Installing freeradius on Ubuntu 14.04

Install and configure freeradius

Install via apt-get

sudo apt-get install freeradius freeradius-mysql apache2 php5 libapache2-mod-php5 mysql-server mysql-client php5-mysql  

While installing freeradius, you will be asked for a password. Type in a strong password and keep it for later. We will need it.

Configure your first user

*Before doing any changes to the configuration files, I can only recommend using git or mercurial to keep track of your changes and revert them *

Edit the freeradius users with vim

vim /etc/freeradius/users  

and search for the user 'John Doe' which should be commented. Remove the comment from this line as well as the next line which says:

"John Doe" Auth-Type := Local, User-Password == "hello"
Reply-Message = "Hello, %u"  

Save and exit. Upon restarting the service, this user will be activated and will be ready to use. Now start freeradius with verbose output:

sudo freeradius -fxxX  

If you get an error, like service is already running or port is being used, then most probably this means that freeradius has been started automatically when you first installed it. You need to kill this process. First find this process id

ps -ef | grep freeradius  
#Then kill it with
kill -9 <PROCESS ID HERE>  

Later when everything is working fine, you can start freeradius with:

sudo service freeradius start  

If everything goes fine and you receive no error, then you should now be able to log into your radius server. Open a new window and type:

sudo radtest "John Doe" hello 127.0.0.1 0 testing123  

You should get an accept reply, mine was:

Sending Access-Request of id 136 to 127.0.0.1 port 1812  
User-Name = "John Doe"  
User-Password = "hello"  
NAS-IP-Address = 255.255.255.255  
NAS-Port = 0  
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=136, length=37  
Reply-Message = "Hello, John Doe"  

Remote access to the radius server

The configuration method described above does not grant you automatically an access from the internet to your radius server. If you have the domain name example.com and you tried an access from outside:

sudo radtest "John Doe" hello example.com 0 testing123  

Then you will get a connection closed error. To enable remote access you need to define at least one remote clinet.
edit the /etc/freeradius/clients.conf file

vim /etc/freeradius/clients.conf  

And add the following snippet:

client 0.0.0.0/0 {  
  secret = "mysecret"
  shortname = name
}

Replace the 'mysecret' with any password you want. Note that by doing this you open your radius server authentication to the internet!!!. You can of course fine tune this setting to allow connections from only a short list of clients

Again restart the freeradius. Now from another machien, try the following:

radtest "John Doe" "hello" example.com 0 "mysecret"  

You should now be able to connect to your radius server from any client.

Here's part 2 of this tutorial
Configure freeradius with mysql

comments powered by Disqus