Sunday, August 19, 2012

Installing and Configuring Freeradius + MySQL and Daloradius + MySQL on Ubuntu Server 12.04 for Mikrotik Hotspot/PPoE/PPTP (updated)

Installing and Configuring Freeradius

The first step is to Install Freeradius (ensure you already update your apt with apt-update)
$sudo apt-get install freeradius
 * Starting FreeRADIUS daemon freeradius                                 [ OK ] 
Setting up freeradius-utils (2.1.10+dfsg-3build2) ...

Then prepare the database for freeradius. Create database radius and assign username and password for accessing it. 

# mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 51
Server version: 5.5.24-0ubuntu0.12.04.1 (Ubuntu)

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database radius; 
mysql> grant all on radius.* to radius@localhost identified by "thepassword";
Query OK, 0 rows affected (0.00 sec)

The next step was to insert the database schema and I realized that I could not find the database scheme in /etc/freeradius.

Obviously I should install freeradius-mysql package first. 

#apt-get install freeradius-mysql
Setting up freeradius-mysql (2.1.10+dfsg-3build2) ...
 * Reloading FreeRADIUS daemon freeradius                                [ OK ] 

Then insert the database scheme 

# mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql 
Enter password:
# mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sql 
Enter password: 

Now we try to insert new user for testing purpose in database. 

# mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 72
Server version: 5.5.24-0ubuntu0.12.04.1 (Ubuntu)

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> use radius;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('sqltest', 'Password', 'testpwd');
Query OK, 1 row affected (0.04 sec)

mysql> exit
Bye

The next step is we need to configure the Freeradius files. 

Edit /etc/freeradius/sql.conf file. Setting database type, login and password that we already setup before.

# vim /etc/freeradius/sql.conf
  
  database = mysql
  login = radius
  password = thepassword

  readclients = yes

Then edit the /etc/freeradius/sites-enabled/default file

# vim /etc/freeradius/sites-enabled/default 

    Uncomment sql on authorize{}
    # See “Authorization Queries” in sql.conf
    sql

    Uncomment sql on accounting{}
    # See “Accounting queries” in sql.conf
    sql

    Uncomment sql on session{}
    # See “Simultaneous Use Checking Queries” in sql.conf
    sql

    Uncomment sql on post-auth{}
    # See “Authentication Logging Queries” in sql.conf
    sql 
      
Then we edit /etc/freeradius/radiusd.conf file

# vim /etc/freeradius/radiusd.conf 

  #Uncomment #$INCLUDE sql.conf
  $INCLUDE sql.conf

To test our configuration, first we must stop the freeradius service (if already running) 
# /etc/init.d/freeradius stop
 * Stopping FreeRADIUS daemon freeradius                                 [ OK ]

Then run this command to run freeradius in debugging mode. If there is no error, you are good to go.
#freeradius -X

On a new shell or window we tested the connection

$ radtest sqltest testpwd localhost 18128 testing123
Sending Access-Request of id 65 to 127.0.0.1 port 1812
User-Name = "sqltest"
User-Password = "testpwd"
NAS-IP-Address = 127.0.1.1
NAS-Port = 18128
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=65, length=20

The test running well with Accept response from the server.

To enable Mikrotik device to access our server we need to add client in clients.conf file.

#vim /etc/freeradius/clients.conf

client 10.0.0.0/8 {

        secret = testingpassword
        shortname = testing
        nastype= mikrotik
}

*note: we need to stop freeradius -X and then running it again to test our configuration

Update (Jan 27, 2013):  If we want to add specific value for Mikrotik, we need to add mikrotik dictionary

#vim /etc/freeradius/dictionary 


Then add this line below


$INCLUDE  /usr/share/freeradius/dictionary.mikrotik


Mikrotik Configuration

We need to configure our Mikrotik devices to use our new radius server.  We need to login to Mikrotik device and configure the radius in Radius menu. 

Below image is an example of our configuration. 


*Note: we increase timeout settting to 3000ms to enable invalid login notifications. (not working with default 300ms)

Daloradius Installation 

First, we need to download daloradius file 

$wget http://downloads.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fdaloradius%2Ffiles%2F&ts=1345296201&use_mirror=nchc

Rename and extract the file 

# tar xvfz daloradius-0.9-9.tar.gz
# mv daloradius-0.9-9 daloradius

Move the file to the web server directory. In this case I use apache on Ubuntu so the location is at /var/www

# mv daloradius-0.9-9 daloradius
# mv daloradius /var/www

Then we need to setup the database. Because already setup the freeradius using MySQL, so we don't need new database. All we need to do is to import the daloradius scheme into our existing radius database.

# cd /var/www/daloradius/contrib/db
# mysql -u root -p radius < mysql-daloradius.sql

After database successfully altered, we need to configure the daloradius setting.

#vim /var/www/daloradius/library/daloradius.conf.php

Change the database password 

$configValues['CONFIG_DB_PASS'] = 'thepassword';

Then we can try to access daloradius using http://ipaddressoftheserver/daloradius

*Note: In my installation, i had a problem because I didn't have php5-gd php-pear and php-db packages installed on my Ubuntu server. 

To deal with this problem you can install the packages using

# apt-get install php5-gd php-pear php-db 



References, 

Mastaqim (2012), http://www.mastaqim.web.id/2012/08/install-freeradius-mysql-ubuntu-server.html
Daud (2012), http://daud.rasadigital.com/install-daloradius-di-ubuntu-server/


42 comments:

Anonymous said...

am totally new to ubuntu.
suppose i run something like this"vi debian/rules" and i finish with editing the script, how do i save it and go back to the main terminal.
i am stranded here. i end up closing the terminal thinking it would ask me to save changes but nothing. The changes are not effected when i go back to check on the script again.

Andrew Pakpahan said...

To exit from vi you can press [esc] then press [:wq!] then enter.

Golgot said...

Great job, Thanks ,

at the end to log into daloradius page :

http://your ip address/daloradius

Login to the management:
username: administrator
password: radius

Rizha Ardianto said...

Thanks for your nice post Andrew.

Im trying to use coova-chilli but still not working. Any ideas how to use it with daloradius in this post?

Thank you

Rizha Ardianto said...

Thanks for your nice post Andrew.

Im trying to get coova-chilli work, but still no luck. Any ideas how to make it work with this setup?

Big thanks

Andrew Pakpahan said...

@Golgot: Thanks :)

@ Rizha: I haven't tried coova chilli , but I think your problem is in the coova chilli configuration with freeradius.

hidrargium said...

Hi, Andrew.

Thank you for a good article.

Some notes:

After adding new granst in MySQL:
------
grant all on radius.* to radius@localhost identified by "thepassword";
----
You need to preform next command:
------
flush privileges;
------

Rizha said...

Andrew,

how if we want to use an external radius server?

GoldenNetworks said...

#vim /etc/freeradius/clients.conf

client 10.0.0.0/8 {

secret = testingpassword
shortname = testing
nastype= mikrotik
}

when i enter down in the last already 3 4 entries /24 /32 etc
where i have to add this entry or edit the existing one ???
Please quick reply im stuck on the edge.

Andrew Pakpahan said...

@GoldenNetwork:

Just add as new lines. Put comments on all previous lines.

GoldenNetworks said...

Well i have done everything through ur blog n i got the result in positive when i give command for radtest. it seems to b ok

but as im using ubuntu server 12.04 Lts so im unable to access daloradius page. 127.0.0.1/daloradius.

i dont know how to attach it with the mikrotik by cable

Andrew Pakpahan said...

@GoldenNetwork

Do you understand IP address concept? You need to understand this before even trying this setup.

GoldenNetworks said...

Thanx for reply... i did same as u mentioned the same ips 10.0.0.0/8 even in mikrotik 10.0.0.50
hotspot setup already working in routerboard.
should i use 1 simple ethernet cable between daloradius n mikrotik ???
what ip would be assigned to the mikrotik interface ???
should i use this topology: http://bejatijampang.files.wordpress.com/2012/07/slide2-300x296.jpg
should i have to add 2 lan cards in ubuntu box or after the setup remove the internet from ubuntu and put 1 jumper between mikrotik n ubuntu as i linked up topology ???

The daloradius box is ready my problem is how to make connections between routerboard and daloradius box to get access daloradious webpage

Vanderwyk Siahaan said...

why i found message

"no response from server for ID 210 socket 3"

how to resolft it?

Divya S said...

thank u sir..it helped us a lot :)

Rosso said...

Hello Andrew, thnk for this blog.
I have a small question, can i put the server on a different location.
Will this make all traffic go to the external server?

Hamad Ahmed said...

Hi All,

First thanks to Andrew.

I am trying to install daloRADIUS , but I am facing some issues with sql module configurations. When I uncomment the sql from the configuration file I received the following error.

/etc/freeradius/sql.conf[22]: Instantiation failed for module "sql"
/etc/freeradius/sites-enabled/default[159]: Failed to load module "sql".
/etc/freeradius/sites-enabled/default[62]: Errors parsing authorize section.

anyone can help ?

Thanks,
Hamad

Pavlos said...

Great article. I followed it and it seams it works.

I have a question. Now after configuring the server and the mikrotik.
First how can I check if they communicate?
Second how can I test if a user authenticates when it connects to wifi ?

Thank you

Andrew Pakpahan said...

@Pavlos: You can try to activate hotspot on your wireless interface. Then try to login with you radius account.

Alejandro said...

Congratulations for your cool post and thanks for sharing your experience.

I've two questions:

- Is the number of users limited?
- Which is the home page for the hotspot login users and can I configure a new one?

Thanks in advance.
Greetings.

Kevin said...

Thanks Andrew. After follow your blog, I got to http://localhost/daloradius after typing in:
user name: administrator
password: radius
I receive an error message. "Database connection error DB error extension not found.

Please help.
Thanks.

Anonymous said...

Thanks you for your help, Great job worked for me without much trouble.

Anonymous said...

I have been working my way through this config as new to Ubuntu

All seemed to be going well until i tested using radtest which returns the following error:- Invalid octet string "sqltest" for attribute name "User-Name"
radclient: Nothing to send.

I have viewed the table contents and it all looks in order and double checked the config??

Any help would be very much appreciated. Thanks

alfurqan said...

hi,

would you help me, what means that: unable to open file "/etc/freeradius/sql/mysql/ippool-dhcp.conf": no such file or directory
errors reading or parsing /etc/freeradius/radiusd.conf

Anonymous said...

Hi,

I have followed this link for reference in running daloradius with freereadius.

https://help.ubuntu.com/community/CategoryNetworking/daloRADIUS

but I can't seem to get pass the login page.

http://192.168.2.133/daloradius/dologin.php

Database connection error
Error Message: DB Error: connect failed

could you point out what I have missed?
I have used both 12.04 and 14.04 LTS and both have same error message

what output do you need in order to further troubleshoot this?

many thanks,

Anonymous said...

I have Freeradius running on Ubuntu 12.04 server, to authenticate iBurst clients of my ISP. It is working fine, the only issue is that I don't know how to manage these clients.

For example if a client has not payed to use Internet, I need to be able to disconnect him/her and reconnect him/her once the payment has been done. The only way that I know is to edit the /etc/freeradius/users file and comment the Framed-IP-Address line which is not easy to do every time. Also, I fear that I might accidentally damage the file if I continue accessing it everyday and modifying it.

I would like to know if there is any other way to do this (preferably through a web client). I found one called Dialupadmin web interface, but I don't know if I have to install Freeradius from scratch to be able to use the web interface or if I can just install this and use the existing Freeradius without re-installation.

odik's said...

Andrew, pls help! i am am trying to install daloRADIUS , but I am facing some issues with sql module configurations. When I uncomment the sql from the configuration file I received the following error.

/etc/freeradius/sql.conf[22]: Instantiation failed for module "sql"
/etc/freeradius/sites-enabled/default[159]: Failed to load module "sql".
/etc/freeradius/sites-enabled/default[62]: Errors parsing authorize section.

Herman said...

Thank you for the great guide!
Works like a charm.

Herman

Anonymous said...

I also get this error:

Database connection error
Error Message: DB Error: extension not found

Please help. Thanks.

Anonymous said...

The solution for
Database connection error
Error Message: DB Error: extension not found

is apt-get install php-mysql

saman supriadi said...

i got errors like this, where is false mister, im running freeradius in freebsd 10.01
root@saman:/usr/home/saman # radtest sqltest testpwd 127.0.0.1 1812 testing123
Sending Access-Request of id 154 to 127.0.0.1 port 1812
User-Name = "sqltest"
User-Password = "testpwd"
NAS-IP-Address = 10.20.30.124
NAS-Port = 1812
Message-Authenticator = 0x00000000000000000000000000000000
Sending Access-Request of id 154 to 127.0.0.1 port 1812
User-Name = "sqltest"
User-Password = "testpwd"
NAS-IP-Address = 10.20.30.124
NAS-Port = 1812
Message-Authenticator = 0x00000000000000000000000000000000
Sending Access-Request of id 154 to 127.0.0.1 port 1812
User-Name = "sqltest"
User-Password = "testpwd"
NAS-IP-Address = 10.20.30.124
NAS-Port = 1812
Message-Authenticator = 0x00000000000000000000000000000000
radclient: no response from server for ID 154 socket 3

Anonymous said...

Andrew, I found your post interesting and very informative. Thanks for taking the time to write the article. Just a small note, did you mean to move the daloradius to the root for www? Is so then the next line is incorrect. It should be /var/www/contrib and not /var/www/daloradius/contrib.

Thanks again for your time!

Joseph Dodosh said...
This comment has been removed by the author.
Counter Strike Condition Zero Full Version said...

Thank you for the great guide!
Works like a charm.

Roshan More said...

Sir,
When i execute a command for radtest it gives me an output access-reject from host.
pls help me out sir..

Anonymous said...

@Roshan More

try kill freeradius job

syntax :
ps -A | grep freeradius

and then kill -9 freeradius-pid

Abdo Ismail said...
This comment has been removed by the author.
Redho Rivai said...

when i finished your tutorial, i get problem :

Database connection error
Error Message: DB Error: connect failed

i dont know for finished this, can you help me ?

Chandra Permana said...

try to check your config
/var/www/daloradius/library/daloradius.conf.php
change the line
$configValues['CONFIG_DB_PASS'] = 'yourpasswd';

Ali Gohar said...

thanks it helped me a lot
its working :)

koi singh said...

i really like this blog, i can found alot of the good info. thanks for sharing

Unknown said...

thank for good post and sharing.......
goldenslot
gclub casino
สูตรบาคาร่า