Freeradius and MySQL
Software Requirements:
Any Linux distro, kernel 2.4xx-later(tested in CentOS,Fedora Core,RH)
MySQL Server 4.xx-5.xx
GCC compiler
vi editor
1. Get the latest freeradius source code tarball from www.freeradius.org or get the rpm package using “yum”
2. Unpack the tarball and install it.
#tar zxvf freeradius-xxx.tar.gz
#cd freeradius
#./configure
#make
#make install
3. Start with a simple config using the standard text files, this will test if the Freeradius installed is working or not
a. Edit /etc/raddb/clients.conf to enter the details of the NAS unit.You can enter “localhost” for testing purposes
b. Edit /etc/raddb/users and create a sample user account
Sample:
“test” Auth-Type := Local, User-Password == “hello”
Reply-Message = “Hello, %u”
c. Edit /etc/raddb/radiusd.conf and change as needed
Run the radiusd service with the debug turned on to see what happens:
#radiusd –X
You can use radtest to test an account from the command line:
#radtest username password servername port secret
ex:
#radtest darwin mypass radius.owtel.com 1645 mysecret
And you should see something like this:
Sending Access-Request of id 226 to 127.0.0.1:1645
User-Name = darwin’
User-Password = ‘\304\2323\326B\017\376\322?K\332\350Z;}’
NAS-IP-Address = radius.owtel.com
NAS-Port = 1645
If you get an “Access Accept” response, that means Freeradius is running ok.
Setting up the Freeradius database in MySQL
1. First, if you will run the db on your localhost, MySQL server should be installed on your machine
#mysql –u root –p
mysql>CREATE DATABASE radius;
mysql>GRANT ALL PRIVILEGES ON radius.* to ‘root’@localhost’ IDENTIFIED BY ‘myrootpassword’;
mysql>FLUSH PRIVILEGES;
2. Create a schema for the database, use the SQL script file, it can be found in /src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql where you untar’d the FreeRadius
#mysql –u root –p rootpass radius < db_mysql.sql
where root and rootpass are your mysql root name and password respectively
Configuring FreeRadius to use MySQL
1.Edit /etc/raddb/sql.conf and enter the server, name and password details to connect your Mysql Server and Radius database:
# Connect info
server = “localhost”
login = “root”
password = “rootpass”
radius_db = “radius”
Query config for username, I used this:
sql_user_name = “%{User-Name}”
You will see several tables created. You just need to use one of those: radcheck. This table has the following structure:
2. Edit /etc/raddb/radiusd.conf and add a line saying “sql” to the authorize {}section and add a line saying “sql” to the accounting{} section too between ‘unix’ and ‘radutmp’
radiusd.conf will look something like this:
authorise {
preprocess
chap
mschap
#counter
#attr_filter
#eap
suffix
sql
#files
#etc_smbpasswd
}
authenticate {
authtype PAP {
pap
}
authtype CHAP {
chap
}
authtype MS-CHAP{
mschap
}
#pam
#unix
#authtype LDAP {
# ldap
#}
}
preacct {
preprocess
suffix
#files
}
accounting {
acct_unique
detail
#counter
unix
sql
radutmp
#sradutmp
}
session {
radutmp
}
The simplest way to populate users database is by inserting data on the radcheck table:
mysql> > INSERT INTO radcheck (UserName, Attribute, Value) VALUES (‘darwin’, ‘Password’, ‘mypassword’);
Note that the ‘Password’ Radius attribute does not exist. The correct one is ‘Cleartext-Password’.