Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 637 views

    Radius On Ubuntu 14.04

    Uploaded by

    andalucistas
    Install FreeRADIUS on Ubuntu 14.04 Introduction l FreeRADIUS is the world's most popular RADIUS server. It features various back-ends. Some include LDAP and SQL. l FreeRADIUS is in version 2.2.x as of this writing. l RADIUSdesk is a front-end to the MySQL database used by FreeRADIUS. l We will compile the latest version of FreeRADIUS (2.2.5 as of this writing) from source code and install it on a Ubuntu server. l Download the latest version 2.2.x.tar.gz file from this URL: http://freeradius.org/download.html l FreeRADIUS has a feature to use custom modules. RADIUSdesk will use a few small custom Perl modules to enhance the default functionality of FreeRADIUS. l FreeRADIUS supply AAA (Authentication, Authorization and Accounting) services.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Radius On Ubuntu 14.04

    Uploaded by

    andalucistas
    637 views7 pages
    Install FreeRADIUS on Ubuntu 14.04 Introduction l FreeRADIUS is the world's most popular RADIUS server. It features various back-ends. Some include LDAP and SQL. l FreeRADIUS is in version 2.2.x as of this writing. l RADIUSdesk is a front-end to the MySQL database used by FreeRADIUS. l We will compile the latest version of FreeRADIUS (2.2.5 as of this writing) from source code and install it on a Ubuntu server. l Download the latest version 2.2.x.tar.gz file from this URL: http://freeradius.org/download.html l FreeRADIUS has a feature to use custom modules. RADIUSdesk will use a few small custom Perl modules to enhance the default functionality of FreeRADIUS. l FreeRADIUS supply AAA (Authentication, Authorization and Accounting) services.

    Original Title

    Radius on Ubuntu 14.04

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Install FreeRADIUS on Ubuntu 14.04 Introduction l FreeRADIUS is the world's most popular RADIUS server. It features various back-ends. Some include LDAP and SQL. l FreeRADIUS is in version 2.2.x as of this writing. l RADIUSdesk is a front-end to the MySQL database used by FreeRADIUS. l We will compile the latest version of FreeRADIUS (2.2.5 as of this writing) from source code and install it on a Ubuntu server. l Download the latest version 2.2.x.tar.gz file from this URL: http://freeradius.org/download.html l FreeRADIUS has a feature to use custom modules. RADIUSdesk will use a few small custom Perl modules to enhance the default functionality of FreeRADIUS. l FreeRADIUS supply AAA (Authentication, Authorization and Accounting) services.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    637 views7 pages

    Radius On Ubuntu 14.04

    Uploaded by

    andalucistas
    Install FreeRADIUS on Ubuntu 14.04 Introduction l FreeRADIUS is the world's most popular RADIUS server. It features various back-ends. Some include LDAP and SQL. l FreeRADIUS is in version 2.2.x as of this writing. l RADIUSdesk is a front-end to the MySQL database used by FreeRADIUS. l We will compile the latest version of FreeRADIUS (2.2.5 as of this writing) from source code and install it on a Ubuntu server. l Download the latest version 2.2.x.tar.gz file from this URL: http://freeradius.org/download.html l FreeRADIUS has a feature to use custom modules. RADIUSdesk will use a few small custom Perl modules to enhance the default functionality of FreeRADIUS. l FreeRADIUS supply AAA (Authentication, Authorization and Accounting) services.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 7

    2014/10/09 10:57

    1/7

    Install FreeRADIUS on Ubuntu 14.04

    Install FreeRADIUS on Ubuntu 14.04


    Introduction

    FreeRADIUS is the world's most popular RADIUS server. It features various back-ends. Some include
    LDAP and SQL.
    FreeRADIUS is in version 2.2.x as of this writing.
    RADIUSdesk is a front-end to the MySQL database used by FreeRADIUS.
    We will compile the latest version of FreeRADIUS (2.2.5 as of this writing) from source code and
    install it on a Ubuntu server.
    Download the latest version 2.2.x.tar.gz file from this URL: http://freeradius.org/download.html
    FreeRADIUS has a feature to use custom modules. RADIUSdesk will use a few small custom Perl
    modules to enhance the default functionality of FreeRADIUS.
    FreeRADIUS supply AAA (Authentication, Authorization and Accounting) services.

    Compiling FreeRADIUS
    This section has two options to chose from after you have installed the required software.

    The recommended option is to apply a small patch which will include the rlm_raw FreeRADIUS
    module.
    The standard option is not to apply the patch and simply compile the source as is.

    Install required software

    Before you compile the source code of FreeRADIUS, ensure the following packages are installed:

    sudo apt-get install build-essential libmysqlclient-dev libperl-dev


    libssl-dev

    OPTION 1 -> Dynamic Clients using rlm_raw patch (Recommended way)


    If you will have clients that will contact the FreeRADIUS server from an unknown IP Address
    (Typically from behind a DSL connection that uses DHCP), we will be making use of the dynamic
    client feature of FreeRADIUS. This section then is for you.

    Download FreeRADIUS source code. http://freeradius.org/download.html

    RADIUSdesk - http://www.radiusdesk.com/

    Last update: 2014/10/08


    15:54

    getting_started:install_ubuntu_freeradius http://www.radiusdesk.com/getting_started/install_ubuntu_freeradius

    Extract the code


    tar -xzvf freeradius-server-2.2.5.tar.gz

    Copy the rlm_raw_patch patch from the rd_cake/Setup/Radius directory

    #For Nginx
    cp /usr/share/nginx/html/cake2/rd_cake/Setup/Radius/rlm_raw_patch ./
    freeradius-server-2.2.5
    #For Apache
    cp /var/www/cake2/rd_cake/Setup/Radius/rlm_raw_patch ./
    freeradius-server-2.2.5

    Patch the code

    cd freeradius-server-2.2.5
    patch -p1 < rlm_raw_patch

    If all goes according to plan the following output should show on your screen:

    system@ubuntu-32:~/Documents/raw/freeradius-server-2.2.5$ patch -p1 <


    rlm_raw_patch
    patching file src/modules/rlm_raw/config.h.in
    patching file src/modules/rlm_raw/configure
    patching file src/modules/rlm_raw/configure.in
    patching file src/modules/rlm_raw/Makefile.in
    patching file src/modules/rlm_raw/rlm_raw.c
    patching file src/modules/stable
    Hunk #1 FAILED at 39.
    1 out of 1 hunk FAILED -- saving rejects to file src/modules/stable.rej

    This simply means the last part of the patch did not happen. You can manually fix it by adding the
    following to the bottom of the src/modules/stable file.

    rlm_raw

    This will cause FreeRADIUS to be build with the raw module since we tell it that rlm_raw is a stable
    module.
    Build and install FreeRADIUS as normal.

    ./configure | tee config_out.txt


    make
    sudo make install
    sudo ldconfig

    Confirm rlm_raw in installed. (Should list rlm_raw.a rlm_raw.so and rlm_raw.la)

    ls /usr/local/lib/rlm_raw.*

    Setup FreeRADIUS
    http://www.radiusdesk.com/

    Printed on 2014/10/09 10:57

    2014/10/09 10:57

    3/7

    Install FreeRADIUS on Ubuntu 14.04

    The following commands will set-up FreeRADIUS to work optimal with RADIUSdesk that runs on
    Nginx.

    sudo mv /usr/local/etc/raddb /usr/local/etc/raddb.orig


    sudo cp /usr/share/nginx/html/cake2/rd_cake/Setup/Radius/raddb_rd.tar.gz /
    usr/local/etc/
    sudo cp /usr/share/nginx/html/cake2/rd_cake/Setup/Radius/checkrad /usr/local
    /sbin/
    cd /usr/local/etc/
    sudo tar -xzvf raddb_rd.tar.gz
    sudo chmod 644 /usr/local/etc/raddb/dictionary
    sudo ldconfig

    The following commands will set-up FreeRADIUS to work optimal with RADIUSdesk that runs on
    Apache.

    sudo mv /usr/local/etc/raddb /usr/local/etc/raddb.orig


    sudo cp /var/www/cake2/rd_cake/Setup/Radius/raddb_rd.tar.gz /usr/local/etc/
    sudo cp /var/www/cake2/rd_cake/Setup/Radius/checkrad /usr/local/sbin/
    cd /usr/local/etc/
    sudo tar -xzvf raddb_rd.tar.gz
    sudo chmod 644 /usr/local/etc/raddb/dictionary
    sudo ldconfig

    Activate the rlm_raw module

    Activate the dynamic-clients virtual server.

    sudo su
    cd /usr/local/etc/raddb/sites-enabled
    ln -s ../sites-available/dynamic-clients ./

    Edit the /usr/local/etc/raddb/sites-enabled/dynamic-clients file and replace the content with


    this:

    #Define a client that has a 'catch all'


    client dymamic {
    ipaddr = 0.0.0.0
    netmask = 0
    #We spacify the virtual server that will be used for client
    verification
    dynamic_clients = dynamic_client_server
    lifetime = 86400
    }
    server dynamic_client_server {
    authorize {
    #With RADIUSdesk we mis-use the optional Community field in the NAS
    table to specify the value of an attribute that the raw module should read
    #In this sample we use the MAC address of the Device running Coova
    RADIUSdesk - http://www.radiusdesk.com/

    Last update: 2014/10/08


    15:54

    getting_started:install_ubuntu_freeradius http://www.radiusdesk.com/getting_started/install_ubuntu_freeradius

    Chilli, but you can use any of the attributes inside the request.
    #The mac is then added as the value of the Community optional field
    in YFi to create a match
    #rlm_raw: Called-Station-Id = 08-00-27-56-22-0B
    #Test to see if our required raw attribute exists
    if("%{raw:NAS-Identifier}"){
    #Test to see if it is in the DB
    if ("%{sql: select count(*) from nas where
    nas.nasidentifier='%{raw:NAS-Identifier}'}" == 1) {
    update control {
    FreeRADIUS-Client-IP-Address =
    "%{Packet-Src-IP-Address}"
    FreeRADIUS-Client-Require-MA = no
    FreeRADIUS-Client-Secret = "%{sql:
    select nas.secret from nas where nas.nasidentifier='%{raw:NAS-Identifier}'}"
    FreeRADIUS-Client-Shortname = "%{sql:
    select nas.shortname from nas where
    nas.nasidentifier='%{raw:NAS-Identifier}'}"
    FreeRADIUS-Client-NAS-Type = "other"
    #Optional Virtual server
    #FreeRADIUS-Client-Virtual-Server =
    "dynamic_server"
    }
    ok
    }
    }
    }
    }

    Create a raw module in file /usr/local/etc/raddb/modules/raw (empty definition)

    raw {
    }

    Tell FreeRADIUS to instantiate the raw module upon start-up. Edit the
    /usr/local/etc/raddb/radiusd.conf file and ensure raw is added to the instantiate section:

    instantiate {
    .....
    raw
    .....
    }

    OPTION 2 -> Standard FreeRADIUS compile (Standard)


    This is used when clients will always connect from a know IP Address to to FreeRADIUS server.

    Download FreeRADIUS source code. http://freeradius.org/download.html

    http://www.radiusdesk.com/

    Printed on 2014/10/09 10:57

    2014/10/09 10:57

    5/7

    Install FreeRADIUS on Ubuntu 14.04

    tar -xzvf freeradius-server-2.2.5.tar.gz


    cd freeradius-server-2.2.5
    ./configure | tee config_out.txt
    make
    sudo make install
    sudo ldconfig

    Setup FreeRADIUS

    The following commands will set-up FreeRADIUS to work optimal with RADIUSdesk that runs on
    Nginx.

    sudo mv /usr/local/etc/raddb /usr/local/etc/raddb.orig


    sudo cp /usr/share/nginx/html/cake2/rd_cake/Setup/Radius/raddb_rd.tar.gz /
    usr/local/etc/
    sudo cp /usr/share/nginx/html/cake2/rd_cake/Setup/Radius/checkrad /usr/local
    /sbin/
    cd /usr/local/etc/
    sudo tar -xzvf raddb_rd.tar.gz
    sudo chmod 644 /usr/local/etc/raddb/dictionary
    sudo ldconfig

    The following commands will set-up FreeRADIUS to work optimal with RADIUSdesk that runs on
    Apache.

    sudo mv /usr/local/etc/raddb /usr/local/etc/raddb.orig


    sudo cp /var/www/cake2/rd_cake/Setup/Radius/raddb_rd.tar.gz /usr/local/etc/
    sudo cp /var/www/cake2/rd_cake/Setup/Radius/checkrad /usr/local/sbin/
    cd /usr/local/etc/
    sudo tar -xzvf raddb_rd.tar.gz
    sudo chmod 644 /usr/local/etc/raddb/dictionary
    sudo ldconfig

    Testing FreeRADIUS
    By now you should have heard about the ssl Heartbleed
    vulnerability. It seems Ubuntu 14.04 already included the
    patch in their version of the OpenSSL libraries. Unfortunately
    FreeRADIUS does not know if the complied version is patched
    or not! So please add this part below the status_server =
    yes line that is part of the security configuration in
    /usr/local/etc/raddb/radiusd.conf
    #
    RADIUSdesk - http://www.radiusdesk.com/

    Last update: 2014/10/08


    15:54

    getting_started:install_ubuntu_freeradius http://www.radiusdesk.com/getting_started/install_ubuntu_freeradius

    # allow_vulnerable_openssl: Allow the


    server to start with
    # versions of OpenSSL known to have
    critical vulnerabilities.
    #
    # This check is based on the version number
    reported by libssl
    # and may not reflect patches applied to
    libssl by
    # distribution maintainers.
    #
    allow_vulnerable_openssl = yes

    Test to see if Free Radius works by issuing the following command:

    sudo /usr/local/sbin/radiusd -X

    This will start FreeRadius in debug mode ( To stop it Ctrl+c).


    FreeRADIUS has a start-up script. The following will ensure automatic start-up between reboots.

    sudo cp /usr/local/sbin/rc.radiusd /etc/init.d/radiusd


    sudo update-rc.d radiusd start 99 2 3 4 5 . stop 20 0 1 6 .

    Final testing

    As a final test issue the following command and ensure no errors are present.

    sudo /usr/local/sbin/radiusd -X

    If there are no errors start the FreeRADIUS service through the start-up script.

    sudo /etc/init.d/radiusd start

    Add script to sudoers file


    Failing to do this step will leave the advanced features of
    RADIUSdesk broken.

    To create the ability for the web server to exercise some control over FreeRADIUS, we will have a
    custom script which is added to the sodoers file.
    The correct wat to edit the sodoers file is by using:

    http://www.radiusdesk.com/

    Printed on 2014/10/09 10:57

    2014/10/09 10:57

    7/7

    Install FreeRADIUS on Ubuntu 14.04

    sudo visudo

    For Nginx add the following at the bottom

    # Members of the admin group may gain root privileges


    %admin ALL=(ALL) ALL www-data ALL = NOPASSWD:/usr/share/nginx/html/cake2/
    rd_cake/Setup/Scripts/radmin_wrapper.pl

    For Apache add the following at the bottom

    # Members of the admin group may gain root privileges


    %admin ALL=(ALL) ALL www-data ALL = NOPASSWD:/var/www/cake2/rd_cake/Setup/
    Scripts/radmin_wrapper.pl

    Confirm that this line is now inside the /etc/sudoers file

    sudo cat /etc/sudoers

    This will allow the root user in RADIUSdesk to start and stop FreeRADIUS and also to do on-the-fly
    activation of debug traces.

    Next steps

    Be sure to also install Node.js.


    Install node.js

    From:
    http://www.radiusdesk.com/ - RADIUSdesk
    Permanent link:
    http://www.radiusdesk.com/getting_started/install_ubuntu_freeradius
    Last update: 2014/10/08 15:54

    RADIUSdesk - http://www.radiusdesk.com/

    You might also like