Install FreeRadius and Daloradius on CentOS 7 - NETSEC

Latest

NETSEC

Learning, Sharing, Creating

Cybersecurity Memo

Sunday, April 26, 2020

Install FreeRadius and Daloradius on CentOS 7

FreeRADIUS is an open source RADIUS server commonly used on Linux, Unix and embedded systems. daloRADIUS is a web-based RADIUS management tool written in PHP. It was created to ease the management and administration of RADIUS server and hotspots devices (NAS). It comes with a powerful graphical reporting and accounting, billing and advanced user management features.
This post will show the steps how to install FreeRADIUS and Daloradius on CentOS 7 Linux with minimum installation.

Install CentOS and Configure Nework

1. Minimum installation CentOS

2. System Update
yum -y update
reboot

3. Change Network Interface Eth0 IP
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
[root@localhost ~]# systemctl restart network
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:15:5d:cc:01:07 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.12/24 brd 192.168.2.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::215:5dff:fecc:107/64 scope link noprefixroute
       valid_lft forever preferred_lft forever


Create or Modify a file named /etc/sysconfig/network-scripts/ifcfg-eth0 as follows:
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
PREFIX=24
IPADDR=192.168.2.12
GATEWAY=192.168.2.1
DNS1=192.168.2.1

Or use "nmtui"  to configure eth0 interface with IP, gateway and DNS.

Install httpd server and Development Tools

yum -y groupinstall "Development Tools"
yum -y install httpd httpd-devel
Start and enable httpd server
systemctl enable --now httpd
systemctl status httpd

Installing and Configuring MariaDB

  • Add MariaDB official repo content to CentOS 7 system
sudo tee /etc/yum.repos.d/MariaDB.repo<<EOF 
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.4/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
EOF
  • Install MariaDB to configure Database server
sudo yum -y install MariaDB-server MariaDB-client
You’ll be prompted to install MariaDB GPG Signing key. Just press y to allow installation.
  • Start and enable MariaDB to run on boot
sudo systemctl start --now mariadb
Check if running and if enabled
systemctl status mariadb


Configure initial MariaDB settings to secure it. Here you’ll set root password and answer y to all security questions.
[root@freeradius ~]$ sudo mysql_secure_installation
Configure Database for freeradius
$ mysql -u root -p

CREATE DATABASE radius;
GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "Cyberark1";
FLUSH PRIVILEGES;
\q






    Installing and Configuring Php7


    Add EPEL and Remi repositories then install PHP and other extensions required for running Daloradius on CentOS 7.
    sudo yum -y install epel-release
sudo yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
sudo yum -y install yum-utils
sudo yum-config-manager --disable remi-php54
sudo yum-config-manager --enable remi-php72
sudo yum -y install php php-{cli,curl,mysqlnd,devel,gd,pear,mcrypt,mbstring,xml,pear}
    Check PHP version to confirm
    $ php -v
PHP 7.2.23 (cli) (built: Sep 25 2019 07:38:48) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies


    Installing FreeRadius

    sudo yum -y install freeradius freeradius-utils freeradius-mysql
    You have to start and enable freeradius to start at boot up.
    sudo systemctl enable --now radiusd.service
    Now you can check the status:
    $ systemctl status radiusd.service




    If you have Firewalld service running, allow radius and http traffic in and out. Radius server uses udp ports 1812 and 1813. This can be confirmed by viewing the contents of the file /usr/lib/firewalld/services/radius.xml
    sudo firewall-cmd --add-service={http,https,radius} --permanent
    Reload firewalld for changes to take effect
    sudo firewall-cmd --reload
    Test radius server by running it in debug mode with option -X
    $ sudo ss -tunlp | grep radiusd




    Configuring FreeRadius

    Import the Radius database scheme to populate radius database
    sudo su -
mysql -u root -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql

    First you have to create a soft link for SQL under /etc/raddb/mods-enabled
    sudo ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/
    Configure SQL module /raddb/mods-available/sql and change the database connection parameters to suite your environment:
    sudo vi /etc/raddb/mods-available/sql
    • sql section should look similar to below.
    sql {
driver = "rlm_sql_mysql"
dialect = "mysql"

# Connection info:

server = "localhost"
port = 3306
login = "radius"
password = "Cyberark1"

# Database table configuration for everything except Oracle

radius_db = "radius"
}

# Set to ‘yes’ to read radius clients from the database (‘nas’ table)
# Clients will ONLY be read on server startup.
read_clients = yes

# Table to keep radius client info
client_table = "nas"
    Then change group right of /etc/raddb/mods-enabled/sql to radiusd:
    sudo chgrp -h radiusd /etc/raddb/mods-enabled/sql





    Install and Configure Daloradius

    You can use Daloradius to manage radius server. This is optional and should not be done before install FreeRADIUS.
    Download daloradius release archive from Github.
    sudo yum -y install wget
wget https://github.com/lirantal/daloradius/archive/master.zip
unzip master.zip
mv daloradius-master/ daloradius
    Change directory for configuration
    cd daloradius
    Import Daloradius mysql tables
    mysql -u root -p radius < contrib/db/fr2-mysql-daloradius-and-freeradius.sql 
mysql -u root -p radius < contrib/db/mysql-daloradius.sql
    Move daloradius folder to path in /var/www/html
    cd ..
sudo mv daloradius /var/www/html/
    Then change permissions for http folder and set the right permissions for daloradius configuration file.
    sudo chown -R apache:apache /var/www/html/daloradius/
sudo chmod 664 /var/www/html/daloradius/library/daloradius.conf.php
    You should now modify daloradius.conf.php file to adjust the MySQL database information .
    sudo vi /var/www/html/daloradius/library/daloradius.conf.php
    Set database name, user and password for connection.
    $configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_PORT'] = '3306';
$configValues['CONFIG_DB_USER'] = 'radius';
$configValues['CONFIG_DB_PASS'] = 'Cyberark1';
$configValues['CONFIG_DB_NAME'] = 'radius';
    To be sure everything works, restart radiusd and httpd services.
    sudo systemctl restart radiusd.service httpd
systemctl status radiusd.service httpd


    There should be no error is service status output:
    Finally run the commands:
    sudo pear install DB
sudo pear install MDB2
    Up to this point, we’ve covered complete installation and configuration of daloradius and freeradius, to access daloradius, open the link using your IP address:
    http://ip-address/daloradius/login.php



    The default login details are:
    Username: administrator
Password: radius
    This is how daloRADIUS interface looks like.
















    Read more

    Subscribe via email

    Author Image

    About Netsec
    Netsec - Learning, Sharing, Creating!

    -
    Tags:

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)