Install Radius Server and Mysql Data Base

Documented by khder ali
Install radius server and mysql data base
- Note with all scenarios SSH AND LAMP PACKAGES are installed already (you can install
it during the Ubuntu system installation ) and the system that used is Linux Ubuntu 15.4
scenario 1
Authentication on radius server without data base server (for login)
Install these packages on radius :
#sudo apt-get install freeradius freeradius-mysql freeradius-utils
1- open client file and configure aaa client (NAS/LNS)
# vim /etc/freeradius/clients.conf
client 192.168.1.0/24 {
secret = cisco
nastype = cisco
ipaddr = 192.168.1.44
shortname = R1
Save and exit
2- add user and password in file users

vim /etc/freeradius/users
khder Cleartext-Password := "khder"
save and exit
reload the service
#service freeradius restart
- on cisco router
aaa new-model
aaa authentication login default group radius
radius-server host 192.168.1.199 auth-port 1812 acct-port 1813 key cisco
done
Scenario 2
ppp Authentication ,authorization , accounting (for LNS users) on radius

server with data base and free billing system (radius and data base and
billing system on the same server )
Notes :
LNS:R3
LAC:R2
USER:R1
LNS COMMANDS:
aaa authentication ppp default group radius
aaa authorization network default group radius
aaa accounting update periodic 10
aaa accounting network default start-stop group radius
radius and database server and billing system

configuration :
Preparing your system
Open the terminal and run the following command
sudo apt-get install php5-common php5-gd php-pear php-db libapache2-mod-php5 php-mail
Install freeradius using the following command

sudo apt-get install freeradius freeradius-mysql freeradius-utils
Create Freeradius Database
You can use the following command to create freeradius database
sudo mysql -u root -p
Enter password (if need):
Welcome to the MySQL monitor. Commands end with ; or \g.

Your MySQL connection id is 5
Server version: 5.6.24-0ubuntu2 (Ubuntu)
Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective
owners.
Type ‘help;' or ‘\h' for help. Type ‘\c' to clear the current input statement.
mysql> create database radius;
mysql> grant all on radius.* to radius@localhost identified by "123456";
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Insert the freeradius database scheme using the following commands
sudo mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql
Enter password:
sudo mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sql
Enter password:
Create new user for radius database
mysql> use radius;
Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A
Database changed
Note1 : (if the following command not working that’s normal , no problem )
Note2 : be attention when you do copy and paste that all character is copied specially for
(')
mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('sqltest', 'Password',
'testpwd');
Query OK, 1 row affected (0.04 sec)
If you want check:
mysql> show tables;
mysql> select * from radcheck;
mysql> exit
Bye
Freeradius Configuration
You need to edit /etc/freeradius/sql.conf file
sudo vi /etc/freeradius/sql.conf
Make sure you have the following details
database = mysql
login = radius
password = 123456
Uncomment the following
readclients = yes
Save and Exit the file
Now you need to edit the /etc/freeradius/sites-enabled/default file
sudo vi /etc/freeradius/sites-enabled/default
Uncomment the sql option in the following sections , (and you can uncomment any sql
word you see)
accounting
# See “Authorization Queries” in sql.conf
sql
session
sql
Post-Auth-Type
sql
Now edit /etc/freeradius/radiusd.conf file
sudo vi /etc/freeradius/radiusd.conf
#Uncomment the following option
$INCLUDE sql.conf
Save and exit the file
Now you can stop the free radius server using the following command
sudo /etc/init.d/freeradius stop
Run freeradius in debugging mode. If there is no error, you are ready to go.
sudo freeradius -X
Start the freeradius using the following command
sudo /etc/init.d/freeradius start

Test the radius server using the following command (note : if the command that you
inserted before inside mysql not worked the answer will not be accept it will be reject and
that’s normal , you can continue )
sudo radtest sqltest testpwd localhost 18128 testing123
Ouput as follows
Sending Access-Request of id 68 to 127.0.0.1 port 1812
User-Name = "sqltest"
User-Password = "testpwd"
NAS-IP-Address = 127.0.1.1
NAS-Port = 18128
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=68, length=20
CTRL^C
#service freeradius start
Daloradius Installation (free billing system)

You can download the Daloradius latest version from here
(http://sourceforge.net/projects/daloradius/files/)
Once you downloaded the daloradius-0.9-9.tar.gz file you need to extract using the
following command:
$ tar xvfz daloradius-0.9-9.tar.gz
$ mv daloradius-0.9-9 daloradius
$ mv daloradius /var/www
Change Permissions
sudo chown www-data:www-data /var/www/daloradius -R
sudo chmod 644 /var/www/daloradius/library/daloradius.conf.php
Mysql database need to setup for daloradius.We need to do is to import the daloradius
scheme into our existing radius database.
$ cd /var/www/daloradius/contrib/db
sudo mysql -u root -p radius < mysql-daloradius.sql
configure the following daloradius setting.
sudo vi /var/www/daloradius/library/daloradius.conf.php
Change the database user &password $configValues['CONFIG_DB_PASS'] =

'password';
Save and exit the file Now you need to configure daloradius website under
/etc/apache2/sites-available
sudo vi /etc/apache2/sites-available/daloradius.conf
add the following lines:
Alias /daloradius "/var/www/daloradius/"
<Directory /var/www/daloradius/>
Options None
order deny,allow
deny from all
allow from 192.168.1.0/24
# allow from <my management system's ip which has a web-browser>
</Directory>
Enable daloradius website using the following command
sudo a2ensite daloradius
Enabling site daloradius.

To activate the new configuration, you need to run:
sudo service apache2 reload
note : if you have any problem with radius service starting or apache , stop all three services and
start it again.
service mysql stop
service freeradius stop
service apache2 stop
service mysql start
service freeradius start
service apache2 start
Daloradius Web GUI

you can access daloradius GUI using http://server-ip/daloradius and the login screen as
follows
Use the following login details

username: administrator
password: radius
Once you loggedin you should see similar to the following screen
New only you have to add NAS :
management > Nas > new NAS
And then add user :

management > users > new user
If you want to framed ip add to user (static ip ) :
Done.
Scenario 3
ppp Authentication ,authorization , accounting (for LNS users) on radius
server with data base and free billing system ( radius server is separated
from data base and billing system server )
Notes :
LNS:R3
LAC:R2
USER:R1
ppp Authentication (for LNS users) on radius server with data base and free
billing system (radius and data base and billing system on the same server )
LNS commands :
aaa authentication ppp default group radius
aaa authorization network default group radius
aaa accounting update periodic 10
aaa accounting network default start-stop group radius
Database and billing system server :
You need to install all packages for both data base and radius server ,
because you need some files like schema and NAS tables template to insert
it inside database , or you can copy these files from radius server
In this example will install all packages.
Preparing your system

Open the terminal and run the following command
sudo apt-get install php5-common php5-gd php-pear php-db libapache2-mod-php5 php-mail

You can use the following command to create freeradius database
Welcome to the MySQL monitor. Commands end with ; or \g.

Your MySQL connection id is 5
Server version: 5.6.24-0ubuntu2 (Ubuntu)
Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective
owners.
Type ‘help;' or ‘\h' for help. Type ‘\c' to clear the current input statement.
mysql> create database radius;
mysql> grant all on radius.* to radius@192.168.1.199 identified by "123456";
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Insert the freeradius database scheme using the following commands
sudo mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql
Enter password:
sudo mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sql
vim /etc/mysql/mysql.conf.d/mysqld.cnf
# put comment this line (add # in front of the line)

#bind-address = 127.0.0.1
Restart the service
service mysql restart
Daloradius Installation on database server

You can download the Daloradius latest version from here
(http://sourceforge.net/projects/daloradius/files/)
Once you downloaded the daloradius-0.9-9.tar.gz file you need to extract using the
following command:
$ tar xvfz daloradius-0.9-9.tar.gz
$ mv daloradius-0.9-9 daloradius
$ mv daloradius /var/www
Change Permissions
sudo chown www-data:www-data /var/www/daloradius -R
sudo chmod 644 /var/www/daloradius/library/daloradius.conf.php
Mysql database need to setup for daloradius.We need to do is to import the daloradius
scheme into our existing radius database.
$ cd /var/www/daloradius/contrib/db
sudo mysql -u root -p radius < mysql-daloradius.sql
configure the following daloradius setting.
sudo vi /var/www/daloradius/library/daloradius.conf.php
Change the database user &password $configValues['CONFIG_DB_PASS'] =

'password';
Note : if the daloradius application on the same database server , just enter the
-Username : root
-Password: root password for MySQL (if assigned)
-Database name
Example:
Save and exit the file Now you need to configure daloradius website under
/etc/apache2/sites-available
sudo vi /etc/apache2/sites-available/daloradius.conf
add the following lines:
Alias /daloradius "/var/www/daloradius/"
<Directory /var/www/daloradius/>
Options None
order deny,allow
deny from all
allow from 192.168.1.0/24
# allow from <my management system's ip which has a web-browser>
</Directory>

Enable daloradius website using the following command
sudo a2ensite daloradius
Enabling site daloradius.
To activate the new configuration, you need to run:
sudo service apache2 reload
note : if you have any problem with start any service on database , stop the following services
and start it again. , note :you don’t need freeradius on database server
service mysql stop
service freeradius stop
service apache2 stop
service mysql start
service apache2 start
Daloradius Web GUI

you can access daloradius GUI using http://server-ip/daloradius and the login screen as
follows
Use the following login details
username: administrator
password: radius
Once you loggedin you should see similar to the following screen
Radius server :
Install freeradius using the following command
Freeradius Configuration
You need to edit /etc/freeradius/sql.conf file
sudo vi /etc/freeradius/sql.conf
Make sure you have the following details:
database = "mysql"
# Connection info:
server = "192.168.1.200"
login = "radius"
password = "123456"
Uncomment the following
readclients = yes
Now you need to edit the /etc/freeradius/sites-enabled/default file
sudo vi /etc/freeradius/sites-enabled/default
Uncomment the sql option in the following sections , (and you can uncomment any sql
word you see)
accounting
sql
session
sql
Post-Auth-Type
sql
Now edit /etc/freeradius/radiusd.conf file
sudo vi /etc/freeradius/radiusd.conf
#Uncomment the following option
$INCLUDE sql.conf
Now you can stop the free radius server using the following command
sudo /etc/init.d/freeradius stop
Run freeradius in debugging mode. If there is no error, you are ready to go.
sudo freeradius -X
Start the freeradius using the following command:
sudo /etc/init.d/freeradius start
and finally you need to add user and NAS like we did before .
Some commands on MySQL data base if you need it:
mysql -u root
mysql> use radius;
mysql> show tables;
mysql> select * from radcheck;
mysql> select * from radcheck where UserName='khder@scs.sy';
mysql> exit
to create table (example- create group to accept authentication even if user password
not correct ) :
mysql> INSERT IGNORE INTO `radgroupcheck` (Groupname,Attribute,Op,Value)

VALUES ('grouptest','Auth-Type', ':=', 'Accept');
create username and password :
mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('usertest ', 'Password',
'123456');
add user to group test ‘test test’
mysql> INSERT INTO radusergroup (UserName, groupname, priority ) VALUES ('

usertest ', 'group test', '0');
Done.
Khder ali
www.facebook.com/cciesyria

Install Radius Server and Mysql Data Base

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Install Radius Server and Mysql Data Base

Загружено:

Авторское право:

Доступные форматы

Documented by khder ali

Install radius server and mysql data base

Authentication on radius server without data base server (for login)

Install these packages on radius :

#sudo apt-get install freeradius freeradius-mysql freeradius-utils

1- open client file and configure aaa client (NAS/LNS)

Save and exit

2- add user and password in file users

khder Cleartext-Password := "khder"

save and exit

reload the service

#service freeradius restart

aaa authentication login default group radius

radius-server host 192.168.1.199 auth-port 1812 acct-port 1813 key cisco

ppp Authentication ,authorization , accounting (for LNS users) on radius

aaa authentication ppp default group radius

aaa authorization network default group radius

aaa accounting update periodic 10

aaa accounting network default start-stop group radius

radius-server host 192.168.1.199 auth-port 1812 acct-port 1813 key cisco

radius and database server and billing system

sudo apt-get install php5-common php5-gd php-pear php-db libapache2-mod-php5 php-mail

Install freeradius using the following command

sudo apt-get install freeradius freeradius-mysql freeradius-utils

Create Freeradius Database

You can use the following command to create freeradius database

sudo mysql -u root -p

Enter password (if need):

Welcome to the MySQL monitor. Commands end with ; or \g.

Oracle is a registered trademark of Oracle Corporation and/or its

mysql> create database radius;

mysql> grant all on radius.* to radius@localhost identified by "123456";

Query OK, 0 rows affected (0.00 sec)

Insert the freeradius database scheme using the following commands

sudo mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql

sudo mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sql

Create new user for radius database

sudo mysql -u root -p

mysql> use radius;

Reading table information for completion of table and column names

Query OK, 1 row affected (0.04 sec)

If you want check:

mysql> show tables;

mysql> select * from radcheck;

Make sure you have the following details

Uncomment the following

Save and Exit the file

Now you need to edit the /etc/freeradius/sites-enabled/default file

Save and Exit the file

Now edit /etc/freeradius/radiusd.conf file

#Uncomment the following option

Save and exit the file

sudo /etc/init.d/freeradius stop

Start the freeradius using the following command

sudo /etc/init.d/freeradius start

sudo radtest sqltest testpwd localhost 18128 testing123

#service freeradius start

Daloradius Installation (free billing system)

$ tar xvfz daloradius-0.9-9.tar.gz

sudo chown www-data:www-data /var/www/daloradius -R

sudo chmod 644 /var/www/daloradius/library/daloradius.conf.php

sudo mysql -u root -p radius < mysql-daloradius.sql

configure the following daloradius setting.