secret. This will be the value used by ALL
Dynamic Clients.
sudo vi /etc/freeradius/3.0/sites-enabled/dynamic-clients- Look for this part in the file and change FreeRADIUS-Client-Secret to the value you choose to use.
# Echo the IP address of the client.
FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}"
# require_message_authenticator
FreeRADIUS-Client-Require-MA = no
# secret
FreeRADIUS-Client-Secret = "testing123"
# shortname
FreeRADIUS-Client-Shortname = "%{Packet-Src-IP-Address}"
- Comment out the following two lines in the Systemd unit file
sudo vi /lib/systemd/system/freeradius.service- See this sample to see which two lines to comment out. Failing to do this will result in a broken system with FreeRADIUS not starting up during boot
[Unit]
Description=FreeRADIUS multi-protocol policy server
After=syslog.target network.target
Documentation=man:radiusd(8) man:radiusd.conf(5) http://wiki.freeradius.org/ http://networkradius.com/doc/
[Service]
Type=forking
PIDFile=/run/freeradius/freeradius.pid
#EnvironmentFile=-/etc/default/freeradius
#ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cxm -lstdout
ExecStart=/usr/sbin/freeradius $FREERADIUS_OPTIONS
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target- After you completed these commands you can test if FreeRADIUS starts up fine.
sudo systemctl daemon-reload
sudo systemctl restart freeradius
sudo systemctl status freeradius- It might happen that FreeRADIUS does not start up with the previous commands.
- That most likely is because the SQL databes and the freeradius config file has an entry for localhost.
- The simplest fix for this problem is to delete the entry with nasname 127.0.0.1 from the nas table in the rd database.
sudo mysql -u root rd;
delete from nas where nasname='127.0.0.1';
exit;- Then confirm it is running after this
sudo systemctl restart freeradius
sudo systemctl status freeradius- There is a small bug which prevents FreeRADIUS to start up after a reboot.
- It has been reported here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954911
- There also seems to be a fix but it has not reached the Ubuntu repositories as of this writing.
- So here is the fix taken from the discussion in the link
- Create a file called
/usr/lib/tmpfiles.d/freeradius.conf.
sudo vi /usr/lib/tmpfiles.d/freeradius.conf- Add the following line
d /run/freeradius 750 freerad freerad -- If you are curious about what we did, here is a write-up on tmpfiles.d
- To create the ability for the web server to exercise some control over FreeRADIUS, we will have a custom script which is added to the
sudoersfile. - The correct way to edit the sudoers file is by using:
sudo visudo- Add the following at the bottom
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL www-data ALL = NOPASSWD:/var/www/html/cake4/rd_cake/setup/scripts/radmin_wrapper.pl - Confirm that this line is now inside the
/etc/sudoersfile
sudo cat /etc/sudoers- This will allow the root user in RdCore to Start and Stop FreeRADIUS service and do on-the-fly activation of debug traces.