How to Install and Configure FreeRADIUS in Linux

Elevating network security and access control on Linux servers at IOFLOOD essential, which lead us to delve into the installation and configuration of FreeRADIUS. To empower our customers with the ability to establish secure and scalable network access control service on their dedicated hosting service, we’ve compiled today’s article with our expertise and prior experience.

In this tutorial, we will guide you on how to install and configure FreeRADIUS on your Linux system. We will show you methods for both APT and YUM-based distributions, delve into compiling FreeRADIUS from source, installing a specific version, and finally, how to use the FreeRADIUS command and ensure it’s installed correctly.

So, let’s dive in and begin installing FreeRADIUS on your Linux system!

TL;DR: How Do I Install and Configure FreeRADIUS on Linux?

To install FreeRADIUS on Debian-based systems like Ubuntu, run sudo apt-get install freeradius. For RPM-based systems like CentOS, use sudo yum install freeradius. After installation, configure FreeRADIUS by editing the configuration files located at /etc/freeradius/ and start the FreeRADIUS service using sudo systemctl start freeradius.

Here’s a quick example:

sudo apt-get install freeradius

For RPM-based distributions like CentOS, use the command:

sudo yum install freeradius

Configuration involves editing the ‘radiusd.conf’ and other configuration files. For instance, to enable logging, you might edit the ‘radiusd.conf’ file like this:

nano /etc/raddb/radiusd.conf

Then, find the line that starts with ‘log {‘ and change ‘stripped-names = no’ to ‘stripped-names = yes’.

# Output:
# log {
#    stripped-names = yes
# }

This is a basic way to install and configure FreeRADIUS on Linux, but there’s much more to learn about this process. Continue reading for more detailed information and advanced configuration options.

Unveiling FreeRADIUS

FreeRADIUS is a high-performance and highly configurable RADIUS server designed to allow centralized authentication and authorization for a network. It’s widely used in both small and large networks, serving millions of users daily. With FreeRADIUS, you can manage network access, enforce policies, charge for usage, and much more.

But how do we get this powerful tool up and running on your Linux system? Let’s dive into the installation process.

Installing FreeRADIUS on Debian-Based Distributions

For Debian-based distributions like Ubuntu, the APT package manager is used. To install FreeRADIUS, open a terminal window and type the following command:

sudo apt-get update
sudo apt-get install freeradius

This command first updates your package lists and then installs FreeRADIUS. After running these commands, you should see FreeRADIUS among your installed applications.

Installing FreeRADIUS on RPM-Based Distributions

For RPM-based distributions like CentOS, the YUM package manager is used. The installation process is similar to the one for Debian-based distributions. Open a terminal window and type the following command:

sudo yum update
sudo yum install freeradius

This command updates your package lists and then installs FreeRADIUS. Just like with Debian-based distributions, you should see FreeRADIUS among your installed applications after running these commands.

Verifying the Installation

Regardless of the type of Linux distribution you are using, you can verify the installation of FreeRADIUS by running the following command in a terminal window:

freeradius -v

This command displays the version of FreeRADIUS installed on your system. If FreeRADIUS is installed correctly, you should see output similar to the following:

# Output:
# FreeRADIUS Version 3.0.21, for host x86_64-pc-linux-gnu, built on Jun 15 2021 at 16:42:17

This confirms that FreeRADIUS is installed and ready to be configured for your specific needs.

In the next section, we’ll dive into more complex configurations of FreeRADIUS. Stay tuned!

Installing FreeRADIUS from Source

While package managers make installing FreeRADIUS a breeze, you may want to install it from source code. This method gives you control over the version you install and allows you to customize the build.

To install FreeRADIUS from source, follow these steps:

1. First, download the source code. You can get it from the official FreeRADIUS website or GitHub repository.

wget https://github.com/FreeRADIUS/freeradius-server/archive/refs/tags/release_3_0_21.tar.gz

2. Extract the downloaded file.

tar -xvzf release_3_0_21.tar.gz

3. Navigate into the extracted directory.

cd freeradius-server-release_3_0_21

4. Configure and compile the source code.

./configure
make
sudo make install

After running these commands, FreeRADIUS should be installed on your system.

Installing Other FreeRADIUS Versions

Different versions of FreeRADIUS offer various features and compatibilities. Here’s how to install different versions.

Installing Different Versions from Source

The process is similar to the one described above. The only difference is in the first step, where you specify the version you want to download. Replace ‘release_3_0_21’ with the version you want.

Installing Different Versions Using APT

For Debian-based distributions, you can specify the version during installation using the following syntax:

sudo apt-get install freeradius=version

Replace ‘version’ with the version number you want to install.

Installing Different Versions Using YUM

For RPM-based distributions, you can specify the version during installation using the following syntax:

sudo yum install freeradius-version

Replace ‘version’ with the version number you want to install.

Here’s a summary of the key differences between some of the FreeRADIUS versions:

Basic Usage of FreeRADIUS

Basic Command Usage

To start the FreeRADIUS server, you can use the following command:

freeradius -X

This command starts the FreeRADIUS server in debugging mode, which outputs a lot of information useful for troubleshooting.

Verifying the Installation

You can verify the installation of FreeRADIUS by checking its version:

freeradius -v

This command should output the version of FreeRADIUS that you’ve installed on your system. If the version matches the one you installed, then the installation was successful.

Exploring Alternatives to FreeRADIUS

While FreeRADIUS is a robust and popular choice for a RADIUS server, there are other alternatives worth considering. Two such options are Radiator and Cistron. Let’s delve into these alternatives, their installation, configuration, and how they compare to FreeRADIUS.

Radiator: A Versatile RADIUS Server

Radiator is a highly configurable and flexible RADIUS server that supports a wide range of authentication methods. It’s known for its excellent performance and compatibility with a vast array of systems and devices.

To install Radiator on a Linux system, you can download it from the official website and follow the installation instructions provided. Here’s an example of how to download and extract Radiator:

wget http://www.open.com.au/radiator/radiator-latest.tar.gz
tar -xvzf radiator-latest.tar.gz

You can then follow the instructions in the README file to complete the installation.

Cistron: A Lightweight RADIUS Server

Cistron is a lightweight RADIUS server that’s easy to install and configure. It’s a good choice for smaller networks or systems with limited resources.

You can install Cistron from the source by downloading it from the official website, similar to Radiator. Here’s an example of how to download and extract Cistron:

wget http://www.radius.cistron.nl/cistron-radiusd-latest.tar.gz
tar -xvzf cistron-radiusd-latest.tar.gz

Again, follow the instructions in the README file to complete the installation.

Comparing FreeRADIUS, Radiator, and Cistron

While FreeRADIUS offers a wealth of features and high performance, Radiator shines in its compatibility with various systems and devices. On the other hand, Cistron is a great lightweight option for smaller networks or systems with limited resources. Each of these RADIUS servers has its own strengths and weaknesses, so choose the one that best fits your specific needs.

Troubleshooting FreeRADIUS Installs

While installing FreeRADIUS on Linux, you may encounter a few issues. Let’s discuss some of the common problems and their solutions.

Issue: Missing Dependencies

One common issue is missing dependencies. When you try to install FreeRADIUS, you might encounter error messages indicating that certain packages or libraries are missing. This issue is usually resolved by installing the missing dependencies.

For example, you might see an error message like this:

# Output:
# E: Unable to locate package libssl-dev

To resolve this, you would install the missing package using the following command:

sudo apt-get install libssl-dev

Issue: Configuration File Errors

Another common issue involves errors in the FreeRADIUS configuration files. These files are crucial for the operation of FreeRADIUS, and an error in these files can prevent the server from starting.

For example, if you see an error message like this when you try to start the server:

# Output:
# radiusd: #### /etc/raddb/radiusd.conf[13]: Parse error (check) for entry sql: Unknown directive 'driver'

This error indicates that there’s a problem with the ‘driver’ directive in the ‘sql’ entry in the ‘radiusd.conf’ file. To fix this, you would need to edit the ‘radiusd.conf’ file and correct the error.

nano /etc/raddb/radiusd.conf

Then, find the line with the ‘driver’ directive in the ‘sql’ entry and correct it.

Issue: Permission Errors

Permission errors can also prevent FreeRADIUS from functioning correctly. These errors can occur if the FreeRADIUS server doesn’t have the necessary permissions to access certain files or directories.

For example, if you see an error message like this when you try to start the server:

# Output:
# radiusd: Error: Failed to open pid file /var/run/radiusd/radiusd.pid: Permission denied

This error indicates that the FreeRADIUS server doesn’t have permission to access the ‘radiusd.pid’ file. To fix this, you would need to change the permissions of the file or directory that FreeRADIUS is trying to access.

sudo chown -R freeradius:freeradius /var/run/radiusd/

This command changes the owner of the ‘/var/run/radiusd/’ directory to the ‘freeradius’ user and group, which should resolve the permission error.

Remember, troubleshooting is a key skill in managing any Linux system. Don’t be discouraged by these issues; they’re part of the learning process. Happy troubleshooting!

Unraveling the RADIUS Protocol

The Remote Authentication Dial-In User Service, or RADIUS, is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect and use a network service. But what does this mean, and why is it important?

The Role of RADIUS in Network Management

RADIUS is a client/server protocol that runs in the application layer, using UDP as transport. The RADIUS server is usually a background process running on a UNIX or Microsoft Windows server.

When a user attempts to connect to the network, their credentials are sent to a RADIUS client, which then forwards these credentials to the RADIUS server. The server checks that the information is correct using authentication schemes like PAP, CHAP, or EAP.

# Example of a PAP authentication in FreeRADIUS

# In /etc/raddb/users

# Add the following line
bob Cleartext-Password := "hello"

In this example, we’re adding a user named ‘bob’ with a password ‘hello’ using PAP authentication.

The Importance of RADIUS Servers in Network Security and User Management

RADIUS servers play a crucial role in managing network access and ensuring network security. They maintain user profiles in a central database that all remote servers can share. This provides better scalability and makes it easier to manage network access.

RADIUS servers also provide a way to monitor user activity. They can log a user’s session information for auditing and billing purposes. This includes the user’s identity, the length of each session, the amount of data transmitted during the session, and other details.

# Example of a log entry in FreeRADIUS

# In /var/log/freeradius/radius.log

# You might see entries like this

# Tue Jun 29 12:34:56 2021 : Auth: Login OK: [bob] (from client localhost port 0)

In this log entry, we see that a user named ‘bob’ has successfully authenticated from the localhost.

In conclusion, RADIUS servers, like FreeRADIUS, are essential tools for managing network access and ensuring network security. They provide centralized user authentication, track session information for auditing, and offer a scalable solution for large networks.

Usage Cases of FreeRADIUS

FreeRADIUS isn’t just for small networks or simple use cases. It’s a powerful tool capable of managing larger network infrastructures and integrating with other technologies for enhanced functionality.

FreeRADIUS in Large Network Infrastructures

In large network infrastructures, FreeRADIUS can serve as the central point of authentication, authorization, and accounting. It can manage thousands of users and handle a high volume of authentication requests. This makes FreeRADIUS a scalable solution for businesses and organizations of all sizes.

Exploring LDAP Integration

LDAP, or Lightweight Directory Access Protocol, is a protocol for accessing and maintaining distributed directory information services. Integrating FreeRADIUS with an LDAP server allows FreeRADIUS to authenticate users against the LDAP user database.

Here’s an example of how to configure FreeRADIUS to use LDAP for authentication:

# In /etc/raddb/mods-available/ldap

# Add the following lines

server = "ldap.example.com"
basedn = "dc=example,dc=com"
identity = "cn=admin,dc=example,dc=com"
password = secret

In this example, we’re configuring FreeRADIUS to authenticate against an LDAP server at ‘ldap.example.com’. The ‘basedn’, ‘identity’, and ‘password’ parameters are used to connect to the LDAP server.

Implementing Two-Factor Authentication

Two-factor authentication (2FA) adds an extra layer of security to the authentication process. FreeRADIUS supports 2FA through various methods, including SMS, email, and hardware tokens.

One way to implement 2FA in FreeRADIUS is to use Google Authenticator. This involves configuring FreeRADIUS to use the PAM (Pluggable Authentication Modules) system for authentication and then configuring PAM to use Google Authenticator.

Further Resources for Mastering FreeRADIUS

If you’re interested in learning more about FreeRADIUS, here are some resources that you might find helpful:

• FreeRADIUS Documentation – Official documentation for FreeRADIUS, covering installation, configuration, and advanced features.

• FreeRADIUS Beginner’s Guide – This book provides a comprehensive introduction to FreeRADIUS, covering everything from basic installation and configuration to advanced features.

• FreeRADIUS Beginner HOWTO – A beginner-friendly guide to FreeRADIUS, including installation, basic configuration, and troubleshooting tips.

With these resources and the information provided in this guide, you’re well on your way to becoming a FreeRADIUS expert. Happy learning!

Recap: Installing FreeRADIUS

In this comprehensive guide, we’ve delved into the world of FreeRADIUS, a robust and highly configurable RADIUS server, and explored how to install and configure it on Linux systems.

We started with the basics, walking you through the process of installing FreeRADIUS on different Linux distributions. We then ventured into more advanced territory, discussing how to install FreeRADIUS from source code, how to install different versions, and how to use basic FreeRADIUS commands. We also discussed some common issues you might encounter during the installation and configuration process and provided solutions to help you overcome these challenges.

We didn’t stop at FreeRADIUS. We also introduced you to alternative RADIUS servers, such as Radiator and Cistron, and provided a comparison of these alternatives to help you choose the best option for your needs.

Whether you’re just starting out with FreeRADIUS or you’re looking to deepen your understanding of RADIUS servers, we hope this guide has been a valuable resource. With the knowledge you’ve gained, you’re now well-equipped to manage network authentication, authorization, and accounting using FreeRADIUS or an alternative RADIUS server.

The world of RADIUS servers is vast and complex, but with the right tools and resources, you can navigate it with confidence. Keep exploring, keep learning, and happy networking!