FreeRadius Installation & Configuration
Installation FreeRadius on Linux : Centos 7 – 64Bit
- Login via SSH and run a command as below
[[email protected] ~]# yum search freeradius
that will list the matched entries
freeradius-devel.i686 : FreeRADIUS development files
freeradius-devel.x86_64 : FreeRADIUS development files
freeradius-doc.x86_64 : FreeRADIUS documentation
freeradius-krb5.x86_64 : Kerberos 5 support for freeradius
freeradius-ldap.x86_64 : LDAP support for freeradius
freeradius-mysql.x86_64 : MySQL support for freeradius
freeradius-perl.x86_64 : Perl support for freeradius
freeradius-postgresql.x86_64 : Postgresql support for freeradius
freeradius-python.x86_64 : Python support for freeradius
freeradius-sqlite.x86_64 : SQLite support for freeradius
freeradius-unixODBC.x86_64 : Unix ODBC support for freeradius
freeradius-utils.x86_64 : FreeRADIUS utilities
freeradius.x86_64 : High-performance and highly configurable free RADIUS server
2. The red one is an extension that needs to be installed
[[email protected] ~]# yum install freeradius.x86_64
You will be asked for confirmation then enter “Y” and go on
It will install all the dependencies and install your FreeRadius module on your server.
Now your Server acts a Radius Server
You can check the installation by using the command : radiusd -X
Your Radius servers should be able to listen
Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel
Listening on auth address * port 1812 as server default
Listening on acct address * port 1813 as server default
Listening on auth address: port 1812 as server default
Listening on acct address: port 1813 as server default
Opening new proxy socket ‘proxy address * port 0’
Listening on proxy address * port 58069
Ready to process requests
if you get the above response/result that means you have completed your installation process successfully.
—————– How to test by sending packets to the Radius Server ———————
In order to check either our radius server is up and sending/ receiving packets or not.
Of course, we need to have a radius client to communicate with Radius server as it’s Server-Client Model
RadCilent is a freeradius-client that allows us to test our radius server by sending packets.
freeradius-utils.x86_64 : FreeRADIUS utilities contains radClient library
So, install it using follwowing command
yum install freeradius-utils.x86_64
then you can use the radclient command
echo "User-Name = test" | radclient localhost:1812 auth s3cr3t
Another a quick way to test running our Radius Server
radtest [username] [password] localhost 10 [secret]
example : radtest testing password localhost 10 testing123
Setup FreeRadius Mysql.
FreeRadius supports data store ( i.e Mysql and LDAP mainly )
In order to integrate our FreeRadius we have to install freeradius-mysql .
yum install freeradius-mysql.x86_64
Note : We have just installed freeradius-mysql but not configured yet. Currently, we have not communication between FreeRadius and FreeRaidus MySQL
Install MySQL on your Centos 7 64 bit
- Download and add the repository, then update.
1 2 3
wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm sudo rpm -ivh mysql-community-release-el7-5.noarch.rpm yum update
- Install MySQL as usual and start the service. During installation, you will be asked if you want to accept the results from the .rpm file’s GPG verification. If no error or mismatch occurs, enter
sudo yum install mysql-server sudo systemctl start mysqld
MySQL will bind to localhost (127.0.0.1) by default. Please reference our MySQL remote access guide for information on connecting to your databases using SSH.
Allowing unrestricted access to MySQL on a public IP not advised but you may change the address it listens on by modifying the
/etc/my.cnf. If you decide to bind MySQL to your public IP, you should implement firewall rules that only allow connections from specific IP addresses.
Harden MySQL Server
- Run the
mysql_secure_installationscript to address several security concerns in a default MySQL installation.
You will be given the choice to change the MySQL root password, remove anonymous user accounts, disable root logins outside of localhost, and remove test databases. It is recommended that you answer
yes to these options. You can read more about the script in the MySQL Reference Manual.