How to Install FreeRADIUS and Daloradius on Ubuntu 20.04

What is a freeRADIUS server?

RADIUS is a AAA (authentication, authorization, and accounting) protocol that helps in controlling network access. In other words, RADIUS protocol is used for connection management between the Network Access Server (NAS) and Authentication server.

The connection between two ends(NAC-NAS or NAS-Authentication server) is initiated after a successful negotiation on the network layer by exchanging packets containing necessary information such as NAS identification, authentication port number etc.

In simple words, it can be said that RADIUS provides authentication, authorization, and account information from an Authentication server to a device requesting access.

FreeRADIUS supports all these three features of AAA protocol - authentication, authorization, and accounting. In order to control what type of network access can be connected to, FreeRADIUS uses different modules. For example, if the NAS is a router then it cannot provide any authentication to the user that means in that case only authorization is performed by PPP or PPTP client module(s) and the rest of the steps are handled by other modules.

FreeRADIUS also provides support for all important databases used for accounts, users etc., including MariaDB/MySQL, PostgreSQL, Microsoft SQL Server, Oracle Database etc.

What is daloRADIUS?

daloRADIUS is an advanced web interface providing complete user management with the latest features such as automation for both end-users and system administrators. It simplifies day-to-day management of your FreeRADIUS installation.

daloRADIUS can be used to configure system/NAS parameters, create new user accounts and manage NASes. It is the only interface that provides complete User Management for both end-users and administrators.

Why daloRADIUS?

It brings a modern web interface to FreeRADIUS server with the latest features such as automation for end-users and administrators, all from a single place. It makes it easier for network administrators to manage their networks from any device that has access to the internet while giving end-users power over their login credentials and connection preferences.

In this guide, you will learn to install FreeRADIUS on Ubuntu 20.04 LTS and use daloRADIUS as the web interface.

Prerequisites

  • A fresh server of Ubuntu 20.04 LTS
  • A user with sudo privileges

Updating your System

Connect to the server as root user through SSH and update all packages of the system by running following command:

sudo apt-get update -y
sudo apt-get upgrade -y

Update packages

apt-upgrade

Once your server is up to date, you can proceed to the next step.

Installing Apache Web Server

Install apache web server and necessary modules by running following command:

sudo apt install apache2 -y

Once the installation is completed, start the Apache service and enable it to start with system boot:

sudo systemctl start apache2
sudo systemctl enable apache2

Install Apache

To verify external access to Apache, use your favorite web browser to access the Apache default page by visiting http://your-server-ip in a separate tab. You should see the Apache Default Page

Apache default page

Installing MariaDB database server for FreeRADIUS

MariaDB is an open-source database management system that will be used as the backend storage for FreeRADIUS. In this guide, freeRADIUS will use MariaDB to store user accounts, settings etc.

Install MariaDB server by running the following command:

sudo apt install software-properties-common mariadb-server mariadb-client -y

Once the installation is completed, start MariaDB service and enable it to start with system boot:

sudo systemctl start mysql
sudo systemctl enable mysql

To secure MariaDB Installation you can run the mysql_secure_installation script below by providing your root password when prompted. This will remove anonymous user accounts, disable remote root logins, disallow null passwords etc. It’s recommended to configure this upfront so that the security foundation is strong for any future deployments.

mysql_secure_installation

secure MariaDB

You can verify the status of the MariaDB server by running the below command:

sudo systemctl status mariadb

Check MariaDB Status

Installing PHP 8 for FreeRADIUS

We need to install PHP 8 which is required for the daloRADIUS Web interface. By default, PHP 7 is available in Ubuntu 20.04 LTS repository but not PHP 8. We will need to add a third-party PPA to get the latest version of PHP.

sudo add-apt-repository ppa:ondrej/php

Update your repositories by running the following command:

sudo apt update -y

Once the PPA is added, you can install PHP 8 and other necessary modules by running following command:

sudo apt install php8.0 libapache2-mod-php8.0
sudo apt install php-gd php-mail php-mail-mime php-mysql php-pear php-db php-mbstring php-xml php-curl

Install PHP 8

Check the version of PHP and verify the installation by running following command:

php -v

Restart Apache after installation is completed

sudo systemctl restart apache2

Installing FreeRADIUS

Now that all the prerequisites are met, you can proceed to install FreeRADIUS. By default, the FreeRADIUS package is available in the repositories, you can show the versions of freeradius available in your Ubuntu by running the following command:

sudo apt policy freeradius

You will get the output similar to below

Install FreeRadius

You can install FreeRADIUS server by running the following command:

sudo apt-get install freeradius freeradius-mysql freeradius-utils -y

Install FreeRADIUS

To quickly check that FreeRADIUS is up and running, we will run FreeRADIUS in debugging mode.

To run freeRADIUS in debug mode, use the following command:

sudo systemctl stop freeradius
sudo freeradius -X

The output should look something like this:

Configure FreeRadius

You can see the line “Ready to process requests” at the bottom so that the installation of FreeRADIUS is successful.

Creating Database for FreeRADIUS

Now that FreeRADIUS is up and running, let’s create a database for FreeRADIUS. To do this, we will use the MariaDB console.

To access the MariaDB console, run following command:

mysql -u root -p

Enter root password when prompted to authenticate with MariaDB server.

Run the following command to create a freeRADIUS database:

CREATE DATABASE radius;

Grant rights to the new created database by executing the below query, replace $trongp@ss with your password.

GRANT ALL ON radius.* to radius@localhost IDENTIFIED BY "$trongp@ss";

Reload the privileges and exit the MariaDB console by running the following command:

FLUSH PRIVILEGES;
quit;

Once the database is created, you need to import the pre-built database schema which includes the FreeRADIUS MySQL tables.

You should now modify the daloradius.conf file to adjust the MySQL database as follows:

sudo nano /var/www/html/daloradius/library/daloradius.conf.php

Configure doloradius

Restart FreeRADIUS service using the following command:

sudo systemctl restart freeradius

Installing daloRADIUS Web Interface

We will install the daloRADIUS Web interface in order to configure FreeRADIUS server using a browser. Execute the following command to download daloRADIUS from the Github repository

wget https://github.com/lirantal/daloradius/archive/master.zip

Once download is completed, unzip the archive.

unzip master.zip

Move the extracted folder to your website’s root directory.

mv daloradius-master /var/www/html/daloradius

Import the pre-built database schema to the FreeRADIUS database created above

sudo mysql -u root -p radius< contrib/db/fr2-mysql-daloradius-and-freeradius.sql
sudo mysql -u root -p radius< contrib/db/mysql-daloradius.sql

Then, set the correct permissions for the daloradius configuration file and change permissions of the daloradius installation directory.

sudo chown -R www-data:www-data /var/www/html/daloradius
sudo chmod -R 755 /var/www/html/daloradius
sudo chmod 664 /var/www/html/daloradius/library/daloradius.conf.php

You should now modify the daloradius.conf file with your preferred configuration settings before accessing the daloRADIUS web interface from a browser.

sudo nano /var/www/html/daloradius/library/daloradius.conf.php

Doloradius web ui config

Restart FreeRADIUS service using following command:

sudo systemctl restart freeradius

Accessing daloRADIUS Web Interface

To access the daloradius web interface, open http://ip-address/daloradius/login.php in your browser. You will be prompted for username and password. The default Username is administrator, the default password is radius

DaloRADIUS

Once logged in to daloradius web interface, you can start adding users, virtual RADIUS servers, EAP types, etc. You can also create new users and groups which will be used to authenticate the users with EAP authentication types available in FreeRADIUS.

Conclusion

In this tutorial, we learned how to install FreeRADIUS with daloRADIUS Web interface on Ubuntu 20.04 LTS server. Further, we learned how to import the pre-built database schema. While this tutorial was written for Ubuntu 20.04 LTS server, it should work on other Ubuntu or Debian distros with few modifications.