How To Install FreeRADIUS on Fedora 40
In this tutorial, we will show you how to install FreeRADIUS on Fedora 40. FreeRADIUS is a powerful and widely used open-source RADIUS (Remote Authentication Dial-In User Service) server that provides centralized authentication, authorization, and accounting (AAA) management for network access. With its extensive feature set, flexibility, and scalability, FreeRADIUS has become the go-to solution for many organizations looking to secure their networks.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the FreeRADIUS on Fedora 40.
Prerequisites
Before we dive into the installation process, ensure that you have the following prerequisites in place:
- A server running one of the following operating systems: Fedora 40.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- You will need access to the terminal to execute commands. Fedora provides the Terminal application for this purpose. It can be found in your Applications menu.
- A stable internet connection to download the necessary packages.
- A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Install FreeRADIUS on Fedora 40
Step 1. Update Your System.
To ensure a smooth installation process, make sure your Fedora 40 system is up to date. Open the terminal and run the following command:
sudo dnf clean all sudo dnf update
Step 2. Enable the RPM Fusion.
To begin the installation process, you first need to enable the RPM Fusion repositories on your Fedora 40 system. These repositories provide additional packages required for FreeRADIUS. Open a terminal and run the following commands:
sudo dnf install https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm sudo dnf install https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
Once the repositories are enabled, update your system to ensure you have the latest packages:
sudo dnf update
Step 3. Installing FreeRADIUS on Fedora 40.
Now that your system is up to date, you can proceed with installing the core FreeRADIUS packages and additional modules. Execute the following command:
sudo dnf install freeradius freeradius-utils freeradius-ldap freeradius-mysql freeradius-postgresql
This command will install the main FreeRADIUS server, utilities, and modules for LDAP, MySQL, and PostgreSQL integration.
Step 4. Configuring FreeRADIUS.
After the installation is complete, you need to configure FreeRADIUS to suit your network requirements. The main configuration file is located at /etc/raddb/radiusd.conf. Open this file using your preferred text editor:
sudo nano /etc/raddb/radiusd.conf
Review the settings and make any necessary changes, such as specifying the IP address and port on which FreeRADIUS should listen. Save the file and exit the editor.
Next, configure the default virtual server by editing the /etc/raddb/sites-available/default file. This file defines the authentication and authorization policies for RADIUS clients. Customize the settings according to your network setup and save the changes.
To specify the RADIUS clients (network devices) that are allowed to send authentication requests to your FreeRADIUS server, edit the /etc/raddb/clients.conf file. Add the IP addresses or network ranges of your clients and assign a shared secret for secure communication.
Step 5. Generating SSL Certificates.
To ensure secure communication between FreeRADIUS and network devices, it is recommended to use SSL/TLS encryption. Generate a self-signed SSL certificate by running the following command:
sudo openssl req -x509 -newkey rsa:4096 -keyout /etc/raddb/certs/server.key -out /etc/raddb/certs/server.pem -days 365 -nodes
Provide the requested information, such as country, state, organization, and common name, to generate the certificate.
Next, configure FreeRADIUS to use the generated certificate by editing the /etc/raddb/mods-enabled/eap file. Uncomment and modify the following lines:
private_key_file = ${certdir}/server.key
certificate_file = ${certdir}/server.pem
Step 6. Configuring Authentication Methods.
FreeRADIUS supports various authentication methods, allowing you to integrate it with existing user databases or authentication systems. Let’s explore a few common authentication methods.
- Local User Authentication
To authenticate users against a local file, you can use the user’s file located at /etc/raddb/users. Add user entries in the following format:
username Cleartext-Password := "password"
Replace username and password with the desired credentials. Save the file after adding the user entries.
- LDAP Authentication
If you have an existing LDAP server, you can configure FreeRADIUS to authenticate users against it. First, ensure that the freeradius-ldap module is installed. Then, edit the /etc/raddb/mods-available/ldap file to specify your LDAP server details, such as the server URL, base DN, and bind credentials.
Uncomment and modify the following lines:
server = "ldap://your-ldap-server.com" base_dn = "dc=example,dc=com" bind_dn = "cn=admin,dc=example,dc=com" bind_password = "your-bind-password"
Replace the placeholders with your actual LDAP server information. Save the changes and create a symbolic link to enable the LDAP module:
sudo ln -s /etc/raddb/mods-available/ldap /etc/raddb/mods-enabled/
- Database Authentication (MySQL/PostgreSQL)
FreeRADIUS can also authenticate users against a database, such as MySQL or PostgreSQL. To set up database authentication, follow these steps:
-
- Install the database server (MySQL or PostgreSQL) on your Fedora 40 system.
- Create a RADIUS database and the necessary tables using the provided schema files in the
/etc/raddb/mods-config/sql/main/directory. - Edit the corresponding configuration file (
/etc/raddb/mods-available/sql) to specify the database connection details, such as the server hostname, database name, username, and password. - Enable the SQL module by creating a symbolic link:
sudo ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/
Step 7. Starting the FreeRADIUS Service.
To start the FreeRADIUS service and enable it to start automatically on system boot, run the following commands:
sudo systemctl start radiusd sudo systemctl enable radiusd
Verify that the service is running successfully by checking its status:
sudo systemctl status radiusd
Step 8. Testing Authentication.
To test the FreeRADIUS server’s authentication functionality, you can use the radtest utility. Run the following command, replacing username and password with valid credentials:
radtest username password localhost 0 testing123
If the authentication is successful, you should see an “Access-Accept” message in the output.
Congratulations! You have successfully installed FreeRADIUS. Thanks for using this tutorial for installing the FreeRADIUS on your Fedora 40 system. For additional or useful information, we recommend you check the official FreeRADIUS website.
