Posted by: kezhong | November 29, 2010

Implementing AAA through Freeradius with MySQL on Fedora 14

Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service.
In my environment, I installed Fedora 14(X86_64) with MySQL on my machine.

Install freeradius packages
# yum install freeradius* -y
Edit the /etc/raddb/users file, uncomment the following
steve Cleartext-Password := “testing”
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 192.168.26.3,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = “std.ppp”,
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP
Run Freeradius in debug mode
# radiusd -X

Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
On another terminal, run the command radtest as below
# radtest steve testing localhost 1812 testing123

rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=115, length=71

When I found “Access-Accept”, it proved that the installation was successful.
Then commented out the above in the /etc/raddb/users file.

Configure Freeradius for MySQL
# vim /etc/raddb/sql.conf
Change the 38th line,
login = “root”
Change the 39th line,
password = “kezhong”
Uncomment the 100th line,
readclients = yes
# vim /etc/raddb/radiusd.conf
Change the 544th line,
proxy_requests = no
Uncomment the 683th line,
$INCLUDE sql.conf
# vim /etc/raddb/sites-available/default
In section authorize,
Comment out line 152
#files
Uncomment line 159
sql
In section preacct,
Comment out line 354
#files
In section accounting,
Uncomment line 388
sql
# vim /etc/raddb/sites-enabled/inner-tunnel
In section authorize,
Comment out line 124
#files
Uncomment line 131
sql
Edit the  /etc/raddb/clients.conf file, add the following lines,
client 192.168.26.0/24 {
secret = kezhong
shortname = private
}

Set password for MySQL root user
# mysqladmin -u root -p password kezhong
Create database radius
# mysql -u root -pkezhong
mysql>create database radius;
mysql>exit
Create tables for radius database
# mysql -u root -pkezhong radius < /etc/raddb/sql/mysql/schema.sql
# mysql -u root -pkezhong radius < /etc/raddb/sql/mysql/nas.sql
# mysql -u root -pkezhong radius < /etc/raddb/sql/mysql/cui.sql
# mysql -u root -pkezhong radius < /etc/raddb/sql/mysql/ippool.sql
# mysql -u root -pkezhong radius < /etc/raddb/sql/mysql/wimax.sql
# mysql -u root -pkezhong radius < /etc/raddb/sql/mysql/admin.sql
Add a test user
# mysql -u root -pkezhong
mysql> use radius;
mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES (‘kezhong’, ‘Password’, ‘kezhong’);

Test
start radius in debug mode
#radiusd -X
On another terminal,
#radtest kezhong kezhong localhost 1812 testing123
Sending Access-Request of id 239 to 127.0.0.1 port 1812
User-Name = “kezhong”
User-Password = “kezhong”
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=239, length=20

You can see “Access-Accept” from the above, it worked!
Then you can start the radiusd service and set it boot up automatically.

References
http://www.howtoforge.com/authentication-authorization-and-accounting-with-freeradius-and-mysql-backend-and-webbased-management-with-daloradius
https://xuejiajun.com/2009/11/63.html


Responses

  1. thanks for this wonderful tutorial
    this seems to be a quite better approach but could still not work
    this is the output from my terminal

    [root]#radtest steve localhost 1812 testing123
    radclient: Failed to find IP address for portal.uniosun.edu.ng
    radclient: Nothing to send

    thanks in anticipation..

    • Could you check your firewall?

  2. THANKS SO MUCH AT LAST IT WORKED
    I AM SINCERLY GREATFUL

    THUMBZ UP MAN

    CHEERS………………

  3. Thanks for the tutorial, helped me a lot.

  4. great tutorial,, it helped me a lot.. thanks

  5. […] taken from Kezhong’s blog, i did however modify the database commands because they did not work in fedora […]

  6. hallo kherzong !!
    I have to install freeradius with ldap, but i don’t really know how to do. Can you help me.
    THANK YOU

  7. i follow your tutorial about freeradius configuration but i obtain an error :
    [root@kouadio kouadio]# radtest dez motdepasstest localhost 1812 testing123
    radclient:: Failed to find IP address for kouadio
    radclient: Nothing to send.
    [root@kouadio kouadio]#

  8. […] AD authentication on Dell PowerConnect switches using FreeRadius/LDAP on CentOS – Spiceworks Implementing AAA through Freeradius with MySQL on Fedora 14 Best Pablo Reply With Quote « Previous Thread | Next Thread […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: