Authentication, Authorization & Accounting With FreeRadius & MySQL Backend & Web Based Management with Daloradius

This tutorial explains how to set up a FreeRadius 2.x server for wifi authentication, authorization and accounting in conjunction with mysql & web based management with Daloradius on CentOS 5.x. Production deployment is also possible with minor tweaking. But as usual I do not guarantee anything & take no responsibilities.

(For basic how-to refer to the doc

And of-course for the faint-hearted this turn-key solution can always be employed. )

The following steps are involved:

1- Building Centos 5.x binary rpms

2- Installing the binary packages

3- Configuring the FR with mysql

4- Setting up web management with Daloradius


Step 1- Building Centos 5.X packages

Get hold of src.rpms from

rpm -Uvh freeradius-2.0.5-1.fc10.src

Note: It is recommended that you carry this building process on a non-production server & move over the final binary rpms over to the produtions server. But it isn't mandatory if you know what you're doing.

cd /usr/src/redhat/RPMS/SPECS
rpmbuild -bb freeradius.spec

Note: You might require some package for these. yum them & rerun the rebuild process. (I got prompted for the following)

    beecrypt-devel, sqlite-devel, unixODBC, unixODBC-devel,
    python-devel, pam-devel, elfutils-libelf-devel,
    elfutils-libelf-devel-static, rpm-devel, elfutils-devel,
    elfutils-devel-static, net-snmp-devel, mysql, cyrus-sasl-devel,
    mysql-devel, openldap-devel, gdbm-devel, libtool-ltdl-devel,
    postgresql, postgresql-devel

After a while (depending on your system specs) you should have rpms built at the following locations (if using x86):

cd /usr/src/redhat/RPMS/i386

Move these to a production server if this is your development workstation.


Step 2- Installing the binary packages

rpm -Uvh freeradius-libs-2.0.5-1.i386.rpm
rpm -Uvh freeradius-2.0.5-1.i386.rpm
rpm -Uvh freeradius-utils-2.0.5-1.i386.rpm
rpm -Uvh freeradius-mysql-2.0.5-1.i386.rpm

After running with the out of the box configuration, validate against a local user.

E.g: run radius in debug mode:

radiusd -X

From another shell run this while the radius -X is running:

radtest abc 123 localhost 1812 testing123

Make sure the user 'abc' with password '123' is set in the /etc/raddb/users file.


Step 3- Configuring the FR with MySQL

Turn on the sql authentication in the radiusd.conf

vi /etc/raddb/radiusd.conf

Search & uncomment this line   $INCLUDE sql.conf 

Save & quit.

Now the MySQL bits (creating the db & its admin user). Do the following from your shell.

mysqladmin -u root password 123456
mysql -u root -p

On the MySQL shell type the following:

GRANT ALL ON radiusdb.* TO [email protected] IDENTIFIED BY "radpass";

Now import the file mysql-dalo-and-fr2x.sql schema into the radiusdb from the following zipped file which also contains daloradius.conf file for daloradius which is discussed later in the web management section.

Download sql_schema & daloradius.conf zipped

mysql -u root -p radiusdb < /root/mysql-dalo-fr2x.sql

To have a look  at the db schema do the following:

mysql -u root -p
use database radiusdb;
show tables;

Now edit your /etc/raddb/sql.conf.

Reset the user/password/database parameters to reflect the changes (eg. login = radius, password=radpass & radius_db=radiusdb); to turn the NAS management from MySQL, search for the line

readclients = no

and change it to:

readclients = yes

Edit the file /etc/raddb/sites-enabled/default and add a line saying 'sql' to the authorize{} section (which is towards the end of the file). Also add a line saying 'sql' to the accounting{} section to tell FreeRadius to store accounting records in SQL as well. Optionally add 'sql' to the session{} section if you want to do Simultaneous-Use detection. Optionally add 'sql' to the post-auth{} section if you want to log all authentication attempts to SQL.

Here is the authorize section:

authorize {

And the accounting section:

accounting {

To insert a test user in the database, go to the MySQL shell and run this:

mysql -u root -p
mysql> use database radiusdb;
mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('sqltest', 'Password', 'testpwd');
mysql> select * from radcheck where UserName='sqltest';
mysql> exit

Fire up radius in debug mode:

radiusd -X

Go to another shell and run the test:

radtest sqltest testpwd localhost 1812 testing123

At this moment you should see a message containing something like ... Accept-Accept ... which is an indication that your user is getting authenticated just fine.

Congratulations! Your FreeRadius + MySQL setup is working.


4- Setting up web management with Daloradius

The latest stable release is version 0.9-7.

Get hold of the it from

tar -zxvf daloradius-0.9-7.tar.gz

Download the following prerequisite packages:

yum install install httpd -y
yum install php php-mysql php-pear php-gd php-pear-DB -y
cp daloradius-0.9-7/ /var/www -vr

Change ownership:

chown apache:apache /var/www/daloradius-0.9-7 -R

A few tables that are needed by Daloradius, have already been created earlier.

Copy over the already unzippedfile daloradius.conf from the downloaded zipped file.

cp /root/daloradius.conf /var/www/daloradius-0.9-7/library/

Note: This file daloradius.conf has been modified for freeradius 2.x which, as of yet, is not being packaged by daloradius.

Now, simply adjust the MySQL database information in the DaloRadius config file.

vi /var/www/daloradius-0.9-7/library/daloradius.conf

Fill in the database details, few important parameters are listed below:

       CONFIG_DB_ENGINE = mysql
       CONFIG_DB_USER = radius
       CONFIG_DB_PASS = radpass
       CONFIG_DB_NAME = radiusdb

Change ownership & permission:

chown apache.apache /var/ww/daloradius-0.9-7/library/daloradius.conf
chmod 644 /var/www/daloradius-0.9-7/library/daloradius.conf
touch /tmp/daloradius.log
chown apache.apache /tmp/daloradius.log

Set up the apache server.

Edit the /etc/httpd/conf/httpd.conf file and append this to the end of the file (customize to your likings):

Alias /myradius "/var/www/daloradius-0.9-7/"
<Directory /var/www/daloradius-0.9-7/>
      Options None
      order deny,allow
      deny from all
      allow from
      allow from <my management system's ip which has a web-browser>

Save and exit.

Restart the httpd server:

/etc/init.d/httpd restart

Fire up Firefox (or any other borowser) and go to the URL http://<localhost or the managemet system's ip>/myradius.

Log in with the administrator for management:

    username: administrator
    password: radius

Change this information first for the sake of security (info is located in the operator table).

Take Daloradius for a spin. You should have created an sqltest user earlier. You can also try adding new users and testing the connectivity from within the Daloradius frontend.

Congratulations you are done.

Again developers of  FreeRadius, MySQL and Daloradius, do accept my humble appreciation for all your efforts. Open source community, as always you rock, thanx.

(Note: I haven't mentioned anything regarding setting up eap/ttls in this article. For that, just follow the section of setting up certificates and eap.conf from the below mentioned HowtoForge link.)



Share this page:

Suggested articles

38 Comment(s)

Add comment



Yes I admit the term "newbie" was a little overboard. I suppose it should be "a novice" cuz this one was based on ubuntu 8.X LTS which does console based installation, which supposedly is not newbie friendly.

Anyway use this site to search for packages if u find cli to be intimidating.

I fixed few things as well e.g freeradius -X (In rpm based distros it was radiusd -X. so yes mybad)

Let me know if get it working.


By: Mad Dawg

First of thanks to the author for this great tutorial

while it does indeed work there were a couple of caveots

mainly that their is now a daloradius-0.9-8 which

 I changes some things ie database scheme

while I was still able to get this all working on a test machine at home trying

to impliment this on our dedicated server (which runs plesk and has some other vhosts) failed miserably

anychance the author would update this guide and have an optional section on how to impliment this on a server that hosts other domains


Much Thanks



By: MrShifty

The how-to seems to work OK with daloRadius 0.98 provided that you edit the "library/daloradius.conf.php" file by hand to include the changes from the author's "daloradius.conf" file. In particular, I found that this line needed to be edited:

 $configValues['CONFIG_DB_TBL_RADUSERGROUP'] = 'usergroup';

 changed to

 $configValues['CONFIG_DB_TBL_RADUSERGROUP'] = 'radusergroup';

 This also fixes a problem experience by one of the previous commentators. 

 There are some other problems with the database schema when using the steps in this tutorial with daloRADIUS 0.98 (and I suspect also with the version of FreeRadius I'm using). I'll try to post a follow-up comment when I find all of them!

By: Anonymous

Congratulation, this one solved my issue ! 


By: Barks

i use this app on my phone to manage users. Works really well.

By: akme

your freeradius is running in normal mode of operation. first run it in safe mode. in debian smth like this

/etc/init.d/freeradius stop

and then

freeradius -X

By: Anonymous

I went through this process step by step. When ran the build command (rpmbuild -bb freeradius.spec)  we got 12 rpms. Installed the 4 rpms per the instructions, but instructions don't say anything about the other 8 rpms that were created.

Ealier comment was correct that the mysql command to use the radiusd database should be "use radiusdb;" and not "use database radiusdb;"

Successfuly added a test user to users file and received accepted response from radtest  against users file when running radiusd -X.

Did NOT receive accepted response when running radtest for a user in the mysql database.

It doesn't give enough detailed changes to configure the sql.conf file.

Because could not get user in mysql database to authenticate anything after this is a waste of time because the daloradius will not work either.

This was done on CentOS 5.3


It does work.

let me know what version of daloradius are u using. make sure u adhere to the versions of the software being used in this tutorial.

Donot jump to conclusions

Cheer up




Nice, writing my comment took too long, now I may do it again...

 Sorry, but I got a few things to say. I'm sure it took some effort to find all this out and write it down, but somehow I doubt that the author has ever done this on Hardy, there are simply too many bugs in this howto, and following the instructions would never lead to a running system.

 I can't remember all my modifications, so good luck to everyone trying this, but some hints anyway:

- Packages

  - more need to be installed, specifically build-essential, fakeroot, mysql-client-5.0, mysql-server.

  - libmysqlclient-dev has no installation candidate.

  - Instead of "apt-get install php php-mysql php-pear php-gd php-pear-DB" it should be "apt-get install php5 php5-mysql php-pear php5-gd php5-db".


  - Instead of "use database radius" it should be "use radius".

- Freeradius

  - The program should be started with "freeradius -X".

  - In /etc/freeradius/users, comment out the line  "DEFAULT        Auth-Type = System" and the following one if you do not plan to go mad.

- misc

  - When copying daloradius to /var/www. omit the trailing slash! It should be "cp -R daloradius-0.9-7 /var/www".

  - Somehow I feel that lighty should do just fine instead of heavyweight Apache...

As I said before, there may be more and I am not yet done with the setup. Most howtos here are quite good, so I'm surprised one that never worked got through...

By: admin

The tutorial was written for CentOS 5.x, so I'm sure that's the problem why it doesn't work on Ubuntu 8.04.

By: Osman

hmm. a hasty comment. giving bad press to this article. anyway try this link for setting this thing up on ubuntu.

Note: This one deals with freeradius 2.x & the one with ubuntu deals with freeradius 1.7

Good luck with that.


Yes, sorry. When I had to write the comment a second time I ended up at the wrong tutorial. However, the comments do apply to the Hardy one, which surely will not work for a newbie, as claimed in the intro:

By: SaliproPham

Thanks for this this, it helped so much...


Try submitting that command "radtest..." from the local host i.e from another shell.

And yeah also try flushing the iptables 



By: Eliezer

   I followed all the instructions step by step, and my freeradius does not work.... it gives me a reject message which means the server is running but I cannot authenticate any user against the server...

By: Anonymous

I got this error at the end of step three when testing the MySQL and FreeRadius connection.  I found I needed to uncomment the line below from radiusd.conf

#$INCLUDE sql.conf

By: Carlos Quan

I am very glad with this "how to", I follow step by step and with minor changes works most of them.

I have a little problem, when I list users in DaloRadius, I receive that error:

Database error
Error Message: DB Error: no such table
Debug info: SELECT distinct(radcheck.username),radcheck.value,,usergroup.groupname as groupname, radcheck.attribute, userinfo.firstname, userinfo.lastname FROM radcheck LEFT JOIN userinfo ON radcheck.username=userinfo.username LEFT JOIN usergroup ON radcheck.username=usergroup.username WHERE (Attribute LIKE '%-Password') OR (Attribute='Auth-Type') GROUP BY UserName [nativecode=1146 ** Table 'radiusdb.usergroup' doesn't exist]

Looks like the query select the table "radcheck"

Can you help me?




Hey there,

I am glad that ur glad with this tutorial.

Regarding ur issue.  Did u downloaded & installed the modified DB schema ? It is critical to all the functioning.

I don´t quite recall all of the stuff but that (using that schema) should fix things nicely.

Furthermore u could debug this thing better in the sql shell. Re-run the query in dummy/expected inputs. That should clear up any issues. Again I feel its the freeradius 1.7.X  --> FR 2.X schema issues that must be coughing up errors.

If there is any modification required do let me know.




By: Anonymous

It is a very good tutorial......I configured Freeradius + Mysql & getting Accept-Accept responce from radius for test user. I also have configured Daloradius-0.9.8 as mentioned but when I am trying to access it via Web interface with Username "Administrator" & passwrod "radius" it gives following error:-

Database connection error
Error Message
: DB Error: connect failed
Debug: [nativecode=Access denied for user 'radius'@'localhost.localdomain' (using password: YES)] ** mysql://radius:[email protected]/radiusdb

Can you ple help me on this?


By: Allen

Evey time I try to login to daloradius it says:

Database connection error

Error message: DB error: not found

Debug: unable to include the DB/.php file for ':radius:[email protected]/radiusdb

I got access accepted packets  on the sql test so I know that part is functioning correctly. Can anyone help with this? Thank you all for your valuable time.


Head into this file (daloradius/library/daloradius.conf) to check for the mismatched username/password info that ur providing.

Furthermore make sure privileges have been correctly set in the mysql for fr/dalo db.




By: Saul

There is no mismatch, the point is that DB.php which is called on line 72 does not exist in the /library directory.

 It was not part of the tar distribution.

 Where can we find that file?

    include_once ('DB.php');

        $dbSocket = DB::connect($dbConnectString);

        if (DB::isError ($dbSocket))

                die ("<b>Database connection error</b><br/>

                        <b>Error Message</b>: " . $dbSocket->getMessage () . "<br/>" .

                        "<b>Debug</b>: " . $dbSocket->getDebugInfo() . "<br/>");

This drops the next error on /var/www/httpd

[Mon Feb 08 21:21:29 2010] [error] [client] PHP Warning:  include_once(DB.php) [<a href='function.include-once'>function.include-once</a>]: failed to open stream: No such file or directory in /var/www/html/billing/library/opendb.php on line 72, referer:
[Mon Feb 08 21:21:29 2010] [error] [client] PHP Warning:  include_once() [<a href='function.include'>function.include</a>]: Failed opening 'DB.php' for inclusion (include_path='.:/usr/share/pear:/usr/share/php') in /var/www/html/billing/library/opendb.php on line 72, referer:
[Mon Feb 08 21:21:29 2010] [error] [client] PHP Fatal error:  Class 'DB' not found in /var/www/html/billing/library/opendb.php on line 74, referer:



By: deebo

you should install php-db

sudo apt-get install  php-pear php5-gd php5-db

By: Chatchai

You have to set value in daloradius.conf.php instead of daloradius.conf.

The author did not mention this.

By: Anonymous

I went through the install compiling from source and everything went smoothly until now where am trying to login to daloradius

 getting this error in the browser after pressing login


Database connection error
Error Message: DB Error: connect failed
Debug: [nativecode=Can't connect to MySQL server on '' (13)] ** mysql://radius:[email protected]/radiusdb

 its not a problem with the username and password, i tested that from the mysql prompt. 

By: Anonymous

ok i fixed my problem. i found a script to test the connection to mysql from php and releazed that the connection only works when i use localhost instead of so i edited the config_db_host in /var/www/daloradius-0.9-8//library/daloradius.conf.php to read "localhost"


seems am gonna have some problems cause i'm trying to add a user and got an error unknow field 'address'

By: Anonymous

it appears a sql schema file is needed for daloradius 0.9-8. does anyone have that can post it please...

By: Anonymous


i 'm using daloradius-0.9-8 with freeradius and mysql; i have a problem when testing mysql and freeradius , here is below what i have :

 1- i etered this :radtest sqltest testpwd localhost 1812 testing123

 2- and here isthe result :

 Sending Access-Request of id 29 to port 1812
        User-Name = "sqltest"
        User-Password = "testpwd"
        NAS-IP-Address =
        NAS-Port = 1812
rad_recv: Access-Reject packet from host, id=29, length=20


and on freeradius debug i have this :

radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM radreply           WHERE Username = 'sqltest'           ORDER BY id'
radius_xlat:  'SELECT,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = 'sqltest' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY'
rlm_sql (sql): Released sql socket id: 2
  modcall[authorize]: module "sql" returns ok for request 1
modcall: leaving group authorize (returns ok) for request 1
  rad_check_password:  Found Auth-Type System
auth: type "System"
  ERROR: Unknown value specified for Auth-Type.  Cannot perform requested action.
auth: Failed to validate the user.
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 29 to port 45799
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 29 with timestamp 4bfd21de
Nothing to do.  Sleeping until we see a request.

please can anyone help me!

thanks for this tutorial! 



By: naresh

Wow great job, Every thing working fine accept logs and  last connection attempts in dalo radius help me,Thanks

By: bugs

This is a good reference but a bit out of date. Be good if you can change it to reflect updates in daloradius & freeradius2.

For those needing to get this going before changes are made:

Freeradius 2 is now released via RPM for redhat/centos so instead of steps 1 & 2, do :

yum search freeradius2

install as a minimum :

yum install freeradius2
yum install freeradius2-tools

(I didn't have any dependancies that needed installing but you might, so choose Y if asked)

Use the first page here to complete the install & comfirm that basic radius works from text user config file.

For Step 3 just use the latest version of daloradius as it has been updated & is ready for freeradius2. So you really need to do the start of Step 4 down to the point where you copy over the conf file (don't do this).

Note that for Step 4 I set up my apache ONLY for daloradius, so copied the daloradius stuff into /var/www/html, then set up http for ssl only, removed all the doc stuff from /etc/httpd/conf.d, etc. This is up to you obviously but if you're using apache for daloradius only you might as well...

Now do Step 3 but use the daloradius schema from

{whereever you put it}/contrib/db/fr2-mysql-daloradius-and-freeradius.sql

Back to Step 4, like I said, don't copy the conf file from here (it won't help anyway as the config has been move to a PHP syntax file).

You DO have to edit the php file, though so edit {whereever you put it}/library/daloradius.conf.php  and change the fields as per instructions here. The fields now have the syntax $configValues['CONFIG_DB_USER'] = 'radius';  but the values you need to change are the same.

And like I said above, my apache is for daloradius only so I just changed the main details in the apache config file rather than setting up an alias.

All good.

By: Anonymous

thanks man great post. did the configuration and everything OK.


By: Luke

I followed these instructions and when i tried to login to daloradius i get:

Database connection error Error Message: DB Error: connect failed

Any ideas where i have gone wrong? The only thing i did different is change the 0.9.

By: shikhar joshi

the password must should Be same on Both mysql root user and daloradius-sql.conf file. edit the sql.conf file dB_user field is normally Blank so input there mysql root user. then u will Be fix this error.

By: Sajjad Haider Abbasi

It is a really great post. It is very simple and easy to configure. I was getting an error, it was unable to find table operator_acl and I imported the schema/data from   mysql-daloradius.sql, which came with the Daloradius and my error was removed. 

Thanks for the posting this article.



By: José Carlos

This is a great great post.


keep it up !

By: Anonymous


Great post . But would you please give me a solution or link that how to authenticate with xampp server (php mysql).

Thanks at all.

By: Anonymous

Great tutorial but this doesn't seem to be on CentOS like you said. On CentOS, the http directory is located at /var/www/html  not /var/www

By: nevil

He sets up an alias for the directory at the end with: Alias /myradius "/var/www/daloradius-0.9-7/"