There is a new version of this tutorial available for Ubuntu 20.04 (Focal Fossa).

How to Install FreeRADIUS and daloRADIUS on Ubuntu 18.04 LTS

FreeRADIUS is a free and open-source client/server protocol that provides centralized network authentication on systems. It is a high-performance and feature-rich RADIUS server ships with both server and client, development libraries and RADIUS related utilities. RADIUS allows you to maintain user-profiles and track usage for billing from the central server. It provides support for various databases, including, OpenLDAP, MySQL, Redis, Microsoft AD, Apache Cassandra, PostgreSQL, etc.

daloRADIUS is a web-based application for managing RADIUS server. It is an advanced web-based application for managing hotspots and ISP deployments. It is written in PHP and JavaScript and supports MySQL, PostgreSQL, SQLite, MsSQL as a database backend. It comes with a rich set of features such as, Access Control Lists, graphical reporting, billing engine, graphical reporting, and accounting, create, delete and edit users, create, delete and edit HotSpot, Create, delete and edit NAS, and much more.

FreeRADIUS works as the back-end while daloRADIUS works as the front-end.

In this tutorial, I will explain step by step how to install FreeRADIUS server and Daloradius web client on Ubuntu 18.04 LTS.

Requirements

  • A server running Ubuntu 18.04.
  • A root password is set up on your server.

Getting Started

First, update your system's package to the latest version with the following command:

apt-get update -y
apt-get upgrade -y

Once all the packages are updated, restart your system to apply all the configuration changes.

Install LAMP Server

First, you will need to install Apache, MariaDB, PHP and other required packages to your system. You can install all of them with the following command:

apt-get install apache2 mariadb-server php libapache2-mod-php php-mail php-mail-mime php-mysql php-gd php-common php-pear php-db php-mbstring php-xml php-curl unzip wget -y

Once all the packages are installed, you can proceed to the next step.

Configure Database for FreeRADIUS

By default, MariaDB is not secured. So you will need to secure it first. You can secure it with the following command:

mysql_secure_installation

Answer all the questions as shown below:

Enter current password for root (enter for none): Just press the Enter
Set root password? [Y/n]: Y
New password: Enter password
Re-enter new password: Repeat password
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]:  Y
Reload privilege tables now? [Y/n]:  Y

Next, you will need to create a database and user for FreeRADIUS. To do so, log in to MariaDB shell with the following command:

mysql -u root -p

Enter your root password when prompt then create a database and user with the following command:

MariaDB [(none)]> CREATE DATABASE radiusdb;
MariaDB [(none)]> GRANT ALL ON radiusdb.* TO [email protected] IDENTIFIED BY "password";

Next, flush the privileges and exit from the MariaDB shell with the following command:

MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT;

Once you have finished, you can proceed to the next step.

Install FreeRADIUS

By default, FreeRADIUS is available in the Ubuntu 18.04 default repository. You can install it with the following command:

apt-get install freeradius freeradius-mysql freeradius-utils

Once installed, import the freeradius MySQL database schema with the following command:

mysql -u root -p radiusdb < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql

Provide your radius database user password when prompt and hit Enter to import the database schema.

Next, you will need to create a symbolic link for sql module. You can do it with the following command:

ln -s /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-enabled/

Next, log in to MariaDB shell and check the created tables with the following command:

mysql -u root -p

Enter your root password when prompt. Once login, change the database to radiusdb with the following command:

MariaDB [(none)]> use radiusdb;

Next, list the created tables using the following command:

MariaDB [radiusdb]> show tables;

You should see the following output:

+--------------------+
| Tables_in_radiusdb |
+--------------------+
| nas                |
| radacct            |
| radcheck           |
| radgroupcheck      |
| radgroupreply      |
| radpostauth        |
| radreply           |
| radusergroup       |
+--------------------+

Next, exit from the MariaDB shell with the following command:

MariaDB [radiusdb]> EXIT;

Next, you will need to define your database connection details in freeradius SQL module. You can do it by editing /etc/freeradius/3.0/mods-enabled/sql file:

nano /etc/freeradius/3.0/mods-enabled/sql

Make the following changes as per your database:

sql {
driver = "rlm_sql_mysql"
dialect = "mysql"

# Connection info:
server = "localhost"
port = 3306
login = "radius"
password = "password"

# Database table configuration for everything except Oracle
radius_db = "radiusdb"
}

read_clients = yes
client_table = "nas"

Save and close the file, when you are finished. Then, change the ownership of /etc/freeradius/3.0/mods-enabled/sql with the following command:

chgrp -h freerad /etc/freeradius/3.0/mods-available/sql
chown -R freerad:freerad /etc/freeradius/3.0/mods-enabled/sql

Finally, restart freeradius service to apply all the configuration changes:

systemctl restart freeradius

You can also verify the freeradius status with the following command:

systemctl status freeradius

You should see the following output:

? freeradius.service - FreeRADIUS multi-protocol policy server
   Loaded: loaded (/lib/systemd/system/freeradius.service; disabled; vendor preset: enabled)
   Active: active (running) since Wed 2019-08-07 09:20:34 UTC; 14s ago
     Docs: man:radiusd(8)
           man:radiusd.conf(5)
           http://wiki.freeradius.org/
           http://networkradius.com/doc/
  Process: 45159 ExecStart=/usr/sbin/freeradius $FREERADIUS_OPTIONS (code=exited, status=0/SUCCESS)
  Process: 45143 ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cxm -lstdout (code=exited, status=0/SUCCESS)
 Main PID: 45161 (freeradius)
    Tasks: 6 (limit: 4650)
   CGroup: /system.slice/freeradius.service
           ??45161 /usr/sbin/freeradius

Once you have finished, you can proceed to the next step.

Install daloRADIUS

Next, you will need to install daloRADIUS to manage FreeRADIUS from the web browser.

First, download the latest version of daloRADIUS from the Git repository with the following command:

wget https://github.com/lirantal/daloradius/archive/master.zip

Once downloaded, unzip the downloaded file with the following command:

unzip master.zip

Next, move the extracted directory to the Apache web root directory with the following command:

mv daloradius-master /var/www/html/daloradius

Next, import daloRADIUS mysql tables to radiusdb with the following command:

cd /var/www/html/daloradius
mysql -u root -p radiusdb < contrib/db/fr2-mysql-daloradius-and-freeradius.sql
mysql -u root -p radiusdb < contrib/db/mysql-daloradius.sql

Next, give proper permission to the daloradius directory with the following command:

chown -R www-data:www-data /var/www/html/daloradius/
chmod 664 /var/www/html/daloradius/library/daloradius.conf.php

Next, open daloradius.conf.php file and define the database connection details:

nano /var/www/html/daloradius/library/daloradius.conf.php

Make the following changes that match your database:

$configValues['DALORADIUS_VERSION'] = '1.1-1';
$configValues['DALORADIUS_DATE'] = '28 Jul 2019';
$configValues['FREERADIUS_VERSION'] = '2';
$configValues['CONFIG_DB_ENGINE'] = 'mysqli';
$configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_PORT'] = '3306';
$configValues['CONFIG_DB_USER'] = 'radius';
$configValues['CONFIG_DB_PASS'] = 'password';
$configValues['CONFIG_DB_NAME'] = 'radiusdb';

Save and close the file. Then, restart freeradius and apache service with the following command:

systemctl restart freeradius
systemctl restart apache2

You can also check the status of Apache web service with the following command:

systemctl status apache2

You should see the following command:

? apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
  Drop-In: /lib/systemd/system/apache2.service.d
           ??apache2-systemd.conf
   Active: active (running) since Wed 2019-08-07 09:25:56 UTC; 4min 25s ago
  Process: 45483 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
  Process: 45489 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
 Main PID: 45505 (apache2)
    Tasks: 11 (limit: 4650)
   CGroup: /system.slice/apache2.service
           ??45505 /usr/sbin/apache2 -k start
           ??45510 /usr/sbin/apache2 -k start
           ??45511 /usr/sbin/apache2 -k start
           ??45512 /usr/sbin/apache2 -k start
           ??45513 /usr/sbin/apache2 -k start
           ??45517 /usr/sbin/apache2 -k start
           ??45519 /usr/sbin/apache2 -k start
           ??45520 /usr/sbin/apache2 -k start
           ??45521 /usr/sbin/apache2 -k start
           ??45527 /usr/sbin/apache2 -k start
           ??45528 /usr/sbin/apache2 -k start

Aug 07 09:25:55 openshift systemd[1]: Starting The Apache HTTP Server...
Aug 07 09:25:56 openshift systemd[1]: Started The Apache HTTP Server.

Once you have done, you can proceed to the next step.

Access daloRADIUS Web Interface

FreeRADIUS and daloRADIUS are now installed and configured. It's time to access daloRADIUS web interface. To access the web inetrface, open your web browser and type the URL http://your-server-ip/daloradius/login.php. You will be redirected to the daloRADIUS login page:

daloRadius Login

Now, provide default username and password as administrator / radius, and click on the Login button. You should see the daloRADIUS default dashboard in the following page:

daloRadius Dashboard

daloRadius Server Status

Congratulations! you have successfully installed and configured FreeRADIUS and daloRADIUS on your Ubuntu 18.04 server. For more information, you can visit the official documentation at https://github.com/lirantal/daloradius. Feel free to ask me if you have any questions.

Share this page:

Suggested articles

36 Comment(s)

Add comment

Comments

By: jer.bee

Can't get passed here unfortunately: PERMISSION DENIED (sudo doesn't work either, probably related to the DB ownership)

Once installed, import the freeradius MySQL database schema with the following command:

mysql -u root -p radiusdb < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql

By: concept21

very nice.  Thank You.

By: Norm

I am also stuck at the same location as jer.bee. Is there something missing?

By: norman

I got passed the importing the schema . Now I am stuck at starting the freeradius service. Error is "failed to start freeradius multi-protocol policy server

 

By: Mike

Hi Hitesh,

Thanks for the detailed instructions; my goals were actually to set up:

1. user's authentication via freeradius through LDAP ADC (NPS on Windos 16 is not working right);

2. NAC for machines per MAC addresses.

Is there a quick reference to howto that - in relation to this installation?

Thanks!

By: Leszek

Thanks. It works.

Actually what kind of authentication does this provide ?

By: Leszek

Freeradius and Apache on my server did not autostart. You might want to add:

systemctl enable apache2

systemctl enable freeradius

somewhere at the end of the tutorial.

By: Fausto J. González

Nice Job!

Congratulations an thanks you!

one question: how can say to program "one user, one device only"?

Thanks

By: lee

I followed the steps and everything looks right. but when login from GUI by using administrator/radius, then got this error:

Database connection error Error Message: DB Error: connect failed

any idea?

thanks f

Lee

By: Machkonti

to bypass permissions for db try to copy schema.sql to other locationm change ownership to user privileges and then run mysql import command:

cp /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql ~/

chown -R [user]:[usergrp] schema.sql

mysql -u root -p radiusdb schema.sql

 

However, i have some issues with after config. Everithing going right till i try to login in daloradis panel.

http://[serverip]/daloradius/login.php is working, but when i enter default user and pass [administrator/radius] i recieve http error 500, can't figure it out where is the problem

By: Steve
By: BP

I also had a problem with the step schema import mysql -u root -p radiusdb < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql

I was able to to get schema imported by logging in to mysql and connecting to radiusdb and then running cmd source /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql I have no idea why that worked, or why the < didnt work, but it populated the database properly

By: Robert

Great guide! worked without any trouble.

By: Anish

Getting Error while testing the radius with NTRadping tool

"Ready to process requestsIgnoring request to auth address * port 1812 bound to server default from unknown client 192.168.1.2 port 49234 proto udp"

By: Roshan

Please help me to fix the issue:

 

sudo systemctl status freeradius

? freeradius.service - FreeRADIUS multi-protocol policy server

   Loaded: loaded (/lib/systemd/system/freeradius.service; enabled; vendor preset: enabled)

   Active: activating (auto-restart) (Result: exit-code) since Thu 2019-12-26 10:47:14 +0545; 1s ago

     Docs: man:radiusd(8)

           man:radiusd.conf(5)

           http://wiki.freeradius.org/

           http://networkradius.com/doc/

  Process: 4412 ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cxm -lstdout (code=exited, st

 

??????? 26 10:47:14 Moth3r systemd[1]: Failed to start FreeRADIUS multi-protocol policy server.

lines 1-10/10 (END)

 

By: X

I guess you have a typo here:

mysql -u root -p radiusdb < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql

There should be your DB user, not root.

By: Roshan

Thank You Mr.X

I have fix the issue..

Now the ip address,subnet are not showing on Network Interface ??

 

By: Omar

Hi to all , i follw thi tuto and the instalation no report problem ... th page of daloradius open good but when i try to use with administrator / radius the systen respond "Database connection error

Error Message: DB Error: connect failed" 

 

I check that the database is the same in mariadb Server, freeradoius config and daloradius config what i can do ... where its the posible problems?

By: Abn

Pls help I got error while user test connectivity,

xecuted:echo User-Name='test',User-Password='test' | radclient -c '1' -n '3' -r '3' -t '3' -x '127.0.0.1:1812' 'auth' 'testing123' 2>&1Results:(0) -: Expected Access-Accept got Access-Reject Sent Access-Request Id 209 from 0.0.0.0:52329 to 127.0.0.1:1812 length 44 User-Name = "test" User-Password = "test" Cleartext-Password = "test" Received Access-Reject Id 209 from 127.0.0.1:1812 to 127.0.0.1:52329 length 20

On debug:

Failed binding to auth address * port 1812 bound to server default: Address already in use /etc/freeradius/3.0/sites-enabled/default[59]: Error binding to port for 0.0.0.0 port 1812

Pls help..

 

By: Foster W

Great Guide. It all worked perfectly withour any issues.

I am working on an automated solution to implement mass authentication ,in order to do this, I must give mysql access to a remote host. Basically a remote host should connect to the DC on the FreeRadius server, in order to add users etc.

Normally, you must edit the /etc/my.cnf file and grant DB permissions however, in this case this file does not exists. Any suggestions to get this done?

 

Thanks

By: Hossein

Hi there, after I install successfully without any error, step by step, I got this error when test user

please help me to solve this issue

Executed:echo User-Name='VPN',User-Password='*****' | radclient -c '1' -n '3' -r '3' -t '3' -x '127.0.0.1:1812' 'auth' 'testing123' 2>&1Results:(0) -: Expected Access-Accept got Access-Reject Sent Access-Request Id 178 from 0.0.0.0:60294 to 127.0.0.1:1812 length 43 User-Name = "VPN" User-Password = "*****" Cleartext-Password = "****" Received Access-Reject Id 178 from 127.0.0.1:1812 to 0.0.0.0:0 length 20

normally must work fine without any problem but now Access_Reject

thanks a lot

By: Jorge-Mario

Dear Hitesh.

 

Thanks for this awesome and effective tutorial. Freeradius and Daloradius were successfully instaled, but after to logging on Daloradius web page, I obtain "daloradius db error connect failed".

Please, can yo help me?

Thanks for your attention and help.

Best regards.

By: RajS

Hi,

I am not sure if I have edited the file  /etc/freeradius/3.0/mods-enabled/sql correctly.

Please let me know what should be username and password combination I should use here. When I have followed your instruction, I was getting the following error:

[email protected]:/etc/freeradius/3.0/mods-enabled# systemctl restart freeradius

Job for freeradius.service failed because the control process exited with error code.

See "systemctl status freeradius.service" and "journalctl -xe" for details.

[email protected]:/etc/freeradius/3.0/mods-enabled# systemctl status freeradius.service

? freeradius.service - FreeRADIUS multi-protocol policy server

   Loaded: loaded (/lib/systemd/system/freeradius.service; enabled; vendor preset: enabled)

   Active: activating (auto-restart) (Result: exit-code) since Wed 2020-04-22 11:30:35 UTC; 1s ago

     Docs: man:radiusd(8)

           man:radiusd.conf(5)

           http://wiki.freeradius.org/

           http://networkradius.com/doc/

  Process: 5085 ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cxm -lstdout (code=exited, status=1/FAILURE)

Appreciate if you could help with error message. Many thanks.

RajS

By: Assad

Dear,

Requirement is Mac Address Authenticationhow user/device authenticate without a password.client -- > AP(NAS) -- > Radius Serveri did but cannot get success.

By: Rey

Thanks for this tuto, i work fine, but have a problem in log send this mensage: ERROR: (7) sql: ERROR: rlm_sql_mysql: ERROR 1054 (Unknown column 'acctupdatetime' in 'field list'): 42S22need add in tables of mysql but i no have idea of this xDCan help? Thanks

 

By: Jörg

Hi HItesh,

 

Thank you very much for this tutorial. Can you please let me know how and where to change the password of the administrator accunt for daloRADIUS? I think this is a serious security issue.

 

Thanks and best regards,

 

Jörg

By: Jörg

Found it. Sorry. Please ignore my previous post.

By: Martin Phillpot

I've followed the instructions as well as I can but I've run in to a hitch after making the changes to the /etc/freeradius/3.0/mods-enabled/sql file. When I try to restart the service I get this result.

Jul 02 08:34:42 slgpiradius01 freeradius[35639]: FreeRADIUS Version 3.0.20Jul 02 08:34:42 slgpiradius01 freeradius[35639]: Copyright (C) 1999-2019 The FreeRADIUS server project and contributorsJul 02 08:34:42 slgpiradius01 freeradius[35639]: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR AJul 02 08:34:42 slgpiradius01 freeradius[35639]: PARTICULAR PURPOSEJul 02 08:34:42 slgpiradius01 freeradius[35639]: You may redistribute copies of FreeRADIUS under the terms of theJul 02 08:34:42 slgpiradius01 freeradius[35639]: GNU General Public LicenseJul 02 08:34:42 slgpiradius01 freeradius[35639]: For more information about these matters, see the file named COPYRIGHTJul 02 08:34:42 slgpiradius01 freeradius[35639]: Starting - reading configuration files ...Jul 02 08:34:42 slgpiradius01 freeradius[35639]: Debugger not attachedJul 02 08:34:42 slgpiradius01 freeradius[35639]: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linkedJul 02 08:34:42 slgpiradius01 freeradius[35639]: Creating attribute SQL-GroupJul 02 08:34:42 slgpiradius01 freeradius[35639]: Creating attribute Unix-GroupJul 02 08:34:42 slgpiradius01 freeradius[35639]: rlm_sql_mysql: libmysql version: 8.0.20Jul 02 08:34:42 slgpiradius01 freeradius[35639]: Unable to check file "/etc/ssl/certs/my_ca.crt": No such file or directoryJul 02 08:34:42 slgpiradius01 freeradius[35639]: /etc/freeradius/3.0/mods-enabled/sql[87]: Failed parsing configuration item "ca_file"Jul 02 08:34:42 slgpiradius01 freeradius[35639]: /etc/freeradius/3.0/mods-enabled/sql[27]: Instantiation failed for module "sql"Jul 02 08:34:42 slgpiradius01 systemd[1]: freeradius.service: Control process exited, code=exited, status=1/FAILURE-- Subject: Unit process exited

The service is looking for a certificate file that it can't find. Where do I find this certificate?

By: Ahmad

In the last step after I press Login I get: 

This page isn’t working

127.0.0.1 is currently unable to handle this request.

HTTP ERROR 500

By: Reinald

Hi Hitesh,thank you for your brilliant manual. Unfortunateley I get my Radius not running. Following problems occurred:1) "system restart freeradius" end" wirh an error message: Job for freeradius.service failed because the control process terminates with error code."systemctle status freedeadius" terminated with following error:[email protected]:/home/reinald# systemctl status freeradius? freeradius.service - FreeRADIUS multi-protocol policy server   Loaded: loaded (/lib/systemd/system/freeradius.service; disabled; vendor pres   Active: activating (auto-restart) (Result: exit-code) since Sat 2020-08-08 01     Docs: man:radiusd(8)           man:radiusd.conf(5)           http://wiki.freeradius.org/           http://networkradius.com/doc/  Process: 30198 ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cxm -lstAug 08 01:03:21 ubuntu systemd[1]: freeradius.service: Control process exited, cAug 08 01:03:21 ubuntu systemd[1]: freeradius.service: Failed with result 'exit-Aug 08 01:03:21 ubuntu systemd[1]: Failed to start FreeRADIUS multi-protocol pol3) When starting the GUI the Home -> Server Status screen does not show a network interface:

I would be very grateful if you could help me - thanks.

 

Regards Reinald

By: Reinald

Please ignore my last email, I got evrything running now, so far. The problem I still face is: There is no network interface in Server Status screen, it is simpl empty. Can anyone help? - thanks

By: juan

Thank you very much for your contribution, everything works fine for me.

Before I used radius v2 and now with your manual I am using v3 but I have a problem that I don't know how to solve. my users are of the type [email protected] (not [email protected]) in radius v2 if it works for me but in this version it does not accept special characters in the user. Does anyone know how to fix it?If the user were only user it works perfectly.

By: Ignacio

thanks, works perfect!

By: Solola

All things are OK. Thank you

By: Tiago

I have the same error as other people, everything goes OK until I want to login daloradius, I use administrator/radius and get the error 

Database connection error

Error Message: DB Error: connect failed

How can I fi it? regars

By: kenan

hello, which version of ubuntu do you use?

I had the same error as I use ubuntu 20.04.