Freeradius Installation Guide on CentOS 7

FreeRADIUS Installation Guide on CentOS 7 Prerequsities [github] CentOS 7 freeradius-3.0.16 Reference http://blog.csdn.net/cluniquecui/article/details/42490423 http://blog.csdn.net/name_kongkong/article/details/53010377 Downloads

git clone https://github.com/FreeRADIUS/freeradius-server.git
cd freeradius-server
git branch -a
git checkout v3.0.x Build and Install

yum install -y libtalloc-devel openssl-devel make autoconf
rpm -ivh mysql-community-common-5.7.20-1.el7.x86_64.rpm
rpm -ivh mysql-community-libs-5.7.20-1.el7.x86_64.rpm
rpm -ivh mysql-community-client-5.7.20-1.el7.x86_64.rpm
rpm -ivh mysql-community-devel-5.7.20-1.el7.x86_64.rpm>
cd freeradius-server
./configure
make && make install

On Ubuntu15.04:(1) talloc$ wget https://www.samba.org/ftp/talloc/talloc-2.1.0.tar.gz$ tar zvxf talloc-2.1.0.tar.gz$ cd talloc-2.1.0$ ./configure --without-gettext$ make && sudo make install(2) ykclient, yubikey$ sudo apt-get install libykclient3$ sudo apt-get install libykclient-dev$ sudo apt-get install libyubikey-dev(3) build$ cd freeradius-server$ ./configure$ make && sudo make install

Install path is:

/usr/local/sbin/

Config files are located in:

/usr/local/etc/raddb Run as Debug Mode

trim the first character ‘#’ in the below paragraph:

vi /usr/local/etc/raddb/users

#steve  Cleartext-Password := "testing"#       Service-Type = Framed-User,#       Framed-Protocol = PPP,#       Framed-IP-Address = 172.16.3.33,#       Framed-IP-Netmask = 255.255.255.0,#       Framed-Routing = Broadcast-Listen,#       Framed-Filter-Id = "std.ppp",#       Framed-MTU = 1500,#       Framed-Compression = Van-Jacobsen-TCP-IP

start radius server as debug mode:

/usr/local/sbin/radiusd -X

open another window and test with command:

/usr/local/bin/radtest steve testing localhost 0 testing123 Enable Support for Mysql

located in path:

cd /usr/local/etc/raddb/mods-config/sql/main/mysql
ls

will see below files:

queries.conf
schema.sql
setup.sql

logon mysql as sample:

mysql -u root -pAbc1234! -h cent7-n3.pepstack.com

then run script in mysql promote:

create database if not exists radius;
use radius;
source schema.sql;
flush privileges;
create user ‘radius’@’cent7-n1.pepstack.com’ identified by ‘radpass1234!’;
revoke all privileges,grant option from ‘radius’@’cent7-n1.pepstack.com’;
grant all privileges on radius.* to ‘radius’@’cent7-n1.pepstack.com’;
flush privileges;

backup default config file:

cd /usr/local/etc/raddb/sites-available/
cp default default.bak

replace all ‘-sql’ with ‘sql’ in ‘/usr/local/etc/raddb/site-enabled/default’ as below:

vi /usr/local/etc/raddb/sites-enabled/default

        #  See "Authorization Queries" in mods-available/sql        sql        ...        #        #  See "Accounting queries" in mods-available/sql        sql        ...        #        #  See "Authentication Logging Queries" in mods-available/sql        sql

comment all ‘files’ as below:

vi /usr/local/etc/raddb/sites-enabled/default

        #        #  Read the 'users' file.  In v3, this is located in        #  raddb/mods-config/files/authorize        #!--files...        #        #  Read the 'acct_users' file        #!--files...        #  Uncomment the following line if you want to change attributes        #  as defined in the preproxy_users file.#       files

replace section in ‘/usr/local/etc/raddb/mods-available/sql’ with below:

sql {        # The sub-module to use to execute queries. This should match        # the database you're attempting to connect to.        #        #    * rlm_sql_mysql        #    * rlm_sql_mssql        #    * rlm_sql_oracle        #    * rlm_sql_postgresql        #    * rlm_sql_sqlite        #    * rlm_sql_null (log queries to disk)        #        driver = "rlm_sql_mysql"        ...        # Connection info:        #        server = "cent7-n3.pepstack.com"        port = 3306        login = "radius"        password = "radpass1234!"        # Database table configuration for everything except Oracle        radius_db = "radius"

create link as below:

cd /usr/local/etc/raddb/mods-enabled
ln -s ../mods-available/sql sql Create Account for Test

create a new radius user in mysql database:

mysql -u radius -pradpass1234! -h cent7-n3.pepstack.com
mysql > use radius;
mysql > insert into radcheck(id,username,attribute,op,value) values(‘2’,’zhang’,’Cleartext-Password’,’:=’,’liang’);
quit

start radius server:

/usr/local/sbin/radiusd -X

start radius test client:

/usr/local/bin/radtest zhang liang localhost 1812 testing123

that shows:

Sent Access-Request Id 147 from 0.0.0.0:54246 to 127.0.0.1:1812 length 75    User-Name = "zhang"    User-Password = "liang"    NAS-IP-Address = 192.168.122.223    NAS-Port = 1812    Message-Authenticator = 0x00    Cleartext-Password = "liang"Received Access-Accept Id 147 from 127.0.0.1:1812 to 0.0.0.0:0 length 20

in the radius terminal window shows like below:

...(0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'zhang', 'liang', 'Access-Accept', '2017-12-19 07:59:59')(0) sql: SQL query returned: success(0) sql: 1 record(s) updatedrlm_sql (sql): Released connection (1)(0)     [sql] = ok(0)     [exec] = noop(0)     policy remove_reply_message_if_eap {(0)       if (&reply:EAP-Message && &reply:Reply-Message) {(0)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE(0)       else {(0)         [noop] = noop(0)       } # else = noop(0)     } # policy remove_reply_message_if_eap = noop(0)   } # post-auth = ok(0) Sent Access-Accept Id 147 from 127.0.0.1:1812 to 127.0.0.1:54246 length 0(0) Finished requestWaking up in 4.9 seconds.(0) Cleaning up request packet ID 147 with timestamp +9Ready to process requests

modifiy clients.conf as below for accepting a BRAS ip:

client localhost {ipaddr = 127.0.0.1ipv4addr = *    # any.  127.0.0.1 == localhostsecret = testing123}

so all are done.