Install FreeRADIUS on CentOS 7

Submitted by admin on Thu, 03/09/2017 - 09:25

I need to setup another authentication server as a backup server. I write down my steps and settings below for reference.

Server preparation

  • Create a new VM instances
    • Name: aaa1
    • Zone: aisa-east1-a
    • Machine Type: g1-small (1 vCPU, 1.7GB memory)
    • Boot disk: CentOS7 (SSD disk 10GB)
    • Firewall: Allow HTTP and HTTPS traffic
    • Networking: my-network 
  • SSH to the server
    • sudo -i
    • yum install -y epel-release
    • yum -y update
    • yum -y groupinstall "Development Tools"
    • yum install -y mlocate
    • yum install -v php php-devel php-common php-mysql
    • updatedb
    • sudo vi /etc/environment
      • LANG=en_UST.utf-8
      • LANG=en_UST.utf-8
    • sudo vi /etc/php.ini
      • date.timezone = asia/kuala_lumpur
    • timedatectl set-timezone Asia/Kuala_Lumpur
    • yum install -y ntp
    • systemctl start ntpd
    • systemctl enable ntpd

Install and Configure packages

  • # Apache httpd
    • yum install http http-devel
    • systemctl enable httpd
    • systemctl start httpd
  • # MariaDB
    • yum install -y mariadb mariadb-devel mariadb-server
    • systemctl start mariadb
    • systemctl enable mariadb
    • mysql_secure_installation
  • # FreeRADIUS
    • yum install -y freeradius freeradius-utils freeradius-mysql
    • systemctl enable radiusd.service
    • systemctl start radiusd.service
  • # Firewalld
    • systemctl enable firewalld
    • systemctl start firewalld
    • firewall-cmd --state
    • firewall-cmd --get-services
    • firewall-cmd --add-service={http,https,radius} --permanent
    • firewall-cmd --reload
    • firewall-cmd --get-default-zone
    • firewall-cmd --list-services
  • # Configure Freeradius
    • echo "create database radius" | mysql -u root -p
    • mysql -u root -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql
    • ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/
    • check and modify the settings in /etc/raddb/mods-available/sql
      • driver = "rlm_sql_mysql"
      • dialect = "mysql"
      • login = XXX
      • password = XXX
  • # Disable inserting log into 'radpostauth' table since i use this as a backup AAA server
    • comment the line '-sq' in post-auth {} and Post-Auth-Type REJECT {} section in the file /etc/raddb/sites-available/default

​Testing

  • # Add 1 testing user into the radcheck table
    • echo "insert into radcheck (username, attribute, op, value) values ('testuser', 'Cleartext-Password', ':=', 'testpassword')" | mysql -u root -p radius
  • # Use 1 terminal to start the server in debug mode
    • pkill radiusd
    • radiusd -X
  • # Use another terminal to send request
    • radtest testuser testpassword 127.0.0.1:1812 0 testing123 

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer