UbuntuUbuntu Based

How To Install FreeRADIUS on Ubuntu 22.04 LTS

r00t

How To Install FreeRADIUS on Ubuntu 22.04 LTS

FreeRADIUS is a powerful, open-source RADIUS server that plays a crucial role in network authentication, authorization, and accounting. It is widely used in various environments, from corporate networks to educational institutions, providing a robust solution for managing user access to network resources. This guide will walk you through the process of installing and configuring FreeRADIUS on Ubuntu 22.04, ensuring you have a solid understanding of its features and capabilities.

Understanding FreeRADIUS

RADIUS, which stands for Remote Authentication Dial-In User Service, is a networking protocol that enables centralized authentication for users who connect and use a network service. FreeRADIUS is the most widely deployed RADIUS server globally, known for its flexibility, scalability, and extensive support for various authentication methods.

  • Open-source nature: Being open-source allows users to modify and adapt the software to meet their specific needs.
  • High performance: FreeRADIUS can handle thousands of requests per second, making it suitable for large-scale deployments.
  • Support for multiple authentication methods: It supports various protocols such as EAP (Extensible Authentication Protocol), PAP (Password Authentication Protocol), and more.

Common use cases for FreeRADIUS include providing Wi-Fi access control in educational institutions, managing VPN access in corporate environments, and integrating with other services like LDAP or Active Directory for user management.

Prerequisites for Installation

Before diving into the installation process, ensure that your system meets the following prerequisites:

  • System requirements:
    • Recommended OS: Ubuntu 22.04 LTS
    • Minimum hardware specifications: 1 GB RAM and 1 CPU core (more recommended for production environments).
  • Necessary knowledge: Basic proficiency with the Linux command line is essential.
  • Required software packages: Ensure you have SSH access to your server and an active internet connection.

Preparing the Ubuntu Environment

The first step in preparing your Ubuntu environment is to ensure that your system is up-to-date. This will help avoid any compatibility issues during installation. Open your terminal and run the following commands:

sudo apt update && sudo apt upgrade -y

This command updates the package lists and upgrades all installed packages to their latest versions. Next, install some essential dependencies required for building FreeRADIUS:

sudo apt install build-essential libssl-dev libpam0g-dev libtool autoconf

These packages include development tools and libraries necessary for compiling FreeRADIUS from source if you choose that route later on. It’s advisable to use a fresh installation of Ubuntu 22.04 to minimize potential conflicts with existing software.

Installing FreeRADIUS

A. Installation via Package Manager

The easiest way to install FreeRADIUS on Ubuntu 22.04 is through the package manager. This method ensures that you get a stable version without needing to compile from source. To install FreeRADIUS using APT, execute the following command:

sudo apt install freeradius

This command will download and install FreeRADIUS along with its dependencies. Once the installation is complete, start the FreeRADIUS service using:

sudo systemctl start freeradius

You can also enable it to start automatically on boot with this command:

sudo systemctl enable freeradius

B. Building from Source

While installing via the package manager is straightforward, building from source allows for customization and optimization based on specific needs. To build FreeRADIUS from source, follow these steps:

    • Download the latest release:
wget https://github.com/FreeRADIUS/freeradius-server/releases/download/release_3_2_6/freeradius-server-3.2.6.tar.gz
    • Extract the downloaded file:
tar -xvf freeradius-server-3.2.6.tar.g
    • Navigating into the directory:
cd freeradius-server-3.2.6
    • Configuring the build environment:
./configure
    • Compiling the source code:
make && sudo make install

This process installs FreeRADIUS on your system from scratch, allowing you to customize options during configuration.

Configuring FreeRADIUS

A. Basic Configuration

The configuration files for FreeRADIUS are located in the `/etc/freeradius/` directory. The main configuration file is `radiusd.conf`, where you can set up various parameters including listening addresses and ports.

Edit `radiusd.conf` using your preferred text editor (e.g., nano or vim):

sudo nano /etc/freeradius/radiusd.conf

You may want to configure it to listen on specific IP addresses or ports by modifying the `listen` section as follows:

listen {
  ipaddr = 127.0.0.1
  port = 1812
}

This configuration sets up FreeRADIUS to listen only on localhost at port 1812 (the default RADIUS port). Adjust these settings according to your network requirements.

B. Client Configuration

You need to define clients that are allowed to communicate with your RADIUS server in `clients.conf`. Open this file with your text editor:

sudo nano /etc/freeradius/clients.conf

Add entries for each client by specifying their IP address and shared secret as follows:

# Example client configuration
client my_client {
  ipaddr = 192.168.1.100
  secret = testing123
}

This entry allows a client with IP address `192.168.1.100` to connect using `testing123` as its shared secret.

C. Enabling Authentication Methods

FreeRADIUS supports various authentication methods such as PAP (Password Authentication Protocol) and EAP (Extensible Authentication Protocol). To enable these methods, you will need to edit relevant sections in the configuration files located in `/etc/freeradius/mods-enabled/`.

  • PAP Configuration:
      • Edit `pap` module configuration:
    sudo nano /etc/freeradius/mods-enabled/pap
    • Add any additional settings as required.
  • EAP Configuration:
      • Edit `eap` module configuration:
    sudo nano /etc/freeradius/mods-enabled/eap
    • Select appropriate EAP types based on your requirements (e.g., EAP-TLS, EAP-PEAP).

Securing Your FreeRADIUS Installation

Securitizing your FreeRADIUS installation is crucial in protecting against unauthorized access and potential attacks.

  • Implement strong authentication methods: Use secure protocols like EAP-TLS or EAP-PEAP that rely on certificates or secure tokens.
  • Limit network access using firewalls: Configure firewall rules to restrict access only to trusted clients or networks.
  • Regularly update your server and FreeRADIUS installation: Keeping your system updated helps mitigate vulnerabilities that could be exploited by attackers.
  • Audit logs regularly: Monitor logs located at `/var/log/freeradius/radius.log` for suspicious activities or errors.

Troubleshooting Common Issues

  • Check logs for errors: The logs provide valuable insights into what might be going wrong: 
    /var/log/freeradius/radius.log
  • Run FreeRADIUS in debug mode: This mode provides detailed output that can help identify problems: 
    freeradius -X
  • If clients cannot connect: Create test users in `users` file located at `/etc/freeradius/users`. Ensure they have valid credentials.
  • If authentication fails: Dive into specific module configurations in `/etc/freeradius/mods-enabled/` to ensure they are correctly set up.
  • If you encounter dependency issues during installation from source: Might require additional libraries; ensure all dependencies are installed as mentioned earlier.

Congratulations! You have successfully installed FreeRADIUS. Thanks for using this tutorial to install the latest version of the FreeRADIUS on Ubuntu 22.04 LTS. For additional help or useful information, we recommend you check the official FreeRADIUS website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2024 idroot.us | All Rights Reserved.
Back to top button