Installing and configuring FreeRADIUS

Installation on Ubuntu:

sudo apt-get install freeradius freeradius-utils freeradius-mysql

Add user radius:

sudo nano /etc/freeradius/users

Add clients:

sudo nano /etc/freeradius/clients.conf

To use mysql you need to uncomment the line “$INCLUDE sql.conf”:

sudo nano /etc/freeradius/radiusd.conf

We edit the username and password to connect to the database:

sudo nano /etc/freeradius/sql.conf

Uncommenting sql parameters:

sudo nano /etc/freeradius/sites-available/default
sudo nano /etc/freeradius/sites-available/inner-tunnel

Import Database:

sudo mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql

Restart FreeRADIUS to apply the changes:

sudo service freeradius restart

You can see if the service is running like this:

netstat -anp | grep 1812
netstat -anp | grep 1813
ps xa |grep radiusd
nmap -sU -p 1812 127.0.0.1
nmap -sU -p 1813 127.0.0.1

Stop freeradius and start in debug mode for testing:

sudo /etc/init.d/freeradius stop
sudo freeradius -X

Example run with a directory with configuration files:

sudo radiusd -X -d /usr/local/freeradius/etc/raddb/

Through tcpdump, you can catch packets like this:

sudo tcpdump -i eth0 port 1812 or port 1813 or port 3799
sudo tcpdump -i eth0 port 1812 or port 1813 or port 3799 | grep 'Access-Request (1)'

Detailed logs are configured in the detail file.

An example of opening ports for ufw:

sudo ufw allow 1812
sudo ufw allow 1813

Official documentation:
https://wiki.freeradius.org/Home
https://wiki.freeradius.org/config/Operators

Leave a comment