Freeradius Installation Guide on CentOS 7


FreeRADIUS Installation Guide on CentOS 7 Prerequsities [github] CentOS 7 freeradius-3.0.16 Reference Downloads

git clone
cd freeradius-server
git branch -a
git checkout v3.0.x Build and Install

yum install -y libtalloc-devel openssl-devel make autoconf
rpm -ivh mysql-community-common-5.7.20-1.el7.x86_64.rpm
rpm -ivh mysql-community-libs-5.7.20-1.el7.x86_64.rpm
rpm -ivh mysql-community-client-5.7.20-1.el7.x86_64.rpm
rpm -ivh mysql-community-devel-5.7.20-1.el7.x86_64.rpm>
cd freeradius-server
make && make install

On Ubuntu15.04:(1) talloc$ wget$ tar zvxf talloc-2.1.0.tar.gz$ cd talloc-2.1.0$ ./configure --without-gettext$ make && sudo make install(2) ykclient, yubikey$ sudo apt-get install libykclient3$ sudo apt-get install libykclient-dev$ sudo apt-get install libyubikey-dev(3) build$ cd freeradius-server$ ./configure$ make && sudo make install

Install path is:


Config files are located in:

/usr/local/etc/raddb Run as Debug Mode

trim the first character ‘#’ in the below paragraph:

vi /usr/local/etc/raddb/users

#steve  Cleartext-Password := "testing"#       Service-Type = Framed-User,#       Framed-Protocol = PPP,#       Framed-IP-Address =,#       Framed-IP-Netmask =,#       Framed-Routing = Broadcast-Listen,#       Framed-Filter-Id = "std.ppp",#       Framed-MTU = 1500,#       Framed-Compression = Van-Jacobsen-TCP-IP

start radius server as debug mode:

/usr/local/sbin/radiusd -X

open another window and test with command:

/usr/local/bin/radtest steve testing localhost 0 testing123 Enable Support for Mysql

located in path:

cd /usr/local/etc/raddb/mods-config/sql/main/mysql

will see below files:


logon mysql as sample:

mysql -u root -pAbc1234! -h

then run script in mysql promote:

create database if not exists radius;
use radius;
source schema.sql;
flush privileges;
create user ‘radius’@’’ identified by ‘radpass1234!’;
revoke all privileges,grant option from ‘radius’@’’;
grant all privileges on radius.* to ‘radius’@’’;
flush privileges;

backup default config file:

cd /usr/local/etc/raddb/sites-available/
cp default default.bak

replace all ‘-sql’ with ‘sql’ in ‘/usr/local/etc/raddb/site-enabled/default’ as below:

vi /usr/local/etc/raddb/sites-enabled/default

        #  See "Authorization Queries" in mods-available/sql        sql        ...        #        #  See "Accounting queries" in mods-available/sql        sql        ...        #        #  See "Authentication Logging Queries" in mods-available/sql        sql

comment all ‘files’ as below:

vi /usr/local/etc/raddb/sites-enabled/default

        #        #  Read the 'users' file.  In v3, this is located in        #  raddb/mods-config/files/authorize        #!--files...        #        #  Read the 'acct_users' file        #!--files...        #  Uncomment the following line if you want to change attributes        #  as defined in the preproxy_users file.#       files

replace section in ‘/usr/local/etc/raddb/mods-available/sql’ with below:

sql {        # The sub-module to use to execute queries. This should match        # the database you're attempting to connect to.        #        #    * rlm_sql_mysql        #    * rlm_sql_mssql        #    * rlm_sql_oracle        #    * rlm_sql_postgresql        #    * rlm_sql_sqlite        #    * rlm_sql_null (log queries to disk)        #        driver = "rlm_sql_mysql"        ...        # Connection info:        #        server = ""        port = 3306        login = "radius"        password = "radpass1234!"        # Database table configuration for everything except Oracle        radius_db = "radius"

create link as below:

cd /usr/local/etc/raddb/mods-enabled
ln -s ../mods-available/sql sql Create Account for Test

create a new radius user in mysql database:

mysql -u radius -pradpass1234! -h
mysql > use radius;
mysql > insert into radcheck(id,username,attribute,op,value) values(‘2’,’zhang’,’Cleartext-Password’,’:=’,’liang’);

start radius server:

/usr/local/sbin/radiusd -X

start radius test client:

/usr/local/bin/radtest zhang liang localhost 1812 testing123

that shows:

Sent Access-Request Id 147 from to length 75    User-Name = "zhang"    User-Password = "liang"    NAS-IP-Address =    NAS-Port = 1812    Message-Authenticator = 0x00    Cleartext-Password = "liang"Received Access-Accept Id 147 from to length 20

in the radius terminal window shows like below:

...(0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'zhang', 'liang', 'Access-Accept', '2017-12-19 07:59:59')(0) sql: SQL query returned: success(0) sql: 1 record(s) updatedrlm_sql (sql): Released connection (1)(0)     [sql] = ok(0)     [exec] = noop(0)     policy remove_reply_message_if_eap {(0)       if (&reply:EAP-Message && &reply:Reply-Message) {(0)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE(0)       else {(0)         [noop] = noop(0)       } # else = noop(0)     } # policy remove_reply_message_if_eap = noop(0)   } # post-auth = ok(0) Sent Access-Accept Id 147 from to length 0(0) Finished requestWaking up in 4.9 seconds.(0) Cleaning up request packet ID 147 with timestamp +9Ready to process requests

modifiy clients.conf as below for accepting a BRAS ip:

client localhost {ipaddr = = *    # any. == localhostsecret = testing123}

so all are done.




如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。

Tags Index: