How to Install Freeradius on Ubuntu Server

Introduction

Welcome to our guide on how to install Freeradius on Ubuntu Server. Freeradius is an open-source software that provides authentication, authorization, and accounting services. It is widely used in enterprise networks to manage access to network devices and services. In this article, we will guide you through the process of installing and setting up Freeradius on your Ubuntu server.

Who is this guide for?

This guide is for system administrators, network engineers, and anyone who wants to set up a secure authentication system for their Ubuntu server.

What are the prerequisites?

To follow this guide, you will need:

Operating System	Ubuntu Server 20.04 LTS
User Access	Root or sudo privileges
Software Packages	Freeradius, MySQL server, and PHP

Why use Freeradius?

Freeradius is a widely used and trusted authentication system that can handle various authentication methods such as username/password, digital certificates, and more. It can be easily integrated with existing network infrastructure and provides detailed logging and reporting capabilities.

How secure is Freeradius?

Freeradius is designed to be secure and can support various authentication protocols such as EAP-TLS, PEAP, EAP-TTLS, and more. It can also integrate with existing security solutions such as firewalls and VPNs to provide a complete security solution.

What are the advantages of using Freeradius?

1. Open-source and free

Freeradius is open-source software distributed under the GNU General Public License, meaning you can use it for free and modify it according to your needs.

2. Scalability

Freeradius can handle thousands of users and devices, making it suitable for large enterprise networks.

3. Flexibility

Freeradius can integrate with various authentication protocols and systems, making it easy to use with existing network infrastructure.

4. Detailed logging and reporting

Freeradius provides detailed logging and reporting capabilities, allowing you to monitor and troubleshoot authentication issues.

What are the disadvantages of using Freeradius?

1. Complexity

Setting up and configuring Freeradius can be complex and requires a good understanding of network authentication and security concepts.

2. Lack of GUI

Freeradius does not have a graphical user interface, meaning you must configure it using text-based configuration files.

3. Limited support

As an open-source project, Freeradius does not offer commercial support, and you must rely on community support and documentation.

Step by Step Guide to Install Freeradius on Ubuntu Server

Step 1: Update Your Ubuntu Server

Before installing any software packages, it’s essential to update your Ubuntu server to the latest version. Updating your server will ensure that you have the latest security patches and bug fixes. To update your server, run the following command:

$ sudo apt update && sudo apt upgrade -y

Step 2: Install Freeradius

Freeradius is available in the Ubuntu repository. To install Freeradius, run the following command:

$ sudo apt install freeradius freeradius-mysql -y

Step 3: Install MySQL server

Freeradius uses MySQL server to store user and authentication data. If you don’t have MySQL server installed on your server, you can install it using the following command:

$ sudo apt install mysql-server -y

Step 4: Create a MySQL database for Freeradius

Create a new database and user in MySQL server to store Freeradius data. Run the following commands:

$ sudo mysql -u root -p

Enter your MySQL root password when prompted.

mysql> CREATE DATABASE radius;mysql> GRANT ALL PRIVILEGES ON radius.* TO radius@localhost IDENTIFIED BY 'yourpassword';mysql> FLUSH PRIVILEGES;mysql> exit

Step 5: Configure Freeradius

Freeradius configuration files are located in the /etc/freeradius/ directory. The main configuration file is /etc/freeradius/radiusd.conf. Edit this file to add your MySQL database details:

$ sudo nano /etc/freeradius/radiusd.conf

Uncomment the following lines and replace the example values with your MySQL database details:

sql {driver = "rlm_sql_mysql"server = "localhost"port = 3306login = "radius"password = "yourpassword"radius_db = "radius"# Set to 'yes' to read radius clients from the database (recommended)read_clients = yes}

Step 6: Start Freeradius Service

Start the Freeradius service and enable it to start at boot time using the following commands:

$ sudo systemctl start freeradius.service$ sudo systemctl enable freeradius.service

Step 7: Test Freeradius

You can test your Freeradius installation by running the radtest command:

$ radtest username password localhost 0 testing123

If your installation is working correctly, the output should be similar to the following:

rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=46, length=20

Frequently Asked Questions (FAQs)

1. How do I add users to Freeradius?

You can add users to Freeradius by adding them to the radcheck table in the MySQL database. Run the following command to add a new user:

$ sudo mysql -u radius -p radiusmysql> INSERT INTO radcheck (username, attribute, op, value) VALUES ('yourusername', 'Cleartext-Password', ':=', 'yourpassword');

2. How do I enable TLS in Freeradius?

To enable TLS in Freeradius, you need a digital certificate. You can generate a self-signed certificate using the following command:

$ sudo openssl req -new -x509 -nodes -days 365 -keyout /etc/freeradius/ssl/server.key -out /etc/freeradius/ssl/server.crt

Then, edit the /etc/freeradius/radiusd.conf file and uncomment the following lines:

security {certdir = ${confdir}/ssl/certscadir = ${confdir}/ssl/certsprivate_key_password = yourpasswordprivate_key_file = ${certdir}/server.keycertificate_file = ${certdir}/server.crt}

3. How do I add a new NAS client in Freeradius?

You can add a new NAS client by adding it to the radclient table in the MySQL database. Run the following command to add a new client:

$ sudo mysql -u radius -p radiusmysql> INSERT INTO radclient (ipaddress, secret) VALUES ('yourclientip', 'yoursecret');

4. How do I monitor Freeradius logs?

You can monitor Freeradius logs in real-time using the following command:

$ sudo tail -f /var/log/freeradius/radius.log

5. How do I stop Freeradius service?

You can stop Freeradius service using the following command:

$ sudo systemctl stop freeradius.service

6. How do I uninstall Freeradius?

You can uninstall Freeradius using the following command:

$ sudo apt remove --purge freeradius freeradius-mysql -y

7. How do I backup Freeradius database?

You can backup Freeradius database using the following command:

$ sudo mysqldump -u radius -p radius > freeradius_backup.sql

Replace “radius” with your MySQL database name and enter your MySQL password when prompted. The backup file will be saved in the current directory.

8. How do I restore Freeradius database?

You can restore Freeradius database using the following command:

$ sudo mysql -u radius -p radius < freeradius_backup.sql

Replace "radius" with your MySQL database name and enter your MySQL password when prompted. The backup file should be in the same directory.

9. How do I troubleshoot Freeradius?

You can troubleshoot Freeradius by checking the logs in /var/log/freeradius/radius.log. You can also enable debug logging by editing the /etc/freeradius/radiusd.conf file and adding the following line:

debug {filename = /var/log/freeradius/debug.logdestination = fileslog_packet_header = yes}

10. How do I configure Freeradius to work with LDAP?

You can configure Freeradius to work with LDAP by editing the /etc/freeradius/mods-available/ldap file and adding your LDAP server details. Then, create a symbolic link to the /etc/freeradius/mods-enabled/ directory:

$ sudo ln -s /etc/freeradius/mods-available/ldap /etc/freeradius/mods-enabled/ldap

11. How do I configure Freeradius to work with Active Directory?

You can configure Freeradius to work with Active Directory by using the LDAP module. See FAQ 10 for instructions on how to configure the LDAP module.

12. How do I secure Freeradius?

To secure Freeradius, you should enable TLS and use strong passwords for all users and NAS clients. You should also limit access to the Freeradius server and database to only authorized users.

13. How do I upgrade Freeradius?

You can upgrade Freeradius using the following command:

$ sudo apt update && sudo apt upgrade freeradius freeradius-mysql -y

Conclusion

Congratulations! You have successfully installed and configured Freeradius on your Ubuntu server. Freeradius is a powerful and flexible authentication system that can handle various authentication methods and integrate with existing network infrastructure. Remember to keep Freeradius up-to-date and secure to ensure the integrity of your network.

If you have any questions or comments, feel free to leave them below. Thanks for reading!

Closing and Disclaimer

This article is meant to be a guide and should not be considered a substitute for professional advice. We do not take any responsibility for any damage or loss that may occur from following the instructions in this article. Always perform a backup before making any changes to your system.

The information in this article is accurate at the time of publication. However, software versions and configurations may change over time. Please check the official documentation for the latest information.

Video:How to Install Freeradius on Ubuntu Server