Skip to content

Install FreeRadius on CentOS 7 with DaloRadius for management – Updated

I have recently purchased a load of Ubiquiti UniFi equipment, as part of this i have the UniFi USG which in order to deploy a User VPN requires a RADUIS Server for user authentication. This article will run through how to install and set this up.

I will be using FreeRADIUS as this is the most commonly used, it supports most common authentication protocols.

Disable SELinux:
vi /etc/sysconfig/selinux

SELINUX=disabled

First we need to update our CentOS server and install the required applications:

yum install -y epel-release
yum install -y http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum-config-manager --enable remi-php72
yum update -y
yum install -y freeradius freeradius-utils freeradius-mysql nginx mariadb-server mariadb php-cli php-mysqlnd php-devel php-gd php-mcrypt php-mbstring php-xml php-pear php-fpm
pear channel-update pear.php.net
pear install DB
systemctl reboot

We must now enable the FreeRADIUS, MariaDB, PHP-FPM and Nginx services to run at boot:

systemctl enable radiusd
systemctl enable nginx
systemctl enable mariadb
systemctl enable php-fpm
systemctl start mariadb

We need to configure MariaDB:

mysql_secure_installation
----
Set the root password
Remove the Anonymous User
Disable root remote login
Remove Test DBs
Reloar Privileges
----

Allow local connections only:

vim /etc/my.cnf 
----
 [mysqld]
 bind-address=127.0.0.1
----

Configure the database to work with freeRADIUS:

mysql -u root -p 
----
CREATE DATABASE radius;
GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radiuspassword";
FLUSH PRIVILEGES;
quit
----

We need to add Radius and HTTP ports to the firewall:

systemctl start firewalld
firewall-cmd --zone=public --add-service=radius --add-service=http --permanent
firewall-cmd --reload

Now we will run Radius in debug mode to make sure it runs correctly:

radiusd -X

Import the Radius database scheme:

mysql -u root -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql

Create a soft line for SQL:

ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/

configure the SQL module and change the database connection, edit the existing file, find the text below and make sure it matches:

vi /etc/raddb/mods-available/sql
----
sql {
  driver = "rlm_sql_mysql"
  dialect = "mysql"

  # Connection info:
  server = "localhost"
  port = 3306
  login = "radius"
  password = "radiuspassword"

  # Database table configuration for everything except Oracle
  radius_db = "radius"
}

# Set to ‘yes’ to read radius clients from the database (‘nas’ table)
# Clients will ONLY be read on server startup.
read_clients = yes

# Table to keep radius client info
client_table = “nas”
----

Change the group for the SQL folder to radiusd:

chgrp -h radiusd /etc/raddb/mods-enabled/sql

Configure PHP (update the below lines in the file):

vi /etc/php-fpm.d/www.conf
----------------
listen = /var/run/php-fpm/php-fpm.sock
listen.owner = nobody
listen.group = nobody
user = nginx
group = nginx

Configure Nginx (add the “location” :

vi /etc/nginx/conf.d/default.conf
-------------------
server {
    ##other data here

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

Installing Daloradius:

wget https://github.com/lirantal/daloradius/archive/master.zip
unzip master.zip
mv daloradius-master/ daloradius
cd daloradius

Import Daloradius MySQL:

mysql -u root -p radius < contrib/db/fr2-mysql-daloradius-and-freeradius.sql 
mysql -u root -p radius < contrib/db/mysql-daloradius.sql

Move to the httpd directory:

cd ..
mv daloradius /usr/share/nginx/html

change permissions for httpd:

chown -R nginx:nginx /usr/share/nginx/html/daloradius/
chmod 664 /usr/share/nginx/html/daloradius/library/daloradius.conf.php

Modify configuration for MySQL:

vi /usr/share/nginx/html/daloradius/library/daloradius.conf.php
----
CONFIG_DB_USER
CONFIG_DB_PASS
CONFIG_DB_NAME
----

To make sure everything works restart all services:

systemctl restart radiusd
systemctl restart mariadb
systemctl restart php-fpm
systemctl restart nginx

Access the web interface:

http://FQDN_IP_OF_SERVER/daloradius/login.php

Default Login:
User: Administrator
Pass: radius

Published inCentOS

9 Comments

  1. USA USA

    I got 404 Forbidden error when going to the web interface URL. What I had to do is to disable Linux Security feature. Please update this post. Thank you and finally your guide helped me a lot!

    sudo setenforce 0 #disable SELinux

  2. USA USA

    Also when issue “radiusd -X”, i m getting this error. How to correct this? thanks.

    Failed binding to auth address * port 1812 as server default: Address already in use
    /etc/raddb/sites-enabled/default[59]: Error binding to port for 0.0.0.0 port 1812

    • this sounds like you already have something on your server bound to port 1812 netstat -plnt will help you find what is using that port

  3. USA USA

    For the linux security above. To permanently disable it. Do…

    vi /etc/sysconfig/selinux
    SELINUX=disabled

    • hey thanks for this, it was my assumption that this would be disabled or a rule created. I have added this to the article to clear it up 🙂

  4. Name *KH Name *KH

    Thank you for your help. It works 100 percent!

  5. When I open the daloradius link it downloads the php file.

    What can I do?

  6. I don’t know if anyone is still reading this thread, but I’m getting a 403 Forbidden error when opening http://127.0.0.1/daloradius/login.php.

    What could cause this? Is it my /etc/nginx/conf.d/default.conf config? I am pretty bad with linux, could someone show me an example of your config?

  7. Sajad Sajad

    Hi, I’m installed freeradius and daloradius with help from this article, but don’t show online users and connection logs. I see connection attempts,
    Can you help me ?

Leave a Reply

Your email address will not be published. Required fields are marked *