Scribd
Upload
578 views5 pages

FreeRADIUS 3.x Setup for Ubuntu Users

The document provides instructions for installing FreeRADIUS version 3.x on Ubuntu, including adding the FreeRADIUS PPA, installing packages, enabling and starting the service, configuring it to work with RADIUSdesk by copying configuration files and setting the shared secret, adding a script to sudoers, and configuring MESHdesk and APdesk by editing configuration files.

Uploaded by

mad maran
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
578 views5 pages

FreeRADIUS 3.x Setup for Ubuntu Users

The document provides instructions for installing FreeRADIUS version 3.x on Ubuntu, including adding the FreeRADIUS PPA, installing packages, enabling and starting the service, configuring it to work with RADIUSdesk by copying configuration files and setting the shared secret, adding a script to sudoers, and configuring MESHdesk and APdesk by editing configuration files.

Uploaded by

mad maran
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

2017/05/16 06:55 1/5 Installing FreeRADIUS version 3.

Installing FreeRADIUS version 3.x

Ubuntu is still sticking with FreeRADIUS version 2.x even with the 16.04 LTS release.
Fortunately adding the repository with the version 3.x packages of FreeRADIUS is a snap and
super easy.
https://launchpad.net/~freeradius/+archive/ubuntu/stable-3.0
Add the Personal Package Archive (PPA) for the version 3 of FreeRADIUS.

sudo apt-get install software-properties-common python-software-properties


sudo add-apt-repository ppa:freeradius/stable-3.0
#Answer yes to include the PPA with it's keys
#Update all the reposiories
sudo apt-get update

Install the following FreeRADIUS packages.

sudo apt-get install freeradius freeradius-mysql


#Answer yes to install thse with their dependencies
#Please note that when this package is installed there is some things
generated that can take up lots of time on slower machines.

Enable and start freeradius

sudo systemctl enable freeradius.service


sudo systemctl start freeradius.service

Please Take Note

The current version of FreeRADIUS available on the repository (3.0.12) has this bug:
http://lists.freeradius.org/pipermail/freeradius-users/2016-October/085317.html
While we wait for the maintainer of the repository to update to the latest stable release
please follow the instructions in this page to Upgrade FreeRADIUS using our own set of
packages.
Once the repository has been updated we will remove this 'detour' instructions

Configuring FreeRADIUS version 3.x

Do the following to configure FreeRADIUS 3.x to work with RADIUSdesk

#Stop the service if it might be running


sudo systemctl stop freeradius.service
#Backup the original
sudo mv /etc/freeradius /etc/freeradius.orig
#Copy the RADIUSdesk specific one
sudo cp /usr/share/nginx/html/cake2/rd_cake/Setup/Radius/freeradius-3-

RADIUSdesk - http://radiusdesk.com/docuwiki/
Last update:
getting_started:install_ubuntu_freeradius_3 http://radiusdesk.com/docuwiki/getting_started/install_ubuntu_freeradius_3
2017/04/06 09:46

radiusdesk.tar.gz /etc/
cd /etc
#Extract it
sudo tar -xzvf freeradius-3-radiusdesk.tar.gz

Configure the site wide shared secret. This will be the value used by ALL Dynamic Clients.

sudo vi /etc/freeradius/sites-enabled/dynamic-clients

Look for this part in the file and change FreeRADIUS-Client-Secret to the value you choose to
use.

# Echo the IP address of the client.


FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}"

# require_message_authenticator
FreeRADIUS-Client-Require-MA = no

# secret
FreeRADIUS-Client-Secret = "testing123"

# shortname
FreeRADIUS-Client-Shortname = "%{Packet-Src-IP-Address}"

Comment out the following two lines in the systemd service file

sudo vi /lib/systemd/system/freeradius.service

See this sample to see which two lines to comment out. Failing to do this will result in a broken
system with FreeRADIUS not starting up during boot

[Unit]
Description=FreeRADIUS multi-protocol policy server
After=syslog.target network.target
Documentation=man:radiusd(8) man:radiusd.conf(5) http://wiki.freeradius.org/
http://networkradius.com/doc/

[Service]
Type=forking
PIDFile=/run/freeradius/freeradius.pid
#EnvironmentFile=-/etc/default/freeradius
#ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cxm -lstdout
ExecStart=/usr/sbin/freeradius $FREERADIUS_OPTIONS
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

After you completed these commands you can test if FreeRADIUS starts up fine.

sudo systemctl daemon-reload

http://radiusdesk.com/docuwiki/ Printed on 2017/05/16 06:55


2017/05/16 06:55 3/5 Installing FreeRADIUS version 3.x

sudo systemctl restart freeradius.service


sudo systemctl status freeradius.service

If in future you need to run FreeRADIUS in debug mode on the terminal use this as a
reference:

#Stop the current FreeRADIUS instance


sudo systemctl stop freeradius.service
#If it is perhaps stuck use killall
sudo killall freeradius
#Start it in debug mode
sudo freeradius -X

Add script to sudoers file

Failing to do this step will leave the advanced features of RADIUSdesk broken.

To create the ability for the web server to exercise some control over FreeRADIUS, we will have
a custom script which is added to the sudoers file.
The correct way to edit the sudoers file is by using:

sudo visudo

Add the following at the bottom

# Members of the admin group may gain root privileges


%admin ALL=(ALL) ALL www-data ALL =
NOPASSWD:/usr/share/nginx/html/cake2/rd_cake/Setup/Scripts/radmin_wrapper.pl

Confirm that this line is now inside the /etc/sudoers file

sudo cat /etc/sudoers

This will allow the root user in RADIUSdesk to start and stop FreeRADIUS and also to do on-the-
fly activation of debug traces.

Configure MESHdesk and APdesk

If you will be using MESHdesk or APdesk this section is for you and will make life easier for
you.
We need to configure default settings for the Coova Chilli Captive Portal which are used in both

RADIUSdesk - http://radiusdesk.com/docuwiki/
Last update:
getting_started:install_ubuntu_freeradius_3 http://radiusdesk.com/docuwiki/getting_started/install_ubuntu_freeradius_3
2017/04/06 09:46

MESHdesk and APdesk.


Please get the following information ready.
The IP Address which the server can be reached through. This will typically be a public IP
Address but it can also be a private IP Address if you run RADIUSdesk on a private
network.
The FQDN for the server if you registered in on a DNS service.
The site wide FreeRADIUS shared secret used by the Dynamic RADIUS Clients. This was
done earlier in this page when you configured the Dynamic Clients.
There are two files which you need to edit to reflect your installations detail.
For MESHdesk:

sudo vi /usr/share/nginx/html/cake2/rd_cake/Config/MESHdesk.php

Look for this bit and change accordingly:

//_______________________________________________
//== Pre-set values for the Captive Portals
$config['Meshes']['captive_portal']['radius_1'] = '198.27.111.78';
// This will be the public IP Address of the FreeRADIUS / RADIUSdesk
//$config['ApProfiles']['captive_portal']['radius_2'] =
'198.27.111.78'; //Optional second fallback RADIUS
$config['Meshes']['captive_portal']['radius_secret'] = 'testing123';
//Change this to the common site wide secret used by Dynamic RADIUS Clients
//Use DNS name in uam_url to looks more professional / or IP Address
$config['Meshes']['captive_portal']['uam_url'] =
'http://198.27.111.78/cake2/rd_cake/dynamic_details/chilli_browser_detect/';
$config['Meshes']['captive_portal']['uam_secret'] = 'greatsecret';
//Usually you will not change this value

//$config['ApProfiles']['captive_portal']['walled_garden'] =
"www.radiusdesk.com,www.google.com"; //Optional
$config['Meshes']['captive_portal']['swap_octet'] = true;
$config['Meshes']['captive_portal']['mac_auth'] = true;
//$config['Meshes']['captive_portal']['coova_optional'] =
"ssid=radiusdesk";

For APdesk

sudo vi /usr/share/nginx/html/cake2/rd_cake/Config/ApProfiles.php

Look for this bit and change accordingly:

//_______________________________________________
//== Pre-set values for the Captive Portals
$config['ApProfiles']['captive_portal']['radius_1'] =
'198.27.111.78'; // This will be the public IP Address of the FreeRADIUS /
RADIUSdesk
//$config['ApProfiles']['captive_portal']['radius_2'] =
'198.27.111.78'; //Optional second fallback RADIUS
$config['ApProfiles']['captive_portal']['radius_secret'] = 'testing123';
//Change this to the common site wide secret used by Dynamic RADIUS Clients

http://radiusdesk.com/docuwiki/ Printed on 2017/05/16 06:55


2017/05/16 06:55 5/5 Installing FreeRADIUS version 3.x

//Use DNS name in uam_url to look more professional / or IP Address


$config['ApProfiles']['captive_portal']['uam_url'] =
'http://198.27.111.78/cake2/rd_cake/dynamic_details/chilli_browser_detect/';
$config['ApProfiles']['captive_portal']['uam_secret'] = 'greatsecret';
//Usually you will not change this value

//$config['ApProfiles']['captive_portal']['walled_garden'] =
"www.radiusdesk.com,www.google.com"; //Optional
$config['ApProfiles']['captive_portal']['swap_octet'] = true;
$config['ApProfiles']['captive_portal']['mac_auth'] = true;
//$config['ApProfiles']['captive_portal']['coova_optional'] =
"ssid=radiusdesk";
//__________________________________________________

By defining these items the Add Captive Portal Exit Point windows will be pre-populated for
you, making it a snap to add new Captive Portals to either a mesh or an Access Point profile.

Next steps

Be sure to also install Node.js.


Install node.js

From:
http://radiusdesk.com/docuwiki/ - RADIUSdesk

Permanent link:
http://radiusdesk.com/docuwiki/getting_started/install_ubuntu_freeradius_3

Last update: 2017/04/06 09:46

RADIUSdesk - http://radiusdesk.com/docuwiki/

You might also like