How to Install FreeRADIUS and daloRADIUS on Ubuntu 18.04 LTS

FreeRADIUS is a free and open-source client/server protocol that provides centralized network authentication on systems. It is a high-performance and feature-rich RADIUS server ships with both server and client, development libraries and RADIUS related utilities. RADIUS allows you to maintain user-profiles and track usage for billing from the central server. It provides support for various databases, including, OpenLDAP, MySQL, Redis, Microsoft AD, Apache Cassandra, PostgreSQL, etc.

daloRADIUS is a web-based application for managing RADIUS server. It is an advanced web-based application for managing hotspots and ISP deployments. It is written in PHP and JavaScript and supports MySQL, PostgreSQL, SQLite, MsSQL as a database backend. It comes with a rich set of features such as, Access Control Lists, graphical reporting, billing engine, graphical reporting, and accounting, create, delete and edit users, create, delete and edit HotSpot, Create, delete and edit NAS, and much more.

FreeRADIUS works as the back-end while daloRADIUS works as the front-end.

In this tutorial, I will explain step by step how to install FreeRADIUS server and Daloradius web client on Ubuntu 18.04 LTS.

Requirements

  • A server running Ubuntu 18.04.
  • A root password is set up on your server.

Getting Started

First, update your system's package to the latest version with the following command:

apt-get update -y
apt-get upgrade -y

Once all the packages are updated, restart your system to apply all the configuration changes.

Install LAMP Server

First, you will need to install Apache, MariaDB, PHP and other required packages to your system. You can install all of them with the following command:

apt-get install apache2 mariadb-server php libapache2-mod-php php-mail php-mail-mime php-mysql php-gd php-common php-pear php-db php-mbstring php-xml php-curl unzip wget -y

Once all the packages are installed, you can proceed to the next step.

Configure Database for FreeRADIUS

By default, MariaDB is not secured. So you will need to secure it first. You can secure it with the following command:

mysql_secure_installation

Answer all the questions as shown below:

Enter current password for root (enter for none): Just press the Enter
Set root password? [Y/n]: Y
New password: Enter password
Re-enter new password: Repeat password
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]:  Y
Reload privilege tables now? [Y/n]:  Y

Next, you will need to create a database and user for FreeRADIUS. To do so, log in to MariaDB shell with the following command:

mysql -u root -p

Enter your root password when prompt then create a database and user with the following command:

MariaDB [(none)]> CREATE DATABASE radiusdb;
MariaDB [(none)]> GRANT ALL ON radiusdb.* TO [email protected] IDENTIFIED BY "password";

Next, flush the privileges and exit from the MariaDB shell with the following command:

MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT;

Once you have finished, you can proceed to the next step.

Install FreeRADIUS

By default, FreeRADIUS is available in the Ubuntu 18.04 default repository. You can install it with the following command:

apt-get install freeradius freeradius-mysql freeradius-utils

Once installed, import the freeradius MySQL database schema with the following command:

mysql -u root -p radiusdb < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql

Provide your radius database user password when prompt and hit Enter to import the database schema.

Next, you will need to create a symbolic link for sql module. You can do it with the following command:

ln -s /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-enabled/

Next, log in to MariaDB shell and check the created tables with the following command:

mysql -u root -p

Enter your root password when prompt. Once login, change the database to radiusdb with the following command:

MariaDB [(none)]> use radiusdb;

Next, list the created tables using the following command:

MariaDB [radiusdb]> show tables;

You should see the following output:

+--------------------+
| Tables_in_radiusdb |
+--------------------+
| nas                |
| radacct            |
| radcheck           |
| radgroupcheck      |
| radgroupreply      |
| radpostauth        |
| radreply           |
| radusergroup       |
+--------------------+

Next, exit from the MariaDB shell with the following command:

MariaDB [radiusdb]> EXIT;

Next, you will need to define your database connection details in freeradius SQL module. You can do it by editing /etc/freeradius/3.0/mods-enabled/sql file:

nano /etc/freeradius/3.0/mods-enabled/sql

Make the following changes as per your database:

sql {
driver = "rlm_sql_mysql"
dialect = "mysql"

# Connection info:
server = "localhost"
port = 3306
login = "radius"
password = "password"

# Database table configuration for everything except Oracle
radius_db = "radiusdb"
}

read_clients = yes
client_table = "nas"

Save and close the file, when you are finished. Then, change the ownership of /etc/freeradius/3.0/mods-enabled/sql with the following command:

chgrp -h freerad /etc/freeradius/3.0/mods-available/sql
chown -R freerad:freerad /etc/freeradius/3.0/mods-enabled/sql

Finally, restart freeradius service to apply all the configuration changes:

systemctl restart freeradius

You can also verify the freeradius status with the following command:

systemctl status freeradius

You should see the following output:

? freeradius.service - FreeRADIUS multi-protocol policy server
   Loaded: loaded (/lib/systemd/system/freeradius.service; disabled; vendor preset: enabled)
   Active: active (running) since Wed 2019-08-07 09:20:34 UTC; 14s ago
     Docs: man:radiusd(8)
           man:radiusd.conf(5)
           http://wiki.freeradius.org/
           http://networkradius.com/doc/
  Process: 45159 ExecStart=/usr/sbin/freeradius $FREERADIUS_OPTIONS (code=exited, status=0/SUCCESS)
  Process: 45143 ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cxm -lstdout (code=exited, status=0/SUCCESS)
 Main PID: 45161 (freeradius)
    Tasks: 6 (limit: 4650)
   CGroup: /system.slice/freeradius.service
           ??45161 /usr/sbin/freeradius

Once you have finished, you can proceed to the next step.

Install daloRADIUS

Next, you will need to install daloRADIUS to manage FreeRADIUS from the web browser.

First, download the latest version of daloRADIUS from the Git repository with the following command:

wget https://github.com/lirantal/daloradius/archive/master.zip

Once downloaded, unzip the downloaded file with the following command:

unzip master.zip

Next, move the extracted directory to the Apache web root directory with the following command:

mv daloradius-master /var/www/html/daloradius

Next, import daloRADIUS mysql tables to radiusdb with the following command:

cd /var/www/html/daloradius
mysql -u root -p radiusdb < contrib/db/fr2-mysql-daloradius-and-freeradius.sql
mysql -u root -p radiusdb < contrib/db/mysql-daloradius.sql

Next, give proper permission to the daloradius directory with the following command:

chown -R www-data:www-data /var/www/html/daloradius/
chmod 664 /var/www/html/daloradius/library/daloradius.conf.php

Next, open daloradius.conf.php file and define the database connection details:

nano /var/www/html/daloradius/library/daloradius.conf.php

Make the following changes that match your database:

$configValues['DALORADIUS_VERSION'] = '1.1-1';
$configValues['DALORADIUS_DATE'] = '28 Jul 2019';
$configValues['FREERADIUS_VERSION'] = '2';
$configValues['CONFIG_DB_ENGINE'] = 'mysqli';
$configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_PORT'] = '3306';
$configValues['CONFIG_DB_USER'] = 'radius';
$configValues['CONFIG_DB_PASS'] = 'password';
$configValues['CONFIG_DB_NAME'] = 'radiusdb';

Save and close the file. Then, restart freeradius and apache service with the following command:

systemctl restart freeradius
systemctl restart apache2

You can also check the status of Apache web service with the following command:

systemctl status apache2

You should see the following command:

? apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
  Drop-In: /lib/systemd/system/apache2.service.d
           ??apache2-systemd.conf
   Active: active (running) since Wed 2019-08-07 09:25:56 UTC; 4min 25s ago
  Process: 45483 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
  Process: 45489 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
 Main PID: 45505 (apache2)
    Tasks: 11 (limit: 4650)
   CGroup: /system.slice/apache2.service
           ??45505 /usr/sbin/apache2 -k start
           ??45510 /usr/sbin/apache2 -k start
           ??45511 /usr/sbin/apache2 -k start
           ??45512 /usr/sbin/apache2 -k start
           ??45513 /usr/sbin/apache2 -k start
           ??45517 /usr/sbin/apache2 -k start
           ??45519 /usr/sbin/apache2 -k start
           ??45520 /usr/sbin/apache2 -k start
           ??45521 /usr/sbin/apache2 -k start
           ??45527 /usr/sbin/apache2 -k start
           ??45528 /usr/sbin/apache2 -k start

Aug 07 09:25:55 openshift systemd[1]: Starting The Apache HTTP Server...
Aug 07 09:25:56 openshift systemd[1]: Started The Apache HTTP Server.

Once you have done, you can proceed to the next step.

Access daloRADIUS Web Interface

FreeRADIUS and daloRADIUS are now installed and configured. It's time to access daloRADIUS web interface. To access the web inetrface, open your web browser and type the URL http://your-server-ip/daloradius/login.php. You will be redirected to the daloRADIUS login page:

daloRadius Login

Now, provide default username and password as administrator / radius, and click on the Login button. You should see the daloRADIUS default dashboard in the following page:

daloRadius Dashboard

daloRadius Server Status

Congratulations! you have successfully installed and configured FreeRADIUS and daloRADIUS on your Ubuntu 18.04 server. For more information, you can visit the official documentation at https://github.com/lirantal/daloradius. Feel free to ask me if you have any questions.

Share this page:

Suggested articles

29 Comment(s)

Add comment

Comments

By: jer.bee at: 2019-08-24 05:48:25

Can't get passed here unfortunately: PERMISSION DENIED (sudo doesn't work either, probably related to the DB ownership)

Once installed, import the freeradius MySQL database schema with the following command:

mysql -u root -p radiusdb < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql

By: concept21 at: 2019-08-26 11:03:49

very nice.  Thank You.

By: Norm at: 2019-09-19 15:29:05

I am also stuck at the same location as jer.bee. Is there something missing?

By: norman at: 2019-09-19 20:18:23

I got passed the importing the schema . Now I am stuck at starting the freeradius service. Error is "failed to start freeradius multi-protocol policy server

 

By: Mike at: 2019-10-01 16:16:52

Hi Hitesh,

Thanks for the detailed instructions; my goals were actually to set up:

1. user's authentication via freeradius through LDAP ADC (NPS on Windos 16 is not working right);

2. NAC for machines per MAC addresses.

Is there a quick reference to howto that - in relation to this installation?

Thanks!

By: Leszek at: 2019-10-05 10:13:13

Thanks. It works.

Actually what kind of authentication does this provide ?

By: Leszek at: 2019-10-05 10:17:27

Freeradius and Apache on my server did not autostart. You might want to add:

systemctl enable apache2

systemctl enable freeradius

somewhere at the end of the tutorial.

By: Fausto J. González at: 2019-10-07 15:22:12

Nice Job!

Congratulations an thanks you!

one question: how can say to program "one user, one device only"?

Thanks

By: lee at: 2019-10-20 00:20:15

I followed the steps and everything looks right. but when login from GUI by using administrator/radius, then got this error:

Database connection error Error Message: DB Error: connect failed

any idea?

thanks f

Lee

By: Machkonti at: 2019-10-27 13:03:11

to bypass permissions for db try to copy schema.sql to other locationm change ownership to user privileges and then run mysql import command:

cp /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql ~/

chown -R [user]:[usergrp] schema.sql

mysql -u root -p radiusdb schema.sql

 

However, i have some issues with after config. Everithing going right till i try to login in daloradis panel.

http://[serverip]/daloradius/login.php is working, but when i enter default user and pass [administrator/radius] i recieve http error 500, can't figure it out where is the problem

By: Steve at: 2020-02-17 04:30:59
By: BP at: 2019-11-11 19:19:48

I also had a problem with the step schema import mysql -u root -p radiusdb < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql

I was able to to get schema imported by logging in to mysql and connecting to radiusdb and then running cmd source /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql I have no idea why that worked, or why the < didnt work, but it populated the database properly

By: Robert at: 2019-11-18 12:19:36

Great guide! worked without any trouble.

By: Anish at: 2019-12-12 02:08:39

Getting Error while testing the radius with NTRadping tool

"Ready to process requestsIgnoring request to auth address * port 1812 bound to server default from unknown client 192.168.1.2 port 49234 proto udp"

By: Roshan at: 2019-12-26 05:03:56

Please help me to fix the issue:

 

sudo systemctl status freeradius

? freeradius.service - FreeRADIUS multi-protocol policy server

   Loaded: loaded (/lib/systemd/system/freeradius.service; enabled; vendor preset: enabled)

   Active: activating (auto-restart) (Result: exit-code) since Thu 2019-12-26 10:47:14 +0545; 1s ago

     Docs: man:radiusd(8)

           man:radiusd.conf(5)

           http://wiki.freeradius.org/

           http://networkradius.com/doc/

  Process: 4412 ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cxm -lstdout (code=exited, st

 

??????? 26 10:47:14 Moth3r systemd[1]: Failed to start FreeRADIUS multi-protocol policy server.

lines 1-10/10 (END)

 

By: X at: 2019-12-26 12:09:56

I guess you have a typo here:

mysql -u root -p radiusdb < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql

There should be your DB user, not root.

By: Roshan at: 2019-12-26 16:26:45

Thank You Mr.X

I have fix the issue..

Now the ip address,subnet are not showing on Network Interface ??

 

By: Omar at: 2020-01-11 23:31:49

Hi to all , i follw thi tuto and the instalation no report problem ... th page of daloradius open good but when i try to use with administrator / radius the systen respond "Database connection error

Error Message: DB Error: connect failed" 

 

I check that the database is the same in mariadb Server, freeradoius config and daloradius config what i can do ... where its the posible problems?

By: Abn at: 2020-02-08 16:19:34

Pls help I got error while user test connectivity,

xecuted:echo User-Name='test',User-Password='test' | radclient -c '1' -n '3' -r '3' -t '3' -x '127.0.0.1:1812' 'auth' 'testing123' 2>&1Results:(0) -: Expected Access-Accept got Access-Reject Sent Access-Request Id 209 from 0.0.0.0:52329 to 127.0.0.1:1812 length 44 User-Name = "test" User-Password = "test" Cleartext-Password = "test" Received Access-Reject Id 209 from 127.0.0.1:1812 to 127.0.0.1:52329 length 20

On debug:

Failed binding to auth address * port 1812 bound to server default: Address already in use /etc/freeradius/3.0/sites-enabled/default[59]: Error binding to port for 0.0.0.0 port 1812

Pls help..

 

By: Foster W at: 2020-03-09 19:13:40

Great Guide. It all worked perfectly withour any issues.

I am working on an automated solution to implement mass authentication ,in order to do this, I must give mysql access to a remote host. Basically a remote host should connect to the DC on the FreeRadius server, in order to add users etc.

Normally, you must edit the /etc/my.cnf file and grant DB permissions however, in this case this file does not exists. Any suggestions to get this done?

 

Thanks

By: Hossein at: 2020-03-25 17:22:04

Hi there, after I install successfully without any error, step by step, I got this error when test user

please help me to solve this issue

Executed:echo User-Name='VPN',User-Password='*****' | radclient -c '1' -n '3' -r '3' -t '3' -x '127.0.0.1:1812' 'auth' 'testing123' 2>&1Results:(0) -: Expected Access-Accept got Access-Reject Sent Access-Request Id 178 from 0.0.0.0:60294 to 127.0.0.1:1812 length 43 User-Name = "VPN" User-Password = "*****" Cleartext-Password = "****" Received Access-Reject Id 178 from 127.0.0.1:1812 to 0.0.0.0:0 length 20

normally must work fine without any problem but now Access_Reject

thanks a lot

By: Jorge-Mario at: 2020-04-21 20:18:43

Dear Hitesh.

 

Thanks for this awesome and effective tutorial. Freeradius and Daloradius were successfully instaled, but after to logging on Daloradius web page, I obtain "daloradius db error connect failed".

Please, can yo help me?

Thanks for your attention and help.

Best regards.

By: RajS at: 2020-04-22 11:33:13

Hi,

I am not sure if I have edited the file  /etc/freeradius/3.0/mods-enabled/sql correctly.

Please let me know what should be username and password combination I should use here. When I have followed your instruction, I was getting the following error:

[email protected]:/etc/freeradius/3.0/mods-enabled# systemctl restart freeradius

Job for freeradius.service failed because the control process exited with error code.

See "systemctl status freeradius.service" and "journalctl -xe" for details.

[email protected]:/etc/freeradius/3.0/mods-enabled# systemctl status freeradius.service

? freeradius.service - FreeRADIUS multi-protocol policy server

   Loaded: loaded (/lib/systemd/system/freeradius.service; enabled; vendor preset: enabled)

   Active: activating (auto-restart) (Result: exit-code) since Wed 2020-04-22 11:30:35 UTC; 1s ago

     Docs: man:radiusd(8)

           man:radiusd.conf(5)

           http://wiki.freeradius.org/

           http://networkradius.com/doc/

  Process: 5085 ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cxm -lstdout (code=exited, status=1/FAILURE)

Appreciate if you could help with error message. Many thanks.

RajS

By: Assad at: 2020-05-19 09:19:10

Dear,

Requirement is Mac Address Authenticationhow user/device authenticate without a password.client -- > AP(NAS) -- > Radius Serveri did but cannot get success.

By: Rey at: 2020-06-04 22:57:35

Thanks for this tuto, i work fine, but have a problem in log send this mensage: ERROR: (7) sql: ERROR: rlm_sql_mysql: ERROR 1054 (Unknown column 'acctupdatetime' in 'field list'): 42S22need add in tables of mysql but i no have idea of this xDCan help? Thanks

 

By: Jörg at: 2020-06-28 19:02:49

Hi HItesh,

 

Thank you very much for this tutorial. Can you please let me know how and where to change the password of the administrator accunt for daloRADIUS? I think this is a serious security issue.

 

Thanks and best regards,

 

Jörg

By: Jörg at: 2020-06-28 19:04:26

Found it. Sorry. Please ignore my previous post.

By: Martin Phillpot at: 2020-07-02 08:44:34

I've followed the instructions as well as I can but I've run in to a hitch after making the changes to the /etc/freeradius/3.0/mods-enabled/sql file. When I try to restart the service I get this result.

Jul 02 08:34:42 slgpiradius01 freeradius[35639]: FreeRADIUS Version 3.0.20Jul 02 08:34:42 slgpiradius01 freeradius[35639]: Copyright (C) 1999-2019 The FreeRADIUS server project and contributorsJul 02 08:34:42 slgpiradius01 freeradius[35639]: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR AJul 02 08:34:42 slgpiradius01 freeradius[35639]: PARTICULAR PURPOSEJul 02 08:34:42 slgpiradius01 freeradius[35639]: You may redistribute copies of FreeRADIUS under the terms of theJul 02 08:34:42 slgpiradius01 freeradius[35639]: GNU General Public LicenseJul 02 08:34:42 slgpiradius01 freeradius[35639]: For more information about these matters, see the file named COPYRIGHTJul 02 08:34:42 slgpiradius01 freeradius[35639]: Starting - reading configuration files ...Jul 02 08:34:42 slgpiradius01 freeradius[35639]: Debugger not attachedJul 02 08:34:42 slgpiradius01 freeradius[35639]: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linkedJul 02 08:34:42 slgpiradius01 freeradius[35639]: Creating attribute SQL-GroupJul 02 08:34:42 slgpiradius01 freeradius[35639]: Creating attribute Unix-GroupJul 02 08:34:42 slgpiradius01 freeradius[35639]: rlm_sql_mysql: libmysql version: 8.0.20Jul 02 08:34:42 slgpiradius01 freeradius[35639]: Unable to check file "/etc/ssl/certs/my_ca.crt": No such file or directoryJul 02 08:34:42 slgpiradius01 freeradius[35639]: /etc/freeradius/3.0/mods-enabled/sql[87]: Failed parsing configuration item "ca_file"Jul 02 08:34:42 slgpiradius01 freeradius[35639]: /etc/freeradius/3.0/mods-enabled/sql[27]: Instantiation failed for module "sql"Jul 02 08:34:42 slgpiradius01 systemd[1]: freeradius.service: Control process exited, code=exited, status=1/FAILURE-- Subject: Unit process exited

The service is looking for a certificate file that it can't find. Where do I find this certificate?

By: Ahmad at: 2020-07-16 08:53:12

In the last step after I press Login I get: 

This page isn’t working

127.0.0.1 is currently unable to handle this request.

HTTP ERROR 500