UbuntuUbuntu Based

How To Install FreeRADIUS on Ubuntu 22.04 LTS

How To Install FreeRADIUS on Ubuntu 22.04 LTS

In this tutorial, we will show you how to install FreeRADIUS on Ubuntu 22.04 LTS. In the rapidly evolving landscape of technology, network security is of paramount importance. To safeguard sensitive information and ensure secure access to resources, organizations need robust authentication and authorization systems. FreeRADIUS, an open-source, high-performance Remote Authentication Dial-In User Service (RADIUS) server, stands as a formidable solution for network authentication and accounting.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of FreeRADIUS on Ubuntu 22.04. You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.

Prerequisites

  • A server running one of the following operating systems: Ubuntu 22.04, 20.04, and any other Debian-based distribution like Linux Mint.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • An active internet connection. You’ll need an internet connection to download the necessary packages and dependencies for FreeRADIUS.
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install FreeRADIUS on Ubuntu 22.04 LTS Jammy Jellyfish

Step 1. First, make sure that all your system packages are up-to-date by running the following apt commands in the terminal.

sudo apt update
sudo apt upgrade
sudo apt install build-essential libssl-dev libpam0g-dev libtool autoconf

Step 2. Installing FreeRADIUS on Ubuntu 22.04.

In this section, we will explore two methods of installing FreeRADIUS: using the Ubuntu package manager and building from source.

  • A. Method 1: Using Ubuntu Package Manager

Now proceed to install FreeRADIUS on Ubuntu 22.04 LTS:

sudo apt install freeradius

After that, start and enable the FreeRADIUS service:

sudo systemctl start freeradius
sudo systemctl enable freeradius
  • B. Method 2: Building from Source

Building from source offers customization options and the possibility of using the latest features:

wget https://github.com/FreeRADIUS/freeradius-server/releases/download/release_3_2_3/freeradius-server-3.2.3.tar.gz
tar -xvf freeradius-server-3.2.3.tar.gz
cd freeradius-server-3.2.3

Configure and compile FreeRADIUS:

./configure
make
sudo make install

Once done, now start the FreeRADIUS service using the following command:

sudo systemctl start freeradius
sudo systemctl enable freeradius

Step 3. Configuring FreeRADIUS.

Now that FreeRADIUS is installed, it’s time to configure it according to your network’s needs.

A. Basic Configuration:

FreeRADIUS configuration files are located in the /etc/freeradius/ directory. The primary configuration file is radiusd.conf, and the configuration for clients is in clients.conf.

  • Set Listen to Addresses and Ports:

Edit radiusd.conf to specify the IP addresses and ports on which FreeRADIUS will listen for incoming requests:

listen {
ipaddr = 127.0.0.1
port = 1812
}
  • Define Authentication Type:

Specify the authentication method in the modules section of radiusd.conf.

modules {
...
pap {
...
}
...
}
  • Enable Logging:

Configure logging to monitor FreeRADIUS activity and troubleshoot issues effectively.

logging {
...
auth_log = /var/log/freeradius/radius.log
...
}

B. Authentication Methods:

FreeRADIUS supports various authentication methods. We’ll configure a few examples:

  • PAP (Password Authentication Protocol):

PAP is a straightforward authentication method but should be used with caution as passwords are sent in plaintext.

pap {
auto_header = yes
}
  • CHAP (Challenge Handshake Authentication Protocol):

CHAP provides a more secure alternative to PAP, as it uses a hashed challenge-response mechanism.

chap {
...
}
  • EAP (Extensible Authentication Protocol):

EAP offers a flexible framework for various authentication methods like EAP-TLS, EAP-PEAP, etc.

eap {
...
}

Step 3. Authorization and Accounting.

In this section, we’ll configure policies for authorization and accounting to control access to resources and track network usage.

  • Authorization Policies:

Authorization policies are defined in the sites-enabled/default file. Create a new section for each policy.

authorize {
if (User-Name == "exampleuser") {
update control {
Auth-Type := Local
}
}
}
  • Accounting Configuration:

Accounting settings can be configured in sites-enabled/default.

accounting {
detail {
sql
}
}

Step 4. Integration with External Databases:

To manage users efficiently, we can integrate FreeRADIUS with an external database like MySQL or PostgreSQL.

  • Install Database Server and Driver
sudo apt install mysql-server libmysqlclient-dev
  • Configure Database Settings

Edit the mods-available/sql file to specify the database server’s connection details.

sql {
...
driver = "rlm_sql_mysql"
...
server = "localhost"
login = "radius"
password = "your_radius_password"
...
}

Create Database and Schema:

mysql -u root -p
CREATE DATABASE radius;
USE radius;
  • Initialize FreeRADIUS Database
sudo radiusd -X

Step 5. Securing FreeRADIUS:

Securing FreeRADIUS ensures the integrity of your authentication and accounting processes.

  1. Limit Network Access: Restrict access to the FreeRADIUS server by using firewalls and network access control lists (ACLs).
  2. Secure Configuration Files: Ensure the /etc/freeradius/ directory has appropriate permissions (e.g., chmod 640) to prevent unauthorized access.
  3. Implement Strong Authentication: Enforce the use of secure authentication methods like EAP-TLS, which requires digital certificates.
  4. Regular Updates: Stay vigilant and keep FreeRADIUS and your server up-to-date with the latest security patches.

Step 6. Troubleshooting and Monitoring.

Even with a meticulous installation, issues may arise. Here are some tips for troubleshooting:

  1. Check Logs: Review the FreeRADIUS log files (/var/log/freeradius/radius.log) for error messages and warnings.
  2. Run in Debug Mode: Use the -X flag to run FreeRADIUS in debug mode for detailed information during testing and debugging.
  3. Use radsniff: The radsniff tool can help analyze RADIUS packets and troubleshoot authentication problems.

Congratulations! You have successfully installed FreeRADIUS. Thanks for using this tutorial for installing FreeRADIUS on the Ubuntu system. For additional help or useful information, we recommend you check the official FreeRADIUS website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Back to top button