Mémos - Debian 9 64 Bits – Serveur FreeRadius

Auteur : Vince Nadus

Date de publication : 13 février 2019

freeradius radius debian

Update

apt update && apt upgrade -y

Tools

apt install -y sudo unzip apt-transport-https curl wget dirmngr lsb-release

Apache2

apt-get install apache2

PHP 7.3

wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list apt update apt install php7.3 php7.3-common php7.3-cli apt install php7.3-bcmath php7.3-bz2 php7.3-curl php7.3-gd php7.3-intl php7.3-json php7.3-mbstring php7.3-readline php7.3-xml php7.3-zip apt install php7.3-fpm php7.3-mysql apt install php-mail php-mail-mime php-pear pear install DB

MariaDB

apt install mariadb-server

FreeRADIUS

apt-get install freeradius freeradius-mysql freeradius-utils systemctl enable freeradius systemctl stop freeradius

Vérification du service

freeradius -X

... listen { type = "acct" ipv6addr = :: port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel Listening on auth address * port 1812 bound to server default Listening on acct address * port 1813 bound to server default Listening on auth address :: port 1812 bound to server default Listening on acct address :: port 1813 bound to server default Listening on proxy address * port 58656 Listening on proxy address :: port 48643 Ready to process requests

Configuration MySQL

mysql -u root -p create database radius; grant all privileges on radius.* to radius@localhost identified by 'P@ssWORD'; flush privileges; quit;

Insertion du schéma

mysql -u root -p radius < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql

Activation du module FreeRADIUS SQL

ln -s /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-enabled/

Mise à jour du module FreeRADIUS SQL

nano /etc/freeradius/3.0/mods-available/sql

... # The dialect of SQL you want to use, this should usually match # the driver you selected above. # # If you're using rlm_sql_null, then it should be the type of # database the logged queries are going to be executed against. #dialect = "sqlite" dialect = "mysql"

    # Connection info:
    #
    server = "localhost"
    port = 3306
    login = "radius"
    password = "P@ssWORD"

    # Database table configuration for everything except Oracle
    radius_db = "radius"

... # Set to 'yes' to read radius clients from the database ('nas' table) # Clients will ONLY be read on server startup. read_clients = yes ...

chown -h freerad.freerad /etc/freeradius/3.0/mods-enabled/sql

systemctl restart freeradius

Installation de daloradius

https://sourceforge.net/projects/daloradius/

wget https://jaist.dl.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz mv daloradius-0.9-9 /var/www/html/daloradius

Import des tables nécessaires à daloradius

mysql -u root -p radius < /var/www/html/daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql mysql -u root -p radius < /var/www/html/daloradius/contrib/db/mysql-daloradius.sql

Mise à jour des droits sur l’application Web

chown -R www-data.www-data /var/www/html/daloradius/ chmod 664 /var/www/html/daloradius/library/daloradius.conf.php

Configuration daloradius à la BDD

nano /var/www/html/daloradius/library/daloradius.conf.php

... $configValues['DALORADIUS_VERSION'] = '0.9-9'; $configValues['FREERADIUS_VERSION'] = '2'; $configValues['CONFIG_DB_ENGINE'] = 'mysqli'; $configValues['CONFIG_DB_HOST'] = 'localhost'; $configValues['CONFIG_DB_PORT'] = '3306'; $configValues['CONFIG_DB_USER'] = 'radius'; < RADIUS database user $configValues['CONFIG_DB_PASS'] = 'P@SSWORD'; < radius user password $configValues['CONFIG_DB_NAME'] = 'radius'; < RADIUS database ...

Redémarrage de FreeRADIUS

systemctl restart freeradius

Accès à l’interface d’administration

http://server_IP/daloradius

Utilisateur et mot de passe par defaut

User : Administrator

MDP: radius

Lien utile dans la conception de ce mémo :

Installation basique de Freeradius 3.0

https://debian-facile.org/atelier:chantier:installation-freeradius-daloradius-sous-debian-9.4.0

https://wiki.cyberblabla.fr/doku.php?id=configuration-radius

https://www.unix-experience.fr/security/freeradius2/

Interface

https://github.com/topics/freeradius-webinterface

https://github.com/openwisp/django-freeradius

https://django-freeradius.readthedocs.io/en/latest/

http://openwisp.io/docs/user/quickstart.html