Skip to content

Install FreeRadius on CentOS 7 with DaloRadius for management – Updated

I have recently purchased a load of Ubiquiti UniFi equipment, as part of this i have the UniFi USG which in order to deploy a User VPN requires a RADUIS Server for user authentication. This article will run through how to install and set this up.

I will be using FreeRADIUS as this is the most commonly used, it supports most common authentication protocols.

Disable SELinux:
vi /etc/sysconfig/selinux


First we need to update our CentOS server and install the required applications:

yum install -y epel-release
yum install -y
yum-config-manager --enable remi-php72
yum update -y
yum install -y freeradius freeradius-utils freeradius-mysql nginx mariadb-server mariadb php-cli php-mysqlnd php-devel php-gd php-mcrypt php-mbstring php-xml php-pear php-fpm
pear channel-update
pear install DB
systemctl reboot

We must now enable the FreeRADIUS, MariaDB, PHP-FPM and Nginx services to run at boot:

systemctl enable radiusd
systemctl enable nginx
systemctl enable mariadb
systemctl enable php-fpm
systemctl start mariadb

We need to configure MariaDB:

Set the root password
Remove the Anonymous User
Disable root remote login
Remove Test DBs
Reloar Privileges

Allow local connections only:

vim /etc/my.cnf 

Configure the database to work with freeRADIUS:

mysql -u root -p 
GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radiuspassword";

We need to add Radius and HTTP ports to the firewall:

systemctl start firewalld
firewall-cmd --zone=public --add-service=radius --add-service=http --permanent
firewall-cmd --reload

Now we will run Radius in debug mode to make sure it runs correctly:

radiusd -X

Import the Radius database scheme:

mysql -u root -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql

Create a soft line for SQL:

ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/

configure the SQL module and change the database connection, edit the existing file, find the text below and make sure it matches:

vi /etc/raddb/mods-available/sql
sql {
  driver = "rlm_sql_mysql"
  dialect = "mysql"

  # Connection info:
  server = "localhost"
  port = 3306
  login = "radius"
  password = "radiuspassword"

  # Database table configuration for everything except Oracle
  radius_db = "radius"

# Set to ‘yes’ to read radius clients from the database (‘nas’ table)
# Clients will ONLY be read on server startup.
read_clients = yes

# Table to keep radius client info
client_table = “nas”

Change the group for the SQL folder to radiusd:

chgrp -h radiusd /etc/raddb/mods-enabled/sql

Configure PHP (update the below lines in the file):

vi /etc/php-fpm.d/www.conf
listen = /var/run/php-fpm/php-fpm.sock
listen.owner = nobody = nobody
user = nginx
group = nginx

Configure Nginx (add the “location” :

vi /etc/nginx/conf.d/default.conf
server {
    ##other data here

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;

Installing Daloradius:

mv daloradius-master/ daloradius
cd daloradius

Import Daloradius MySQL:

mysql -u root -p radius < contrib/db/fr2-mysql-daloradius-and-freeradius.sql 
mysql -u root -p radius < contrib/db/mysql-daloradius.sql

Move to the httpd directory:

cd ..
mv daloradius /usr/share/nginx/html

change permissions for httpd:

chown -R nginx:nginx /usr/share/nginx/html/daloradius/
chmod 664 /usr/share/nginx/html/daloradius/library/daloradius.conf.php

Modify configuration for MySQL:

vi /usr/share/nginx/html/daloradius/library/daloradius.conf.php

To make sure everything works restart all services:

systemctl restart radiusd
systemctl restart mariadb
systemctl restart php-fpm
systemctl restart nginx

Access the web interface:


Default Login:
User: Administrator
Pass: radius

Published inCentOS


  1. USA USA

    I got 404 Forbidden error when going to the web interface URL. What I had to do is to disable Linux Security feature. Please update this post. Thank you and finally your guide helped me a lot!

    sudo setenforce 0 #disable SELinux

  2. USA USA

    Also when issue “radiusd -X”, i m getting this error. How to correct this? thanks.

    Failed binding to auth address * port 1812 as server default: Address already in use
    /etc/raddb/sites-enabled/default[59]: Error binding to port for port 1812

    • this sounds like you already have something on your server bound to port 1812 netstat -plnt will help you find what is using that port

  3. USA USA

    For the linux security above. To permanently disable it. Do…

    vi /etc/sysconfig/selinux

    • hey thanks for this, it was my assumption that this would be disabled or a rule created. I have added this to the article to clear it up 🙂

  4. Name *KH Name *KH

    Thank you for your help. It works 100 percent!

  5. When I open the daloradius link it downloads the php file.

    What can I do?

  6. I don’t know if anyone is still reading this thread, but I’m getting a 403 Forbidden error when opening

    What could cause this? Is it my /etc/nginx/conf.d/default.conf config? I am pretty bad with linux, could someone show me an example of your config?

  7. Sajad Sajad

    Hi, I’m installed freeradius and daloradius with help from this article, but don’t show online users and connection logs. I see connection attempts,
    Can you help me ?

Leave a Reply

Your email address will not be published. Required fields are marked *