1080*80 ad
Home » Blog » Installing FreeRADIUS and daloRADIUS on Debian 9

Installing FreeRADIUS and daloRADIUS on Debian 9

Benhcmark Administrator Benhcmark Administrator
19/08/2025
0 Views 0
Installing FreeRADIUS and daloRADIUS on Debian 9

How to Build a Powerful RADIUS Server with FreeRADIUS and daloRADIUS on Debian

Setting up a robust authentication system is a cornerstone of network security and management. For this, the RADIUS (Remote Authentication Dial-In User Service) protocol is the industry standard, providing centralized Authentication, Authorization, and Accounting (AAA) for your network devices.

This guide will walk you through a complete, step-by-step installation of FreeRADIUS, the world’s most popular open-source RADIUS server, paired with daloRADIUS, a powerful web-based management interface. By combining these two tools on a Debian system, you can create a flexible and user-friendly AAA solution for managing Wi-Fi, VPN, or network switch access.

While this guide uses Debian 9 (“Stretch”) as a baseline, the steps are highly similar for more recent versions like Debian 10 and 11.

Prerequisites

Before we begin, ensure your system is ready:

  • A server running Debian.
  • Root or sudo privileges.
  • A functioning LAMP stack (Linux, Apache, MySQL/MariaDB, PHP) is required for the daloRADIUS web interface.

Step 1: Prepare the System and Install the LAMP Stack

First, let’s update your server’s package lists and install the necessary components for our LAMP environment.

  1. Update your system:

    sudo apt update && sudo apt upgrade -y

  2. Install Apache, MariaDB, and PHP along with the modules required by FreeRADIUS and daloRADIUS:

    sudo apt install apache2 mariadb-server php php-common php-gd php-mail php-mail-mime php-mysql php-pear php-db wget unzip -y

  3. Secure your MariaDB installation. This essential security step will prompt you to set a root password and remove insecure defaults.
    bash
    sudo mysql_secure_installation

    Follow the on-screen prompts, making sure to set a strong root password.

Step 2: Install FreeRADIUS and its MySQL Module

With the web environment ready, we can now install the FreeRADIUS server itself. It’s crucial to also install the freeradius-mysql package, which allows FreeRADIUS to communicate with our MariaDB database for user management.

sudo apt install freeradius freeradius-mysql -y

Step 3: Configure FreeRADIUS to Use the MySQL Database

By default, FreeRADIUS manages users through flat text files. To integrate it with daloRADIUS, we must configure it to use our MariaDB database as the backend.

  1. Enable the SQL module for FreeRADIUS by creating a symbolic link from the mods-available directory to the mods-enabled directory.

    sudo ln -s /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-enabled/sql

  2. Edit the SQL module configuration file. We need to provide the database connection details here.

    sudo nano /etc/freeradius/3.0/mods-available/sql

  3. Inside this file, locate the sql { block and modify the following settings. You’ll need to uncomment some lines and change their values to match your database setup.

    driver = "rlm_sql_mysql"
dialect = "mysql"

# Connection info:
server = "localhost"
port = 3306
login = "radius"
password = "your_strong_password" # Use the password you will create in the next step

# Database table configuration
radius_db = "radius"

    Save and exit the file (Ctrl+X, then Y, then Enter).

  4. Set the correct permissions for the configuration file so the freerad user can access it.
    bash
    sudo chgrp -h freerad /etc/freeradius/3.0/mods-available/sql

Step 4: Create and Populate the RADIUS Database

Now, we’ll create the database and user that FreeRADIUS will use.

  1. Log in to MariaDB as the root user.

    sudo mysql -u root -p

  2. Enter the root password you set earlier. Once inside the MariaDB prompt, execute the following commands to create the radius database and a dedicated user.

    Security Tip: Replace 'your_strong_password' with a secure, unique password.

    CREATE DATABASE radius;
GRANT ALL ON radius.* TO 'radius'@'localhost' IDENTIFIED BY 'your_strong_password';
FLUSH PRIVILEGES;
EXIT;

  3. Import the default FreeRADIUS schema into your new database. This command creates all the necessary tables that FreeRADIUS needs to operate.
    bash
    sudo mysql -u root -p radius < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql

Step 5: Download and Install daloRADIUS

daloRADIUS is not available in the default Debian repositories, so we will download it directly from GitHub.

  1. Navigate to a temporary directory and download the latest version.

    cd /tmp
wget https://github.com/lirantal/daloradius/archive/master.zip

  2. Unzip the downloaded file and move its contents to your web server’s directory.

    unzip master.zip
sudo mv daloradius-master /var/www/html/radius

  3. Import the daloRADIUS schema additions. This adds extra tables to the radius database required by the web interface.
    bash
    sudo mysql -u root -p radius < /var/www/html/radius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql

Step 6: Configure daloRADIUS

The final configuration step is to tell daloRADIUS how to connect to the database.

  1. Navigate to the daloRADIUS directory and edit its configuration file.

    sudo nano /var/www/html/radius/library/daloradius.conf.php

  2. Update the database connection parameters to match what you configured in Step 4.

    $configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_USER'] = 'radius';
$configValues['CONFIG_DB_PASS'] = 'your_strong_password';
$configValues['CONFIG_DB_NAME'] = 'radius';

    Save and exit the file.

  3. Set the correct file permissions for the web directory. This allows the web server to access the files while keeping your configuration file secure.
    bash
    sudo chown -R www-data:www-data /var/www/html/radius/
    sudo chmod 664 /var/www/html/radius/library/daloradius.conf.php

Step 7: Finalize and Test Your Installation

Everything is now configured. Let’s restart the services and test the setup.

  1. Restart the FreeRADIUS and Apache services to apply all the changes.

    sudo systemctl restart freeradius
sudo systemctl restart apache2

  2. To troubleshoot FreeRADIUS, you can run it in debug mode. This is extremely useful for seeing real-time logs and diagnosing connection issues. Stop the service first, then run it with the -X flag.

    sudo systemctl stop freeradius
sudo freeradius -X

    Press Ctrl+C to exit debug mode and remember to start the service again (sudo systemctl start freeradius).

  3. Access the daloRADIUS web interface by opening your web browser and navigating to:
    http://your_server_ip/radius

  4. The default login credentials are:

    • Username: administrator
    • Password: radius

    Crucial Security Step: The very first thing you should do after logging in is navigate to the Management > Administrators section and change the default password to something strong and unique.

Conclusion

You now have a fully functional RADIUS server with a powerful, easy-to-use web management panel. From the daloRADIUS dashboard, you can begin adding NAS (Network Access Server) clients, creating users, defining policies, and monitoring authentication logs. This setup provides a professional-grade AAA solution for securing and managing access to your critical network infrastructure.

Source: https://kifarunix.com/install-freeradius-with-daloradius-on-debian-9/

900*80 ad

Related Articles
      1080*80 ad
      About Hosterdojo

      Hosterdojo reviews server performance, network capabilities, and other related benchmarks. If you are a provider interested in submitting your VPS products, feel free to reach out to me.

      Email: [email protected]
      Telegram Channel: https://t.me/hosterdojo

      Follow

      Useful Link

      Girl in a jacket