I will give an example of updating or installing Freeradius 3.0.23 from the source codes.
ABillS and Freeradius will work for me in the same operating system Ubuntu Server 18.04.
First of all, switch to the root user and if Freeradius was previously installed, then let’s see which version is installed on the system:
sudo -i
/usr/local/freeradius/sbin/radiusd -v
Make sure the required components are installed:
apt install perl libmysqlclient-dev libgdbm5 libgdbm-dev make gcc build-essential snmp libpcap-dev libhiredis-dev libperl-dev libtalloc-dev
Let’s see where the perl libraries are installed and make sure there is a symbolic link:
find /usr/lib/ | grep libperl.so
ln -s /usr/lib/x86_64-linux-gnu/libperl.so.5.26 /usr/lib/x86_64-linux-gnu/libperl.so
If Freeradius was previously installed, then you can make a copy of the configuration and dictionaries, and then delete the directory:
tar -cvjf /usr/local/backup_freeradius2.tar.bz2 /usr/local/freeradius/
rm -r /usr/local/freeradius
Download the archive with the new version of Freeradius (available versions can be viewed here ftp://ftp.freeradius.org/pub/freeradius/):
cd /opt
wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-3.0.23.tar.gz
Unpack the downloaded archive and install it:
tar zxvf freeradius-server-3.0.23.tar.gz
cd freeradius-server-3.0.23
./configure --prefix=/usr/local/freeradius --with-rlm-perl-lib-dir=/usr/lib/x86_64-linux-gnu/ --with-dhcp=yes --with-openssl=no > /dev/null
make
make install
ln -s /usr/local/freeradius/sbin/radiusd /usr/sbin/radiusd
Delete unnecessary configuration files and copy the ready-made ones from the ABillS directory:
rm /usr/local/freeradius/etc/raddb/sites-enabled/*
cp /usr/abills/misc/freeradius/v3/mods-enabled/perl /usr/local/freeradius/etc/raddb/mods-enabled/perl
cp /usr/abills/misc/freeradius/v3/mods-enabled/sql /usr/local/freeradius/etc/raddb/mods-enabled/
cp /usr/abills/misc/freeradius/v3/sites-enabled/abills_default /usr/local/freeradius/etc/raddb/sites-enabled/abills_default
cp /usr/abills/misc/freeradius/v3/users /usr/local/freeradius/etc/raddb/users
echo '' > /usr/local/freeradius/etc/raddb/clients.conf
We will clean clients.conf as we will store the access server in the mysql database.
It is assumed that a group and a user have been created, and also, after updating the installation, we will set the rights to the directories:
groupadd freerad
useradd -g freerad -s /bash/bash freerad
chown -R freerad:freerad /usr/local/freeradius/etc/raddb
mkdir /var/run/radiusd/
chown -R freerad:freerad /var/run/radiusd/
mkdir /var/log/radacct
chown freerad:freerad /var/log/radacct
Let’s edit the main Freeradius configuration file:
nano /usr/local/freeradius/etc/raddb/radiusd.conf
prefix = /usr/local/freeradius
user = freerad
group = freerad
I also changed these parameters:
thread pool {
start_servers = 8
max_servers = 32
min_spare_servers = 8
max_spare_servers = 32
max_requests_per_server = 0
}
You can also instead of * specify the IP on which FreeRADIUS will work, otherwise it will be on everyone:
listen {
ipaddr = *
Open the file in a text editor:
nano /usr/local/freeradius/etc/raddb/mods-enabled/sql
Let’s set up a connection to the database:
sql {
database = "mysql"
driver = "rlm_sql_${database}"
server = "127.0.0.1"
#port = 3306
login = "abills"
password = "sqlpassword"
radius_db = "abills"
'%secretkey%' change to 'test12345678901234567890'
Let’s open the dictionary file in a text editor:
nano /usr/local/freeradius/etc/raddb/dictionary
We will also add the necessary pairs to the dictionary, for example, I added:
ATTRIBUTE DHCP-Router-IP-Address 241 ipaddr
ATTRIBUTE DHCP-Mask 242 integer
ATTRIBUTE L4-Redirect 243 integer
ATTRIBUTE L4-Redirect-ipset 244 string
ATTRIBUTE DHCP-Option82 245 octets
# Limit session traffic
ATTRIBUTE Session-Octets-Limit 227 integer
# What to assume as limit - 0 in+out, 1 in, 2 out, 3 max(in,out)
ATTRIBUTE Octets-Direction 228 integer
# Connection Speed Limit
ATTRIBUTE PPPD-Upstream-Speed-Limit 230 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit 231 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-1 232 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-1 233 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-2 234 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-2 235 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-3 236 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-3 237 integer
ATTRIBUTE Acct-Interim-Interval 85 integer
ATTRIBUTE Acct-Input-Gigawords 52 integer
ATTRIBUTE Acct-Output-Gigawords 53 integer
Let’s create a Freeradius startup script:
nano /etc/init.d/radiusd
Let’s add to it:
#!/bin/sh
#
# radiusd Start the radius daemon.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
#
# Copyright (C) 2001-2008 The FreeRADIUS Project http://www.freeradius.org
# chkconfig: - 58 74
# description: radiusd is service access provider Daemon.
### BEGIN INIT INFO
# Provides: radiusd
# Required-Start: $remote_fs $network $syslog
# Should-Start: mysql radiusd
# Required-Stop: $remote_fs $syslog
# Should-Stop: radiusd
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start and stop radiusd
# Description: radiusd is access provider service Daemon.
### END INIT INFO
prefix=/usr/local/freeradius
exec_prefix=${prefix}
sbindir=${exec_prefix}/sbin
localstatedir=/var
logdir=${localstatedir}/log/radius
rundir=/usr/local/freeradius/var/run/radiusd/
sysconfdir=${prefix}/etc
#
# If you have issues with OpenSSL, uncomment these next lines.
#
# Something similar may work for MySQL, and you may also
# have to LD_PRELOAD libz.so
#
#LD_LIBRARY_PATH=
#LD_RUN_PATH=:
#LD_PRELOAD=libcrypto.so
export LD_LIBRARY_PATH LD_RUN_PATH LD_PRELOAD
RADIUSD=$sbindir/radiusd
RADDBDIR=${sysconfdir}/raddb
RADIUS_USER='freerad'
DESC="FreeRADIUS"
#
# See 'man radiusd' for details on command-line options.
#
ARGS=""
test -f $RADIUSD || exit 0
test -f $RADDBDIR/radiusd.conf || exit 0
if [ ! -d $rundir ] ; then
mkdir $rundir
chown ${RADIUS_USER}:${RADIUS_USER} $rundir
chmod 775 $rundir
fi
if [ ! -d $logdir ] ; then
mkdir $logdir
chown ${RADIUS_USER}:${RADIUS_USER} $logdir
chmod 770 $logdir
chmod g+s $logdir
fi
if [ ! -f $logdir/radius.log ]; then
touch $logdir/radius.log
fi
chown ${RADIUS_USER}:${RADIUS_USER} $logdir/radius.log
chown -R ${RADIUS_USER}:${RADIUS_USER} /usr/local/freeradius/etc/raddb
chown -R ${RADIUS_USER}:${RADIUS_USER} ${rundir}/..
chmod 660 $logdir/radius.log
case "$1" in
start)
echo -n "Starting $DESC:"
$RADIUSD $ARGS
echo "radiusd"
;;
stop)
[ -z "$2" ] && echo -n "Stopping $DESC: "
[ -f $rundir/radiusd.pid ] && kill -TERM `cat $rundir/radiusd.pid`
[ -z "$2" ] && echo "radiusd."
;;
reload|force-reload)
echo "Reloading $DESC configuration files."
[ -f $rundir/radiusd.pid ] && kill -HUP `cat $rundir/radiusd.pid`
;;
restart)
sh $0 stop quiet
sleep 3
sh $0 start
;;
check)
$RADIUSD -CX $ARGS
exit $?
;;
*)
echo "Usage: /etc/init.d/$RADIUS {start|stop|reload|restart|check}"
exit 1
stop
;;
status)
status \$prog
;;
restart|force-reload)
stop
start
;;
try-restart|condrestart)
if status \$prog > /dev/null; then
stop
start
fi
;;
reload)
exit 3
;;
*)
echo \$"Usage: \$0 {start|stop|status|restart|try-restart|force-reload}"
exit 2
esac
Let’s activate it:
chmod +x /etc/init.d/radiusd
update-rc.d radiusd defaults
update-rc.d radiusd enable
Let’s make a test run with any of the commands:
radiusd -X
/usr/sbin/radiusd -X
If a lot of data is displayed, then you can write them to a file for further analysis:
radiusd -X > debug.txt
If everything is ok, stop using the Ctrl+C keys and run in normal mode:
service radiusd start
Let’s check if Freeradius has started:
/etc/init.d/radiusd status
service radiusd status
systemctl status radiusd
ps ax | grep rad
netstat -anp | grep 1812
netstat -anp | grep 1813
nmap -sU -p 1813 localhost
tcpdump -i eno5 port 1812 or port 1813 or port 3799
For convenience, you can create a symbolic link to the log file in the standard log directory:
ln -s /usr/local/freeradius/var/log/radius/radius.log /var/log/radius.log
See also my articles:
- FreeRadius log rotation
- How to install and configure ABillS billing system
- Installing and configuring FreeRADIUS
- Error solution rlm_sql_mysql: Couldn’t connect to MySQL server