Linux Tutorials Others

Setup Enterprise Login in WIFI router using FreeRADIUS CentOS 7 / RHEL 7

main_image_free_radius_guess_linux

RADIUS, which stands for “Remote Authentication Dial In User Service”, is a network protocol – a system that defines rules and conventions for communication between network devices – for remote user authentication and accounting. RADIUS is normally used to provide AAA services; Authorization. Authentication and Accounting.

FreeRADIUS is the most deployed RADIUS server since it supports all common authentication protocols, being open source and simplified user administration made possible by its dialupadmin web GUI. The server also comes with modules for LDAP and database systems integration like MySQL,PostgreSQL,Oracle.

Here we will install and configure FreeRADIUS server, and also configure Enterprise Authentication for your WIFI router.

Prerequisites:

Install httpd server

yum -y update
yum groupinstall "Development Tools" -y
yum -y install httpd httpd-devel

guess_linux_freeradius1 guess_linux_freeradius3 guess_linux_freeradius4 guess_linux_freeradius5

Start and enable httpd server

systemctl enable httpd
systemctl start httpd

guess_linux_freeradius6

Installing and Configuring MariaDB

Follow the steps here

Configure Database for freeradius

mysql -u root -p -e " CREATE DATABASE radius"
mysql -u root -p -e "show databases"
mysql -u root -p
MariaDB [(none)]> GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "password123";
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> \q
Bye

guess_linux_freeradius8 guess_linux_freeradius9 guess_linux_freeradius10

Installing php 7 on CentOS 7

Follow here

yum remove php-cli mod_php php-common
yum -y install php70w-cli php70w-mysqlnd php70w-devel php70w-gd php70w-mcrypt php70w-mbstring php70w-xml php70w-pear php-pear-DB
systemctl restart httpd

guess_linux_freeradius12

Installing FreeRADIUS

yum -y install freeradius*

guess_linux_freeradius13

You have to start and enable freeradius to start at boot up.

systemctl start radiusd.service
systemctl enable radiusd.service

guess_linux_freeradius14

Test radius server by running it in debug mode with option -X

ss -tunlp | grep radiusd

guess_linux_freeradius15

If it’s running, debug mode will fail to bind to ports, you may have to kill radius server daemon first

pkill radius

guess_linux_freeradius16

Then start radius server in debugging mode to see if it runs successfully:

radiusd -X

guess_linux_freeradius17

Configure FreeRADIUS

To Configure FreeRADIUS to use MariaDB, follow steps below.

Import the Radius database scheme to populate radius database

mysql -u root -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql

guess_linux_freeradius18
Configure Radius at this point

First you have to create a soft link for SQL under /etc/raddb/mods-enabled

ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/

guess_linux_freeradius19
Configure SQL module /raddb/mods-available/sql and change the database connection parameters to suite your environment:

vim /etc/raddb/mods-available/sql
sql section should look similar to below.
sql {
driver = "rlm_sql_mysql"
dialect = "mysql"

# Connection info:

server = "localhost"

port = 3306
login = "radius"
password = "password123"

# Database table configuration for everything except Oracle

radius_db = "radius"
}

# Set to ‘yes’ to read radius clients from the database (‘nas’ table)

# Clients will ONLY be read on server startup.
read_clients = yes

# Table to keep radius client info
client_table = “nas”

guess_linux_freeradius20
Then change group right of /etc/raddb/mods-enabled/sql to radiusd:

chgrp -h radiusd /etc/raddb/mods-enabled/sql

guess_linux_freeradius21

Create Your Client for RIDUS SERVER and Secret

open

vim /etc/raddb/clients.conf

guess_linux_freeradius22

on line number 42

ipadder = *

on line number 100

secret = password_satya

guess_linux_freeradius23

change your secret code for radius server and save it.

Create Certificate for you client

open

vim /etc/raddb/certs/ca.cnf

modify  like below

[certificate_authority]
countryName = IN
stateOrProvinceName = Odisha
localityName = PURI
organizationName = Guess Linux.
emailAddress = info@guesslinux.com
commonName = "Satya Certificate Authority"

open client.cnf

vim /etc/raddb/certs/client.cnf

modify like below

[client]
countryName = IN
stateOrProvinceName = Odisha
localityName = PURI
organizationName = Guess Linux
emailAddress = info@guesslinux.com
commonName = "Satya Certificate Authority"

open server.cnf

vim /etc/raddb/certs/server.cnf

modify like below

[server]
countryName = IN
stateOrProvinceName = Odisha
localityName = PURI
organizationName = Guess Linux
emailAddress = info@guesslinux.com
commonName = "Satya Certificate Authority"

guess_linux_freeradius25

run the following command

cd /etc/raddb/certs
rm -f *csr *key
make

guess_linux_freeradius26 guess_linux_freeradius27

Installing Daloradius

You can use Daloradius to manage radius server. This is optional and should not be done before install FreeRADIUS.
Download from Github:

wget https://github.com/lirantal/daloradius/archive/master.zip
unzip master.zip
mv daloradius-master/ daloradius

guess_linux_freeradius28

Change directory for configuration

cd daloradius

guess_linux_freeradius29
Configuring daloradius

Now import Daloradius mysql tables

mysql -u root -p radius < contrib/db/fr2-mysql-daloradius-and-freeradius.sql
mysql -u root -p radius < contrib/db/mysql-daloradius.sql

guess_linux_freeradius30
Configure daloRADIUS database connection details:

cd ..
mv daloradius /var/www/html/

guess_linux_freeradius31
Then change permissions for http folder and set the right permissions for daloradius configuration file.

chown -R apache:apache /var/www/html/daloradius/
chmod 664 /var/www/html/daloradius/library/daloradius.conf.php

guess_linux_freeradius32
You should now modify daloradius.conf.php file to adjust the MySQL database information . Therefore, open the daloradius.conf.php and add the database username, password and db name.

vim /var/www/html/daloradius/library/daloradius.conf.php

Especially relevant variables to configure are:

CONFIG_DB_USER
CONFIG_DB_PASS
CONFIG_DB_NAME

guess_linux_freeradius33

To be sure everything works, restart radiusd,httpd and mysql:

systemctl restart radiusd.service
systemctl restart mariadb.service
systemctl restart httpd

guess_linux_freeradius34

Up to this point, we’ve covered complete installation and configuration of daloradius and freeradius, to access daloradius, open the link using your IP address:

http://your-ip/daloradius/login.php
Default login details are:
Username: administrator
Password: radius

guess_linux_freeradius35guess_linux_freeradius36guess_linux_freeradius37guess_linux_freeradius38guess_linux_freeradius40guess_linux_freeradius41

Testing 

follow the steps in your router i am using TP-Link router here, same as for other routers.

guess_linux_freeradius42 guess_linux_freeradius43 guess_linux_freeradius_testcase1 guess_linux_freeradius_testcase2 guess_linux_freeradius_testcase3 guess_linux_freeradius_testcase4 guess_linux_freeradius_testcase5 guess_linux_freeradius_testcase6

Thank You

Leave a Comment