Install FreeRADIUS and Daloradius on Debian 10/11

This guide will discuss how to install FreeRADIUS and Daloradius on Debian 10/11 Linux. RADIUS is a network protocol used for remote user authentication, authorization and accounting. FreeRADIUS is an open source RADIUS server commonly used on Linux, Unix and embedded systems.

daloRADIUS is a web-based RADIUS management tool written in PHP. It was created to ease the management and administration of RADIUS server and hotspots devices (NAS). It comes with a powerful graphical reporting and accounting, billing and advanced user management features.

Our next steps will help you to install and configure both freeRADIUS and daloRADIUS on Debian 10/11 Linux.

Step 1: Update your Server

Update your package index by running the command:

sudo apt -y update

Step 2: Install and Configure Database Server

We’ll be using MariaDB but any other supported database server can be used. Install MariaDB on Debian 10/11 by using our guide:

• How to install MariaDB on Debian

Once installed, create a database and user for FreeRADIUS/daloRADIUS.

$ mysql -u root -p
CREATE DATABASE radius;
GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "StrongradIusPass";
FLUSH PRIVILEGES;
\q

Confirm that radius database user can access database granted.

$ mysql -u radius -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 48
Server version: 10.3.17-MariaDB-0+deb10u1 Debian 10

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| radius             |
+--------------------+
2 rows in set (0.001 sec)

MariaDB [(none)]> QUIT
Bye

Step 3: Install Apache Web Server and PHP

We’ll use Apache httpd server to host daloRADIUS on Debian 10/11 Linux system. Install both httpd and PHP packages with the following command.

sudo apt -y install apache2
sudo apt -y install php libapache2-mod-php php-{gd,common,mail,mail-mime,mysql,pear,mbstring,xml,curl}

Check the version of PHP installed to confirm the installation was successful.

$ php -v
PHP 7.3.29-1~deb10u1 (cli) (built: Jul  2 2021 04:04:33) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.29, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.3.29-1~deb10u1, Copyright (c) 1999-2018, by Zend Technologies

Let’s validate the start by checking status of the two services.

systemctl status apache2

Allow http and https ports on the firewall is ufw is enabled.

sudo ufw allow http
sudo ufw allow https

Step 4: Installing FreeRADIUS on Debian 10/11

FreeRADIUS packages are available on default Debian repositories. There is no special pre-requisite for this installation.

To install, just run the command.

sudo apt -y install freeradius freeradius-mysql freeradius-utils

Start the service after installation.

sudo systemctl enable --now freeradius.service 

Now you can check the status:

$ systemctl status freeradius
● freeradius.service - FreeRADIUS multi-protocol policy server
    Loaded: loaded (/lib/systemd/system/freeradius.service; enabled; vendor preset: enabled)
    Active: active (running) since Thu 2019-10-10 21:10:22 UTC; 26min ago
      Docs: man:radiusd(8)
            man:radiusd.conf(5)
            http://wiki.freeradius.org/
            http://networkradius.com/doc/
  Main PID: 15918 (freeradius)
     Tasks: 6 (limit: 4719)
    Memory: 10.6M
    CGroup: /system.slice/freeradius.service
            └─15918 /usr/sbin/freeradius
.......

Step 5: Configure FreeRADIUS on Debian 10/11

To Configure FreeRADIUS to use MariaDB, follow steps below.

1 – Import the Radius database scheme to populate radius database

sudo su -
mysql -u root -p radius < /etc/freeradius/*/mods-config/sql/main/mysql/schema.sql

2 – Configure Radius

First you have to create a soft link for SQL module.

sudo ln -s /etc/freeradius/*/mods-available/sql /etc/freeradius/*/mods-enabled/

Configure SQL module by changing the database connection parameters to suite your environment:

sudo vim /etc/freeradius/*/mods-enabled/sql

• sql section should look similar to below.

sql {
driver = "rlm_sql_mysql"
dialect = "mysql"

# Connection info:

server = "localhost"
port = 3306
login = "radius"
password = "StrongradIusPass"

# Database table configuration for everything except Oracle

radius_db = "radius"
}

# Set to ‘yes’ to read radius clients from the database (‘nas’ table)
# Clients will ONLY be read on server startup.
read_clients = yes

# Table to keep radius client info
client_table = "nas"

Then change group right of /etc/freeradius/*/mods-enabled/sql

sudo chgrp -h freerad /etc/freeradius/*/mods-available/sql
sudo chown -R freerad:freerad /etc/freeradius/*/mods-enabled/sql

Restart radiusd service

sudo systemctl restart freeradius

Step 6: Install and Configure Daloradius

You can use Daloradius to manage radius server from a web interface. This is an optional configuration which you can select depending on your use case.

Download daloradius release archive from Github.

sudo apt -y install wget unzip
wget https://github.com/lirantal/daloradius/archive/master.zip
unzip master.zip
mv daloradius-master/ daloradius

Change directory for configuration

cd daloradius

Import Daloradius mysql tables

mysql -u root -p radius < contrib/db/fr2-mysql-daloradius-and-freeradius.sql 
mysql -u root -p radius < contrib/db/mysql-daloradius.sql

Move daloradius folder to path in /var/www/html

cd ..
sudo mv daloradius /var/www/html/

Then change permissions for http folder and set the right permissions for daloradius configuration file.

sudo mv /var/www/html/daloradius/library/daloradius.conf.php.sample /var/www/html/daloradius/library/daloradius.conf.php
sudo chown -R www-data:www-data /var/www/html/daloradius/
sudo chmod 664 /var/www/html/daloradius/library/daloradius.conf.php

You should now modify daloradius.conf.php file to adjust the MySQL database information .

sudo vim /var/www/html/daloradius/library/daloradius.conf.php

Set database name, user and password for connection.

$configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_PORT'] = '3306';
$configValues['CONFIG_DB_USER'] = 'radius';
$configValues['CONFIG_DB_PASS'] = 'StrongradIusPass';
$configValues['CONFIG_DB_NAME'] = 'radius';

To be sure everything works, restart radiusd and httpd services.

sudo systemctl restart freeradius.service apache2

Step 7: Access daloRADIUS Web Interface

Install DB and MDB2 modules:

sudo pear install DB
sudo pear install MDB2

daloRADIUS management web interface is accessible on URL below:

http://server_ip_or_hostname/daloradius

daloRADIUS Web interface:

The default login details are:

Username: administrator
Password: radius

This is how daloRADIUS interface looks like.

Enjoy using . For installation on CentOS 7/8 & Ubuntu, check:

• Install FreeRADIUS & daloRADIUS on CentOS 7
• Install FreeRADIUS and daloRADIUS on CentOS 8 / RHEL 8
• Install FreeRADIUS & daloRADIUS on Ubuntu