Linux MintUbuntu Based

How To Install FreeRADIUS on Linux Mint 22

r00t
11 minutes read

Install FreeRADIUS on Linux Mint 22

FreeRADIUS stands as the world’s most popular and widely deployed open-source RADIUS server, providing robust authentication, authorization, and accounting (AAA) services for network infrastructure. Network administrators and system engineers rely on this powerful solution to secure wireless networks, VPN connections, and network access control systems. Linux Mint 22, with its stable Ubuntu-based foundation and user-friendly interface, offers an excellent platform for deploying FreeRADIUS in both development and production environments.

This comprehensive guide demonstrates the complete installation and configuration process for FreeRADIUS on Linux Mint 22. Readers will learn multiple installation methods, essential configuration procedures, security hardening techniques, and troubleshooting strategies. Whether managing a small office network or implementing enterprise-grade authentication systems, this tutorial provides the knowledge needed to deploy FreeRADIUS successfully.

The RADIUS protocol (Remote Authentication Dial-In User Service) enables centralized management of network access credentials, eliminating the need to configure individual authentication settings on each network device. Fortune 500 companies, telecommunications providers, and educational institutions worldwide trust FreeRADIUS to handle millions of authentication requests daily.

Table of Contents

Understanding FreeRADIUS

What is RADIUS Protocol?

The RADIUS protocol operates as a networking standard that centralizes authentication, authorization, and accounting management for network access. When users attempt to connect to wireless networks, VPN services, or network switches, RADIUS servers validate their credentials and determine appropriate access permissions. This centralized approach simplifies user management across complex network infrastructures.

FreeRADIUS implements the complete RADIUS specification while adding advanced features like database integration, LDAP authentication, and SSL/TLS encryption. The server handles authentication requests from Network Access Servers (NAS) such as wireless access points, routers, and VPN concentrators. Each authentication attempt generates detailed logs for security auditing and compliance reporting.

Core FreeRADIUS Features

Modern FreeRADIUS installations support multiple authentication protocols including PAP (Password Authentication Protocol), CHAP (Challenge-Handshake Authentication Protocol), and EAP (Extensible Authentication Protocol). The modular architecture allows administrators to enable specific authentication methods based on security requirements and client capabilities.

Database backend support includes MySQL, PostgreSQL, Oracle, and SQLite integration for scalable user management. LDAP and Active Directory connectivity enables seamless integration with existing directory services. Certificate-based authentication through EAP-TLS provides enterprise-grade security for wireless networks and VPN access.

The accounting functionality tracks user session details, bandwidth consumption, and connection duration for billing systems and network monitoring. Virtual server capabilities allow multiple RADIUS configurations on single installations, supporting complex multi-tenant environments.

Prerequisites and System Requirements

Linux Mint 22 System Requirements

Linux Mint 22 installations require minimum hardware specifications including 2GB RAM, 20GB available storage space, and x64-compatible processor architecture. Production FreeRADIUS deployments benefit from additional memory allocation and faster storage subsystems to handle concurrent authentication requests effectively.

Network connectivity requirements include stable internet access for package downloads and repository updates. Administrative privileges through sudo access or root account credentials are essential for system configuration and service management tasks.

Required Packages and Dependencies

The base FreeRADIUS installation depends on several system libraries and development tools. Package dependencies include libssl-dev for encryption support, build-essential for compilation processes, and database client libraries when implementing backend storage solutions.

Additional utility packages enhance FreeRADIUS functionality and management capabilities. The freeradius-utils package provides essential testing and debugging tools, while database-specific modules enable integration with MySQL, PostgreSQL, and other database systems.

Network planning considerations include IP address allocation for RADIUS server interfaces and firewall rule configuration for UDP ports 1812 (authentication) and 1813 (accounting). DNS resolution setup ensures proper hostname resolution for distributed authentication scenarios.

Pre-Installation Preparation

System Update Procedures

Beginning with comprehensive system updates ensures access to the latest security patches and package versions. Linux Mint 22 utilizes the APT package management system inherited from its Ubuntu foundation, providing reliable software installation and dependency resolution.

Execute the following commands to update the system package index and upgrade installed packages:

sudo apt update
sudo apt upgrade -y
sudo apt autoremove -y

The update process downloads current package information from configured repositories, while the upgrade command installs available security patches and software updates. The autoremove command eliminates orphaned packages and dependency files to maintain system cleanliness.

Security Considerations and Backup

Creating system backups before major software installations protects against configuration errors and system instability. Critical files requiring backup include network configuration files, existing authentication systems, and custom application settings.

Document current network configurations, including IP addresses, firewall rules, and service configurations. This documentation proves invaluable during troubleshooting scenarios and system recovery procedures. Consider creating virtual machine snapshots for easy rollback capabilities in test environments.

Installation Methods Overview

APT Package Manager Installation

The APT package manager provides the most straightforward installation method for FreeRADIUS on Linux Mint 22. This approach ensures proper dependency resolution, automatic security updates, and integration with system service management. Package repositories maintain tested versions compatible with Linux Mint’s underlying Ubuntu base.

Alternative Installation Options

Snap package installation offers containerized FreeRADIUS deployment with isolated dependencies and automatic updates. This method provides newer software versions but requires additional configuration for proper system integration and service management.

Source code compilation enables access to cutting-edge features and custom module development but demands significant technical expertise and ongoing maintenance responsibilities. Most production environments benefit from package-based installations for stability and supportability.

Installing FreeRADIUS via APT Package Manager

Core Installation Process

The standard FreeRADIUS installation utilizes Linux Mint’s native APT package manager for reliable and maintainable deployment. Execute the following command to install the core FreeRADIUS server and essential utilities:

sudo apt install freeradius freeradius-utils -y

This installation includes the main RADIUS daemon, configuration files, and testing utilities such as radtest for authentication verification. The package installation process automatically creates necessary system users, directory structures, and service configurations.

Installing Additional Modules

Database integration modules extend FreeRADIUS functionality for scalable user management and accounting storage. Install database-specific modules based on infrastructure requirements:

sudo apt install freeradius-mysql freeradius-postgresql freeradius-ldap -y

These modules enable MySQL database connectivity, PostgreSQL integration, and LDAP directory service authentication. Additional modules support Oracle databases, SQLite storage, and various authentication protocols for comprehensive network access control.

Verification of Installation

Confirm successful FreeRADIUS installation by checking package status and verifying installed files:

dpkg -l | grep freeradius
ls -la /etc/freeradius/

The first command displays installed FreeRADIUS packages and version information. The second command shows the main configuration directory structure created during installation. Proper installation creates multiple configuration files and subdirectories for modular management.

Alternative Installation via Snap

Snap Package Installation Method

Snap packages provide containerized application deployment with automatic dependency management and security isolation. Install FreeRADIUS using the snap package manager with the following command:

sudo snap install freeradius-server --edge

The edge channel provides access to newer FreeRADIUS versions but may include unstable features. Production environments should evaluate stability requirements before selecting snap installation methods over traditional package management.

Snap-Specific Considerations

Snap applications operate within confined environments that may restrict access to system resources and configuration files. These security restrictions require additional configuration steps for proper network service operation and file system access.

Service management for snap-installed applications differs from traditional systemd services. Use snap-specific commands for service control and status monitoring rather than standard systemctl commands.

Initial Configuration Setup

Understanding Configuration Directory Structure

FreeRADIUS configuration files reside in the /etc/freeradius/ directory with organized subdirectories for different configuration aspects. The main configuration file radiusd.conf contains server-wide settings, while modular configuration files enable specific functionality.

Key configuration directories include:

  • /etc/freeradius/mods-available/ – Available modules
  • /etc/freeradius/mods-enabled/ – Enabled modules (symbolic links)
  • /etc/freeradius/sites-available/ – Virtual server configurations
  • /etc/freeradius/sites-enabled/ – Active virtual servers
  • /etc/freeradius/certs/ – SSL/TLS certificates and keys

Creating Configuration Backups

Before modifying default configurations, create backup copies of original files to enable quick recovery from configuration errors:

sudo cp /etc/freeradius/radiusd.conf /etc/freeradius/radiusd.conf.backup
sudo cp /etc/freeradius/clients.conf /etc/freeradius/clients.conf.backup
sudo cp /etc/freeradius/users /etc/freeradius/users.backup

These backup files preserve default configurations for reference and emergency restoration. Document configuration changes with timestamps and modification descriptions for maintenance tracking.

Basic Server Configuration

The main configuration file radiusd.conf requires minimal modifications for basic operation. Most installations work successfully with default settings, but production deployments benefit from security hardening and performance optimization.

Navigate to the configuration directory and examine the main configuration file:

cd /etc/freeradius/
sudo nano radiusd.conf

Key configuration parameters include listening interfaces, port numbers, security settings, and module loading directives. Avoid unnecessary changes to prevent configuration errors and service failures.

Service Management and Startup Configuration

Enabling FreeRADIUS Service

Configure FreeRADIUS for automatic startup during system boot sequences using systemd service management:

sudo systemctl enable freeradius

This command creates symbolic links in systemd target directories to ensure FreeRADIUS starts automatically after system restarts. Enabled services maintain consistent operation across server reboots and maintenance cycles.

Starting and Managing the Service

Start the FreeRADIUS service and verify successful operation:

sudo systemctl start freeradius
sudo systemctl status freeradius

The status command displays current service state, recent log entries, and process information. Successful startup shows “active (running)” status with no error messages or warnings.

Additional service management commands include:

sudo systemctl stop freeradius
sudo systemctl restart freeradius
sudo systemctl reload freeradius

The reload command applies configuration changes without interrupting active connections, while restart completely stops and starts the service.

Client Configuration

Understanding the clients.conf File

Network Access Servers (NAS) require proper configuration in the clients.conf file to authenticate with the RADIUS server. Each client entry specifies IP addresses, shared secrets, and security parameters for secure communication.

Edit the clients configuration file:

sudo nano /etc/freeradius/clients.conf

Adding RADIUS Clients

Configure network devices such as wireless access points, switches, and VPN concentrators as RADIUS clients. Each client requires a unique entry with specific parameters:

client wireless-ap-01 {
    ipaddr = 192.168.1.10
    secret = StrongSharedSecret123!
    require_message_authenticator = yes
    nas_type = other
}

The shared secret must match the RADIUS server configuration on network devices. Use strong, unique secrets for each client to prevent unauthorized access and maintain security integrity.

Security Considerations for Clients

Implement network segmentation to restrict RADIUS communication to authorized devices only. Firewall rules should limit UDP port 1812 and 1813 access to legitimate Network Access Servers within trusted network segments.

Regular secret rotation enhances security posture by limiting exposure windows for compromised credentials. Document client configurations and secret change procedures for consistent maintenance practices.

User Authentication Setup

Configuring Local User Authentication

The users file provides simple text-based user account management for small deployments and testing scenarios. Local authentication serves as an excellent starting point before implementing database or directory service integration.

Edit the users configuration file:

sudo nano /etc/freeradius/users

Creating User Accounts

Add user accounts with authentication credentials and access attributes:

testuser    Cleartext-Password := "SecurePassword123"
            Service-Type = Framed-User,
            Framed-Protocol = PPP

This configuration creates a user account “testuser” with cleartext password authentication and basic access attributes. Production environments should implement encrypted password storage and comprehensive attribute policies.

Password Security and Hashing

Enhanced security implementations utilize password hashing instead of cleartext storage:

testuser    MD5-Password := "5d41402abc4b2a76b9719d911017c592"
            Service-Type = Framed-User

MD5 hashing provides basic password protection, while modern implementations should consider stronger hashing algorithms like SHA-256 or bcrypt for improved security standards.

Security Hardening

SSL/TLS Certificate Configuration

Implement encryption for RADIUS communication using SSL/TLS certificates. FreeRADIUS includes certificate generation scripts for development environments:

cd /etc/freeradius/certs/
sudo make

This process creates self-signed certificates suitable for testing and development scenarios. Production deployments require certificates from trusted Certificate Authorities for proper client validation and security compliance.

File Permission Security

Secure configuration files with appropriate permissions to prevent unauthorized access:

sudo chmod 640 /etc/freeradius/clients.conf
sudo chmod 640 /etc/freeradius/users
sudo chown freerad:freerad /etc/freeradius/clients.conf

Restrict access to sensitive configuration files containing shared secrets and user credentials. Regular permission audits ensure consistent security standards across all configuration files.

Firewall Configuration

Configure firewall rules to restrict RADIUS traffic to authorized sources:

sudo ufw allow from 192.168.1.0/24 to any port 1812 proto udp
sudo ufw allow from 192.168.1.0/24 to any port 1813 proto udp

These rules limit RADIUS authentication and accounting traffic to the local network segment. Adjust IP ranges based on actual network topology and security requirements.

Testing and Verification

Using radtest for Authentication Testing

The radtest utility provides comprehensive authentication testing capabilities for FreeRADIUS validation:

radtest testuser SecurePassword123 localhost 1812 testing123

This command sends an authentication request to the local RADIUS server using the configured test user credentials. Successful authentication returns “Access-Accept” responses with configured user attributes.

Debug Mode Troubleshooting

Debug mode operation provides detailed insight into RADIUS server operations and authentication flows:

sudo systemctl stop freeradius
sudo freeradius -X

Debug output displays configuration parsing, module loading, and authentication processing details. This information proves invaluable for troubleshooting configuration errors and authentication failures.

Log File Analysis

FreeRADIUS generates comprehensive logs for monitoring and troubleshooting purposes:

sudo tail -f /var/log/freeradius/radius.log
sudo tail -f /var/log/syslog | grep freeradius

Log analysis reveals authentication patterns, error conditions, and performance metrics. Regular log monitoring enables proactive issue identification and resolution.

Troubleshooting Common Issues

Installation Error Resolution

Common installation problems include package dependency conflicts, repository access issues, and insufficient system resources. Verify package repository availability and system update status before troubleshooting installation failures.

Package dependency errors often resolve through manual dependency installation or repository updates:

sudo apt --fix-broken install
sudo apt update && sudo apt upgrade

Configuration File Syntax Errors

FreeRADIUS configuration parsing errors prevent service startup and require careful syntax verification. The debug mode operation identifies specific configuration file errors and line numbers for targeted correction.

Common syntax errors include missing quotes, incorrect indentation, and invalid attribute names. Configuration file validation prevents service failures and reduces troubleshooting time.

Authentication and Connection Problems

Authentication failures require systematic troubleshooting beginning with basic connectivity testing and progressing through credential verification and client configuration validation.

Network connectivity issues between RADIUS clients and servers manifest as timeout errors and connection failures. Verify firewall rules, network routing, and service binding configurations for proper operation.

Advanced Configuration Options

Database Backend Integration

Database integration enables scalable user management and detailed accounting storage for enterprise deployments. MySQL integration requires database preparation and module configuration:

sudo apt install mysql-server
sudo mysql_secure_installation

Create a dedicated database and user account for FreeRADIUS operations with appropriate privileges for user authentication and accounting data storage.

LDAP Authentication Setup

LDAP integration connects FreeRADIUS with existing directory services like Active Directory or OpenLDAP:

sudo nano /etc/freeradius/mods-available/ldap

Configure LDAP server connections, search bases, and attribute mappings for seamless directory service integration. This approach centralizes user management across multiple systems and applications.

Virtual Server Configuration

Virtual servers enable multiple RADIUS configurations on single installations, supporting complex multi-tenant environments and specialized authentication requirements.

Create custom virtual server configurations in /etc/freeradius/sites-available/ and enable them through symbolic links in /etc/freeradius/sites-enabled/.

Maintenance and Monitoring

Regular Maintenance Procedures

Establish routine maintenance schedules including log rotation, database optimization, and configuration backup procedures. Regular system updates ensure security patch application and bug fix installation.

Monitor system resources including memory usage, disk space, and network connectivity for optimal FreeRADIUS performance. Resource exhaustion can impact authentication response times and service availability.

Performance Monitoring and Optimization

Implement monitoring solutions to track authentication request volumes, response times, and error rates. Performance metrics enable capacity planning and optimization opportunities identification.

Database query optimization and index maintenance improve authentication response times for database-backed deployments. Regular performance analysis ensures consistent user experience and system reliability.

Security Update Management

Subscribe to FreeRADIUS security notifications and apply patches promptly to maintain security posture. Security vulnerabilities in authentication systems pose significant risks to network infrastructure and user data.

Coordinate update schedules with network maintenance windows to minimize service disruption while maintaining security currency.

Best Practices and Recommendations

Configuration Management Standards

Implement version control for configuration files to track changes and enable rollback capabilities. Document all configuration modifications with timestamps, author information, and change justifications for audit compliance.

Use configuration templates and standardized procedures for consistent deployments across multiple systems. Standardization reduces errors and simplifies maintenance procedures.

Security Hardening Guidelines

Follow security best practices including strong password policies, regular secret rotation, and comprehensive access logging. Implement network segmentation to isolate RADIUS traffic from general network communications.

Regular security assessments identify potential vulnerabilities and compliance gaps. Professional security audits provide expert evaluation of authentication infrastructure security posture.

Production Deployment Considerations

Production FreeRADIUS deployments require high availability planning, disaster recovery procedures, and performance optimization. Consider load balancing and failover configurations for critical authentication services.

Establish monitoring and alerting systems for proactive issue identification and rapid response capabilities. Service level agreements define expected performance standards and availability targets.

Congratulations! You have successfully installed FreeRADIUS. Thanks for using this tutorial for installing FreeRADIUS on your Linux Mint 22 system. For additional or useful information, we recommend you check the official FreeRADIUS website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
11 minutes read
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2025 idroot.us | All Rights Reserved | Follow us for more Linux tutorials!
Back to top button