Debian FreeRadius server with MySQL ( MariaDB ) authentication

Guide Updated 08 September 2013

Assumptions

Minimal Debian 7 installation
Completed Proxmox / OpenVZ Container Debian 7 wheezy Server Preparation

Ports

–MySQL–
localhost: 3306
–Radius–
authentication *: 1812
accounting *: 1813
inner-tunnel authentication 127.0.0.1: 18120
Proxy *:1814

Install the latest mariadb

add the repository

Import the GP key
If this command fails, disable your firewall eg. csf -x

Apt-Pinning the packages

Install MariaDB

New password for the MariaDB “root” user: yousecurepassword

Secure MariaDB

Enter current password for root (enter for none): yoursecurepassword
Change the root password? N
Remove anonymous users? Y
Disallow root login remotely? Y
Remove test database and access to it? Y
Reload privilege tables now? Y

Restart MariaDB (mysql server)

Confirm MariaDB is running

tcp 0 0 localhost:mysql *:* LISTEN 11878/mysqld

Install FreeRADIUS

Install Packages

Create the FreeRADIUS database user

Import the FreeRADIUS database tables

Configure FreeRADIUS

Randomise the secret

Allow FreeRADIUS to Authenticate client via the MySQL NAS table.

Optional: Add usage and rate limits to the FreeRADIUS Dictionary

Restart FreeRADIUS

Testing FreeRADIUS

Create the FreeRADIUS test user

Test FreeRADIUS with the test user

root@coral:~# radtest test test 127.0.0.1 0 mysecret
Sending Access-Request of id 104 to 127.0.0.1 port 1812
User-Name = “test”
User-Password = “test”
NAS-IP-Address = 68.235.32.11
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=104, length=20

FreeRADIUS Debugging

7 replies
  1. shawn
    shawn says:

    Hi dude.. i try follow your step but my problem is when i do a test “radtest essmis radius2014 127.0.0.1 1812 testaaaaa”

    Sending Access-Request of id 195 to 127.0.0.1 port 1812
    User-Name = “essmis”
    User-Password = “radius2014”
    NAS-IP-Address = 192.168.2.36
    NAS-Port = 1812
    Message-Authenticator = 0x00000000000000000000000000000000
    radclient: no response from server for ID 195 socket 3
    so what the problem now? i restart the services radius all fine..

    root@chronos:/home/scout# service freeradius restart
    [ ok ] Stopping FreeRADIUS daemon: freeradius.
    [ ok ] Starting FreeRADIUS daemon: freeradius.

    Reply
  2. Niemi
    Niemi says:

    There is mistype in last test, command may be

    $radtest test test 127.0.0.1 0 fznEBkoaZKcJg5VeJFXEwf3L7um4bexPnzLcAY6VAvUBEXBvdReRRDYrbWZJ3Zxl

    #same string that in Randomise the secret 

    Reply
  3. Axel
    Axel says:

    Hi, follow your instructions i think is necesary some changes in the files, for add the nas on database.

    1) nano sql.conf

    modify #readclients for readclients (i mean uncomment)

    2) nano radiusd.conf

    modify #$INCLUDE clients.conf

    But in general, is great tutorial!!!

    Thank a lot.

     

    Reply
  4. blaah
    blaah says:

    “sed -i -e “s/readclients = yes/nreadclients = yes” /etc/freeradius/clients.conf”

    did you mean sql.conf here because there is no readclients in clients.conf

    Reply

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *