How To Install FreeRADIUS on Ubuntu 22.04 LTS
In this tutorial, we will show you how to install FreeRADIUS on Ubuntu 22.04 LTS. In the rapidly evolving landscape of technology, network security is of paramount importance. To safeguard sensitive information and ensure secure access to resources, organizations need robust authentication and authorization systems. FreeRADIUS, an open-source, high-performance Remote Authentication Dial-In User Service (RADIUS) server, stands as a formidable solution for network authentication and accounting.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo
‘ to the commands to get root privileges. I will show you the step-by-step installation of FreeRADIUS on Ubuntu 22.04. You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.
Prerequisites
- A server running one of the following operating systems: Ubuntu 22.04, 20.04, and any other Debian-based distribution like Linux Mint.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- An active internet connection. You’ll need an internet connection to download the necessary packages and dependencies for FreeRADIUS.
- A
non-root sudo user
or access to theroot user
. We recommend acting as anon-root sudo user
, however, as you can harm your system if you’re not careful when acting as the root.
Install FreeRADIUS on Ubuntu 22.04 LTS Jammy Jellyfish
Step 1. First, make sure that all your system packages are up-to-date by running the following apt
commands in the terminal.
sudo apt update sudo apt upgrade sudo apt install build-essential libssl-dev libpam0g-dev libtool autoconf
Step 2. Installing FreeRADIUS on Ubuntu 22.04.
In this section, we will explore two methods of installing FreeRADIUS: using the Ubuntu package manager and building from source.
- A. Method 1: Using Ubuntu Package Manager
Now proceed to install FreeRADIUS on Ubuntu 22.04 LTS:
sudo apt install freeradius
After that, start and enable the FreeRADIUS service:
sudo systemctl start freeradius sudo systemctl enable freeradius
- B. Method 2: Building from Source
Building from source offers customization options and the possibility of using the latest features:
wget https://github.com/FreeRADIUS/freeradius-server/releases/download/release_3_2_3/freeradius-server-3.2.3.tar.gz tar -xvf freeradius-server-3.2.3.tar.gz cd freeradius-server-3.2.3
Configure and compile FreeRADIUS:
./configure make sudo make install
Once done, now start the FreeRADIUS service using the following command:
sudo systemctl start freeradius sudo systemctl enable freeradius
Step 3. Configuring FreeRADIUS.
Now that FreeRADIUS is installed, it’s time to configure it according to your network’s needs.
A. Basic Configuration:
FreeRADIUS configuration files are located in the /etc/freeradius/
directory. The primary configuration file is radiusd.conf
, and the configuration for clients is in clients.conf
.
- Set Listen to Addresses and Ports:
Edit radiusd.conf
to specify the IP addresses and ports on which FreeRADIUS will listen for incoming requests:
listen { ipaddr = 127.0.0.1 port = 1812 }
- Define Authentication Type:
Specify the authentication method in the modules
section of radiusd.conf
.
modules { ... pap { ... } ... }
- Enable Logging:
Configure logging to monitor FreeRADIUS activity and troubleshoot issues effectively.
logging { ... auth_log = /var/log/freeradius/radius.log ... }
B. Authentication Methods:
FreeRADIUS supports various authentication methods. We’ll configure a few examples:
- PAP (Password Authentication Protocol):
PAP is a straightforward authentication method but should be used with caution as passwords are sent in plaintext.
pap { auto_header = yes }
- CHAP (Challenge Handshake Authentication Protocol):
CHAP provides a more secure alternative to PAP, as it uses a hashed challenge-response mechanism.
chap { ... }
- EAP (Extensible Authentication Protocol):
EAP offers a flexible framework for various authentication methods like EAP-TLS, EAP-PEAP, etc.
eap { ... }
Step 3. Authorization and Accounting.
In this section, we’ll configure policies for authorization and accounting to control access to resources and track network usage.
- Authorization Policies:
Authorization policies are defined in the sites-enabled/default
file. Create a new section for each policy.
authorize { if (User-Name == "exampleuser") { update control { Auth-Type := Local } } }
- Accounting Configuration:
Accounting settings can be configured in sites-enabled/default
.
accounting { detail { sql } }
Step 4. Integration with External Databases:
To manage users efficiently, we can integrate FreeRADIUS with an external database like MySQL or PostgreSQL.
- Install Database Server and Driver
sudo apt install mysql-server libmysqlclient-dev
- Configure Database Settings
Edit the mods-available/sql
file to specify the database server’s connection details.
sql { ... driver = "rlm_sql_mysql" ... server = "localhost" login = "radius" password = "your_radius_password" ... }
Create Database and Schema:
mysql -u root -p CREATE DATABASE radius; USE radius;
- Initialize FreeRADIUS Database
sudo radiusd -X
Step 5. Securing FreeRADIUS:
Securing FreeRADIUS ensures the integrity of your authentication and accounting processes.
- Limit Network Access: Restrict access to the FreeRADIUS server by using firewalls and network access control lists (ACLs).
- Secure Configuration Files: Ensure the
/etc/freeradius/
directory has appropriate permissions (e.g.,chmod 640
) to prevent unauthorized access. - Implement Strong Authentication: Enforce the use of secure authentication methods like EAP-TLS, which requires digital certificates.
- Regular Updates: Stay vigilant and keep FreeRADIUS and your server up-to-date with the latest security patches.
Step 6. Troubleshooting and Monitoring.
Even with a meticulous installation, issues may arise. Here are some tips for troubleshooting:
- Check Logs: Review the FreeRADIUS log files (
/var/log/freeradius/radius.log
) for error messages and warnings. - Run in Debug Mode: Use the
-X
flag to run FreeRADIUS in debug mode for detailed information during testing and debugging. -
Use radsniff: The
radsniff
tool can help analyze RADIUS packets and troubleshoot authentication problems.
Congratulations! You have successfully installed FreeRADIUS. Thanks for using this tutorial for installing FreeRADIUS on the Ubuntu system. For additional help or useful information, we recommend you check the official FreeRADIUS website.