DebianDebian Based

How To Install FreeRADIUS on Debian 12

r00t

Install FreeRADIUS on Debian 12

FreeRADIUS is one of the most widely used RADIUS servers in the world, providing a robust solution for network authentication, authorization, and accounting. As organizations increasingly rely on secure access to their networks, understanding how to install and configure FreeRADIUS on Debian 12 becomes essential. This guide will walk you through the entire process, ensuring you have a fully operational RADIUS server tailored to your needs.

Prerequisites

Before diving into the installation process, it’s crucial to ensure that your system meets the necessary requirements. This section outlines both system and software prerequisites.

System Requirements

  • Minimum Hardware Specifications:
    • 1 GHz processor or higher
    • 1 GB RAM (2 GB recommended for larger deployments)
    • 10 GB of free disk space
  • Recommended Debian Installation:
    • A minimal installation is preferred to reduce unnecessary services and dependencies.
    • Ensure that your Debian 12 system is up-to-date.

Software Requirements

To install FreeRADIUS, you must have root or sudo access to your Debian system. Begin by updating your package list and upgrading existing packages:

sudo apt update && sudo apt upgrade -y

This command ensures that your system has the latest updates and security patches before proceeding with the installation.

Installing FreeRADIUS

The installation of FreeRADIUS on Debian 12 is straightforward, thanks to the APT package manager. Follow these steps to get started.

Using APT Package Manager

To install FreeRADIUS, execute the following command in your terminal:

sudo apt install freeradius -y

This command downloads and installs the FreeRADIUS server along with its dependencies. The -y option automatically confirms any prompts during installation.

Verifying Installation

Once the installation is complete, it’s essential to verify that FreeRADIUS has been installed correctly. You can check the installed version by running:

freeradius -v

If the command returns a version number, FreeRADIUS is successfully installed. In case of issues, review any error messages displayed during installation for troubleshooting guidance.

Configuring FreeRADIUS

The next step involves configuring FreeRADIUS to meet your specific needs. This section covers essential configuration files and basic settings.

Configuration Files Location

The main configuration files for FreeRADIUS are located in the directory /etc/freeradius/. Familiarizing yourself with these files is crucial for effective configuration.

Editing Configuration Files

The two most important configuration files you will modify are:

  • clients.conf: This file defines which clients (devices) are allowed to connect to the RADIUS server.
  • users: This file is used for configuring user authentication settings.

You can use a text editor like Nano or Vim to edit these files. For example, to edit clients.conf, run:

sudo nano /etc/freeradius/clients.conf

Add a client entry similar to the following example:

# Client definition
client my_client {
    ipaddr = 192.168.1.100
    secret = testing123
    shortname = my_client
}

This entry allows a client with the IP address 192.168.1.100 to connect using the shared secret testing123.

Configuring User Authentication

Edit the users file to define user credentials:

sudo nano /etc/freeradius/users

Add a user entry like this:

# User definition
username Cleartext-Password := "password"

This entry creates a user named username, authenticating them with the password password.

Starting and Testing FreeRADIUS

After configuring FreeRADIUS, you need to start the service and verify that it’s running correctly.

Starting the FreeRADIUS Service

You can start FreeRADIUS using systemd with this command:

sudo systemctl start freeradius

Checking Service Status

To confirm that FreeRADIUS is running without issues, check its status with:

sudo systemctl status freeradius

If everything is functioning correctly, you should see an output indicating that the service is active (running). If there are any errors, they will be displayed here for troubleshooting.

Testing Authentication

The best way to test if your setup works is by using the radtest command. Run this command from your terminal:

sudo radtest username password localhost 0 testing123

This command tests authentication against your local RADIUS server. Replace username, password, and testing123 with your configured values. A successful response will indicate that authentication is working properly.

Troubleshooting Common Issues

  • Error: “Access-Reject”: This indicates that authentication has failed. Verify that your username and password in the users file match what you’re using in radtest.
  • Error: “Client not found”: Ensure that your client IP address in clients.conf matches where you’re testing from and that you’ve restarted FreeRADIUS after making changes.
  • Error: “Service not starting”: Check logs located in /var/log/freeradius/radius.log for detailed error messages that can guide you in resolving issues.

Advanced Configuration Options

If you’re looking to extend your RADIUS server’s capabilities, consider these advanced configurations.

Integrating with a Database

You can enhance user management by integrating FreeRADIUS with a database like MySQL or PostgreSQL. This allows for dynamic user management rather than static entries in configuration files. To set this up:

  • Create a Database:
    Create a database and user specifically for FreeRADIUS.
  • Edit Configuration Files:
    Modify `sql.conf` located in `/etc/freeradius/mods-enabled/` to configure database connection settings.
  • Migrate Users:
    Import existing users into your database using SQL scripts provided by FreeRADIUS.

Configuring daloRADIUS (Optional)

daloRADIUS is a web-based management tool that provides an interface for managing users and monitoring RADIUS activity. To set it up:

  • Install daloRADIUS:
    Download and set up daloRADIUS from its official repository.
  • Edit Configuration Files:
    Configure daloRADIUS settings according to your server specifications.

Add Additional Security Measures

Your RADIUS server should implement security best practices such as enabling TLS/SSL for secure communications between clients and servers. This can be configured in `eap.conf` within `/etc/freeradius/mods-enabled/`. Ensure you have valid certificates installed for proper encryption.

Congratulations! You have successfully installed FreeRADIUS. Thanks for using this tutorial for installing the FreeRADIUS on the Debian 12 “Bookworm” system. For additional help or useful information, we recommend you check the FreeRADIUS website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2024 idroot.us | All Rights Reserved.
Back to top button