Setting up FreeRADIUS and daloRADIUS on Fedora 29

03/08/2025

1 View 0

SaveSavedRemoved 0

Setting up FreeRADIUS and daloRADIUS on Fedora 29

How to Install and Configure FreeRADIUS with a daloRADIUS Web Interface

Managing network access and user authentication can be a complex task, especially as your network grows. A centralized authentication system is the gold standard for security and efficiency. This is where a RADIUS (Remote Authentication Dial-In User Service) server becomes invaluable.

FreeRADIUS is the most popular open-source RADIUS server in the world, providing robust and flexible Authentication, Authorization, and Accounting (AAA) services. However, managing it through the command line can be cumbersome. That’s where daloRADIUS comes in—a powerful web-based application designed to manage FreeRADIUS servers with ease.

This guide will walk you through the complete process of setting up a powerful FreeRADIUS server on a modern Linux system (like Fedora, CentOS, or RHEL) and managing it with the user-friendly daloRADIUS web interface.

Prerequisites: What You’ll Need

Before we begin, ensure you have the following ready:

A running Linux server (this guide uses commands for Fedora/RHEL-based systems).
Root or sudo privileges.
A functional LAMP or LEMP stack (Linux, Apache/Nginx, MariaDB/MySQL, and PHP).
Basic knowledge of the Linux command line.

Step 1: Install the Core Server Components

First, we need to install the necessary software packages from the official repositories. This includes the FreeRADIUS server itself, a database server (we’ll use MariaDB), the Apache web server, and PHP.

Install FreeRADIUS and MariaDB
Open your terminal and run the following command to install FreeRADIUS, its MySQL compatibility module, and the MariaDB database server.
```
sudo dnf install freeradius freeradius-mysql mariadb-server -y
```
Start and Secure MariaDB
Once installed, you need to start the database service and enable it to launch on boot.
```
sudo systemctl start mariadb
sudo systemctl enable mariadb
```
Next, run the secure installation script. This is a critical security step that removes insecure default settings, sets a root password, and locks down your database.
```
sudo mysql_secure_installation
```
Follow the on-screen prompts, making sure to set a strong root password.
Install Apache and PHP
Now, install the Apache web server and the required PHP modules for daloRADIUS to function correctly.
```
sudo dnf install httpd php php-mysqlnd php-gd php-pear -y
```
After the installation, start and enable the Apache service.
```
sudo systemctl start httpd
sudo systemctl enable httpd
```

Step 2: Configure FreeRADIUS with a MySQL Backend

By default, FreeRADIUS uses flat files for configuration. For a scalable and manageable setup, we’ll configure it to use our MariaDB database instead.

Create the RADIUS Database
Log into your MariaDB server using the root password you set earlier.
```
sudo mysql -u root -p
```
Now, create a dedicated database and a user for FreeRADIUS. Replace 'your_strong_password' with a secure password of your own.
```
CREATE DATABASE radius;
GRANT ALL PRIVILEGES ON radius.* TO 'radius'@'localhost' IDENTIFIED BY 'your_strong_password';
FLUSH PRIVILEGES;
EXIT;
```
Import the FreeRADIUS Schema
FreeRADIUS comes with a predefined database schema. We need to import it into the radius database we just created.
```
sudo mysql -u radius -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql
```
You will be prompted for the radius user’s password.
Link FreeRADIUS to the Database
Next, we need to tell FreeRADIUS how to connect to our database. Edit the SQL module configuration file:
```
sudo nano /etc/raddb/mods-available/sql
```
Inside this file, locate the sql section and make the following changes:
- Set the driver to "rlm_sql_mysql".
- Set the dialect to "mysql".
- In the connection_info section, update the following:
  - server = "localhost"
  - login = "radius"
  - password = "your_strong_password"
  - radius_db = "radius"
Save and close the file. Now, enable the SQL module by creating a symbolic link from the mods-available directory to the mods-enabled directory.
```
sudo ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/
```
Test Your FreeRADIUS Configuration
Before proceeding, it’s wise to test the setup. Run FreeRADIUS in debug mode to see its output.
```
sudo freeradius -X
```
Look for the line Ready to process requests. If you see this without any major errors, your connection to the database is successful. You can stop the process with Ctrl + C.

Step 3: Install and Set Up daloRADIUS

With the backend configured, it’s time to install the web interface.

Download and Place daloRADIUS
Download the latest version of daloRADIUS from its official repository (usually GitHub) and place it in your web server’s root directory.
```
cd /tmp
wget https://github.com/lirantal/daloradius/archive/master.zip
unzip master.zip
sudo mv daloradius-master /var/www/html/daloradius
```
Import the daloRADIUS Database Tables
daloRADIUS requires additional tables in your radius database. Import them from the provided SQL file.
```
sudo mysql -u radius -p radius < /var/www/html/daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql
```
Configure daloRADIUS Connection
Copy the sample configuration file and edit it to match your database settings.
```
sudo cp /var/www/html/daloradius/library/daloradius.conf.php.sample /var/www/html/daloradius/library/daloradius.conf.php
sudo nano /var/www/html/daloradius/library/daloradius.conf.php
```
Update the following database variables:
- $configValues['CONFIG_DB_HOST'] = 'localhost';
- $configValues['CONFIG_DB_USER'] = 'radius';
- $configValues['CONFIG_DB_PASS'] = 'your_strong_password';
- $configValues['CONFIG_DB_NAME'] = 'radius';
Save and close the file.
Set File Permissions
The web server needs permission to write to the daloRADIUS directory. Set the correct ownership.
```
sudo chown -R apache:apache /var/www/html/daloradius
```

Step 4: Final Security and Configuration

Your setup is almost complete. These final steps are crucial for security and proper operation.

Configure Firewall Rules: Your server’s firewall must allow traffic for RADIUS and the web interface.

sudo firewall-cmd --permanent --add-port=1812/udp --add-port=1813/udp
sudo firewall-cmd --permanent --add-service=http --add-service=https
sudo firewall-cmd --reload

Adjust SELinux Policies (If Applicable): On systems like Fedora or CentOS, SELinux may block Apache from making network connections to the database. Run the following command to allow it:
```
sudo setsebool -P httpd_can_network_connect_db 1
```
Update RADIUS Clients: Edit the /etc/raddb/clients.conf file to define the network devices (like routers or wireless access points) that will be using this RADIUS server. Crucially, change the default secret to a long, complex, and unique value for each client.
Access daloRADIUS: You can now access the web interface by navigating to http://your_server_ip/daloradius. The default login credentials are:
- Username: administrator
- Password: radius
- It is essential that you change this default password immediately after logging in.

Conclusion: A Centralized Authentication Hub

You have successfully deployed a powerful and flexible AAA server with FreeRADIUS, backed by a robust MySQL database and managed by the intuitive daloRADIUS web interface. This centralized system not only enhances your network security but also simplifies user management, provides detailed accounting logs, and scales with your organization’s needs. From here, you can start adding users, managing network devices, and creating specific access policies, all from a single, convenient dashboard.

Source: https://kifarunix.com/install-and-configure-freeradius-with-daloradius-on-fedora-29-2/