ABillS. Installing Freeradius

Posted byVyacheslav Leave a comment on ABillS. Installing Freeradius

I will give an example of updating or installing Freeradius 3.0.23 from the source codes.
ABillS and Freeradius will work for me in the same operating system Ubuntu Server 18.04.

First of all, switch to the root user and if Freeradius was previously installed, then let’s see which version is installed on the system:

sudo -i
/usr/local/freeradius/sbin/radiusd -v

Make sure the required components are installed:

apt install perl libmysqlclient-dev libgdbm5 libgdbm-dev make gcc build-essential snmp libpcap-dev libhiredis-dev libperl-dev libtalloc-dev

Let’s see where the perl libraries are installed and make sure there is a symbolic link:

find /usr/lib/ | grep libperl.so
ln -s /usr/lib/x86_64-linux-gnu/libperl.so.5.26 /usr/lib/x86_64-linux-gnu/libperl.so

If Freeradius was previously installed, then you can make a copy of the configuration and dictionaries, and then delete the directory:

tar -cvjf /usr/local/backup_freeradius2.tar.bz2 /usr/local/freeradius/
rm -r /usr/local/freeradius

Download the archive with the new version of Freeradius (available versions can be viewed here ftp://ftp.freeradius.org/pub/freeradius/):

cd /opt
wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-3.0.23.tar.gz

Unpack the downloaded archive and install it:

tar zxvf freeradius-server-3.0.23.tar.gz
cd freeradius-server-3.0.23
./configure --prefix=/usr/local/freeradius --with-rlm-perl-lib-dir=/usr/lib/x86_64-linux-gnu/ --with-dhcp=yes --with-openssl=no > /dev/null
make
make install
ln -s /usr/local/freeradius/sbin/radiusd /usr/sbin/radiusd

Delete unnecessary configuration files and copy the ready-made ones from the ABillS directory:

rm /usr/local/freeradius/etc/raddb/sites-enabled/*
cp /usr/abills/misc/freeradius/v3/mods-enabled/perl /usr/local/freeradius/etc/raddb/mods-enabled/perl
cp /usr/abills/misc/freeradius/v3/mods-enabled/sql /usr/local/freeradius/etc/raddb/mods-enabled/
cp /usr/abills/misc/freeradius/v3/sites-enabled/abills_default /usr/local/freeradius/etc/raddb/sites-enabled/abills_default
cp /usr/abills/misc/freeradius/v3/users /usr/local/freeradius/etc/raddb/users
echo '' > /usr/local/freeradius/etc/raddb/clients.conf

We will clean clients.conf as we will store the access server in the mysql database.
It is assumed that a group and a user have been created, and also, after updating the installation, we will set the rights to the directories:

groupadd freerad
useradd -g freerad -s /bash/bash freerad
chown -R freerad:freerad /usr/local/freeradius/etc/raddb
mkdir /var/run/radiusd/
chown -R freerad:freerad /var/run/radiusd/
mkdir /var/log/radacct
chown freerad:freerad /var/log/radacct

Let’s edit the main Freeradius configuration file:

nano /usr/local/freeradius/etc/raddb/radiusd.conf
prefix = /usr/local/freeradius
user = freerad
group = freerad

I also changed these parameters:

thread pool {
start_servers = 8
max_servers = 32
min_spare_servers = 8
max_spare_servers = 32
max_requests_per_server = 0
}

You can also instead of * specify the IP on which FreeRADIUS will work, otherwise it will be on everyone:

listen {
        ipaddr = *

Open the file in a text editor:

nano  /usr/local/freeradius/etc/raddb/mods-enabled/sql

Let’s set up a connection to the database:

sql {
        database = "mysql"
        driver = "rlm_sql_${database}"
        server = "127.0.0.1"
        #port = 3306
        login = "abills"
        password = "sqlpassword"
        radius_db = "abills"

'%secretkey%' change to 'test12345678901234567890'

Let’s open the dictionary file in a text editor:

nano /usr/local/freeradius/etc/raddb/dictionary

We will also add the necessary pairs to the dictionary, for example, I added:

ATTRIBUTE DHCP-Router-IP-Address 241 ipaddr
ATTRIBUTE DHCP-Mask              242 integer
ATTRIBUTE L4-Redirect      243 integer
ATTRIBUTE L4-Redirect-ipset      244 string
ATTRIBUTE DHCP-Option82          245 octets
# Limit session traffic
ATTRIBUTE Session-Octets-Limit 227 integer
# What to assume as limit - 0 in+out, 1 in, 2 out, 3 max(in,out)
ATTRIBUTE Octets-Direction 228 integer
# Connection Speed Limit
ATTRIBUTE PPPD-Upstream-Speed-Limit 230 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit 231 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-1 232 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-1 233 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-2 234 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-2 235 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-3 236 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-3 237 integer
ATTRIBUTE Acct-Interim-Interval 85 integer
ATTRIBUTE Acct-Input-Gigawords    52      integer
ATTRIBUTE Acct-Output-Gigawords   53      integer

Let’s create a Freeradius startup script:

nano /etc/init.d/radiusd

Let’s add to it:

#!/bin/sh
#
# radiusd  Start the radius daemon.
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program; if not, write to the Free Software
#    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
#
#    Copyright (C) 2001-2008 The FreeRADIUS Project http://www.freeradius.org
#   chkconfig: - 58 74
#   description: radiusd is service access provider Daemon.
### BEGIN INIT INFO
# Provides: radiusd
# Required-Start: $remote_fs $network $syslog
# Should-Start: mysql radiusd
# Required-Stop: $remote_fs $syslog
# Should-Stop: radiusd
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start and stop radiusd
# Description: radiusd is access provider service Daemon.
### END INIT INFO
 
prefix=/usr/local/freeradius
exec_prefix=${prefix}
sbindir=${exec_prefix}/sbin
localstatedir=/var
logdir=${localstatedir}/log/radius
rundir=/usr/local/freeradius/var/run/radiusd/
sysconfdir=${prefix}/etc
#
#  If you have issues with OpenSSL, uncomment these next lines.
#
#  Something similar may work for MySQL, and you may also
#  have to LD_PRELOAD libz.so
#
#LD_LIBRARY_PATH=
#LD_RUN_PATH=:
#LD_PRELOAD=libcrypto.so
export LD_LIBRARY_PATH LD_RUN_PATH LD_PRELOAD
 
RADIUSD=$sbindir/radiusd
RADDBDIR=${sysconfdir}/raddb
RADIUS_USER='freerad'
DESC="FreeRADIUS"
 
#
#  See 'man radiusd' for details on command-line options.
#
ARGS=""
 
test -f $RADIUSD || exit 0
test -f $RADDBDIR/radiusd.conf || exit 0
 
if [ ! -d $rundir ] ; then
    mkdir $rundir
    chown ${RADIUS_USER}:${RADIUS_USER} $rundir
    chmod 775 $rundir
fi
 
if [ ! -d $logdir ] ; then
    mkdir $logdir
    chown ${RADIUS_USER}:${RADIUS_USER} $logdir
    chmod 770 $logdir
    chmod g+s $logdir
fi
 
if [ ! -f $logdir/radius.log ]; then
        touch $logdir/radius.log
fi
 
chown ${RADIUS_USER}:${RADIUS_USER} $logdir/radius.log
chown -R ${RADIUS_USER}:${RADIUS_USER} /usr/local/freeradius/etc/raddb
chown -R ${RADIUS_USER}:${RADIUS_USER} ${rundir}/..
chmod 660 $logdir/radius.log
 
case "$1" in
  start)
  echo -n "Starting $DESC:"
  $RADIUSD $ARGS
  echo "radiusd"
  ;;
  stop)
  [ -z "$2" ] && echo -n "Stopping $DESC: "
        [ -f $rundir/radiusd.pid ] && kill -TERM `cat $rundir/radiusd.pid`
  [ -z "$2" ] && echo "radiusd."
  ;;
  reload|force-reload)
  echo "Reloading $DESC configuration files."
  [ -f $rundir/radiusd.pid ] && kill -HUP `cat $rundir/radiusd.pid`
  ;;
  restart)
  sh $0 stop quiet
  sleep 3
  sh $0 start
  ;;
  check)
  $RADIUSD -CX $ARGS
  exit $?
  ;;
  *)
        echo "Usage: /etc/init.d/$RADIUS {start|stop|reload|restart|check}"
        exit 1
        stop
        ;;
  status)
        status \$prog
        ;;
  restart|force-reload)
        stop
        start
        ;;
  try-restart|condrestart)
        if status \$prog > /dev/null; then
            stop
            start
        fi
        ;;
  reload)
        exit 3
        ;;
  *)
        echo \$"Usage: \$0 {start|stop|status|restart|try-restart|force-reload}"
        exit 2
esac

Let’s activate it:

chmod +x /etc/init.d/radiusd
update-rc.d radiusd defaults
update-rc.d radiusd enable

Let’s make a test run with any of the commands:

radiusd -X
/usr/sbin/radiusd -X

If a lot of data is displayed, then you can write them to a file for further analysis:

radiusd -X > debug.txt

If everything is ok, stop using the Ctrl+C keys and run in normal mode:

service radiusd start

Let’s check if Freeradius has started:

/etc/init.d/radiusd status
service radiusd status
systemctl status radiusd 
ps ax | grep rad
netstat -anp | grep 1812
netstat -anp | grep 1813
nmap -sU -p 1813 localhost
tcpdump -i eno5 port 1812 or port 1813 or port 3799

For convenience, you can create a symbolic link to the log file in the standard log directory:

ln -s /usr/local/freeradius/var/log/radius/radius.log /var/log/radius.log

See also my articles:

Leave a comment

Leave a Reply