Thursday, 19 December 2013

Raspberry PI based FreeRadius Server with GUI

09:49 Posted by Jurgens Krause , , 41 comments
I run a small wireless network for a non-profit organization in my home town, it consists of a single high site with internet connectivity, with nine client sites connecting via wireless. The network is built with Ubiquiti hardware, with a Mikrotik 750 handling the routing. I also use this network for experimentation and learning. One of the things that I have been keen on doing is managing it as though it is a commercial network in terms of the network architecture. To this end I have decided to deploy a Raspberrry Pi based Radius server for PPPoE Authentication. The Mikrotik will serve as the PPPoE server, and the Raspberry Pi Radius server will be managed with DaloRADIUS. The instructions below should be easy to use on any Debian based distro.

This tutorial will not cover installation of Raspbian onto your Raspberry Pi.

What you will need:

  • A Raspberry Pi Model B
  • A 4GB+ SD Card running Raspbian
  • SSH Access (or a terminal on the device)
  • PPPoE server (Mikrotik 750 in my case)
  • An internet connection
Raspberry Pi Model B

Log into the Raspberry Pi via SSH or a Terminal Window:
Configure the IP Address

Edit /etc/network/interfaces to reflect your network settings
vi /etc/network/interfaces
Change from:
iface lo inet loopback
iface eth0 inet dhcp
allow-hotplug wlan0
allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
allow-hotplug wlan0
allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp

Remember to adjust for your own network parameters

Install FreeRADIUS and other prerequisites, remember to note the password for your mysql server:

$apt-get install freeradius freeradius-mysql apache2 php5 libapache2-mod-php5 mysql-server mysql-client php5-mysql php-pear php5-gd php-db

Download and extract the DaloRADIUS package to /var/www:

cd /usr/src
tar zxvf daloradius-0.9-9.tar.gz -C /var/www/
mv /var/www/daloradius-0.9-9/ /var/www/daloradius
cd /var/www/daloradius
Configure the DaloRadius/Freeradius database

mysql -uroot -p
mysql>create database radiusdb;
mysql -u root -p radiusdb < /usr/src/daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql
mysql -u root -p
mysql>CREATE USER 'radiususer'@'localhost';
mysql>SET PASSWORD FOR 'radiususer'@'localhost' = PASSWORD('radiuspass');
mysql>GRANT ALL ON radiusdb.* to 'radiususer'@'localhost';
You will aslo need to configure DaloRadius to connect to the database:
vi /var/www/daloradius/library/daloradius.conf.php
Input the following values
$configValues['DALORADIUS_VERSION'] = '0.9-9';
$configValues['FREERADIUS_VERSION'] = '2';
$configValues['CONFIG_DB_ENGINE'] = 'mysql';
$configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_PORT'] = '3306';
$configValues['CONFIG_DB_USER'] = 'radiusuder';
$configValues['CONFIG_DB_PASS'] = 'radiuspass';
$configValues['CONFIG_DB_NAME'] = 'radiusdb';
The default configuration of FreeRADIUS loads user accounts from a file located at /etc/freeradius/users.
It makes sense to test the functioning of FreeRADIUS before trying to link it to a database. To activate the test user you have to edit /etc/freeradius/users:
vi /etc/freeradius/users
Uncomment the following lines:
#"John Doe" Cleartext-Password := "hello"
# Reply-Message = "Hello, %{User-Name}"
To look like this:
"John Doe" Cleartext-Password := "hello"
Reply-Message = "Hello, %{User-Name}"
Restart the freeradius service and show the debug console to make sure all is well:
$/etc/init.d/freeradius stop
$freeradius -XXX
If all goes well you will be presented with the last line :
Info: Ready to process requests.

Press CTRL+C to disconnect.
Start the freeradius service again
$/etc/init.d/freeradius start
Use radtest to make sure that you can authenticate against the file:

$radtest "John Doe" hello 0 testing123
Sending Access-Request of id 180 to port 1812
        User-Name = "John Doe"
        User-Password = "hello"
        NAS-IP-Address =
        NAS-Port = 0
        Message-Authenticator = 0x00000000000000000000000000000000

Now it is time to switch over to mysql authentication:
$vi /etc/freeradius/radiusd.conf
Change the lines that read:
# $INCLUDE sql.conf&lt
# $INCLUDE sql/mysql/counter.conf
$INCLUDE sql.conf
$INCLUDE sql/mysql/counter.conf
Update the configuration to reflect the database username and password as chosen earlier:
$vi /etc/freeradius/sql.conf

        server = "localhost"
        #port = 3306
        login = "radiususer"
        password = "radiuspass"

        # Database table configuration for everything except Oracle
        radius_db = "radiusdb"

Uncomment the lines that read "sql" in the session, accounting and authorize sections

$vi /etc/freeradius/sites-enabled/default 
Uncomment sql in authorize{}
# See “Authorization Queries” in sql.conf
Uncomment sql in accounting{}
# See “Accounting queries” in sql.conf
Uncomment sql in session{}
# See “Simultaneous Use Checking Queries” in sql.conf
Uncomment sql in post-auth{}
# See “Authentication Logging Queries” in sql.conf

To test the configuration, stop the freeradius service:
$service freeradius stop

Then run the freeradius debug console.
$freeradius -X

If it comes back without any errors you can continue.

To enable remote authentication from a Mikrotik device edit /etc/freeradius/clients.conf
Add the following to the end of the file, changing the IP/Class as appropriate.

$vi /etc/freeradius/clients.conf

client {
        secret = mikrotest
        shortname = mikrotikpppoe
        nastype= mikrotik

Also edit /etc/freeradius/dictionary and add mikrotik:
$vi /etc/freeradius.dictionary

and add:

$INCLUDE  /usr/share/freeradius/dictionary.mikrotik

Restart FreeRadius
$service freeradius restart

You can now log in with a web browser on http://<raspberry-ip>/daloradius
username: administrator
password: radius


  1. HELP!!!

    I keep getting this error. I followed you tutorial exaclty. What do I do? Alse, when I try this command: mysql -u root -p radiusdb < fr2-mysql-daloradius-and-freeradius.sql, it says no such file or directory.

    Database error
    Error Message: DB Error: no such table
    Debug info: SELECT id, username FROM operators WHERE username = 'administrator' AND password = 'radius' [nativecode=1146 ** Table 'radiusdb.operators' doesn't exist]

  2. Hi,
    I don't have a bench set up right now, but try to use the full path to fr2-mysql-daloradius-and-freeradius.sql for example:
    mysql -u root -p radiusdb < /usr/src/daloradius/fr2-mysql-daloradius-and-freeradius.sql

    this should solve both problems, as the command above is the one that actually creates the tables in mysql.

  3. Where does http://raspberry-ip/daloradius come from? I don't see it anywhere in the config, and certainly it can't be a default?

    @PI_User5 I had the same problem. The new path for that file is /usr/src/daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql

    1. Thanks, I have corrected both the part as well as the sql import.

  4. The right command to configure the DaloRadius/Freeradius database is
    mysql -u root -p radiusdb < /var/www/daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql
    because we have moved all files there before with
    mv /var/www/daloradius-0.9-9/ /var/www/daloradius

  5. This comment has been removed by the author.

  6. Ok Webinterface works fine now. But after login the webinterface says Database connection error
    Error Message: DB Error: connect failed. May I have forgotten something?

    1. This comment has been removed by the author.

    2. Markus, I was getting the same error as you...go back and validate that you did the steps correctly. I misconfigured the "daloradius.conf.php file. Afterwards no issues...good luck

    3. check

      $configValues['CONFIG_DB_USER'] = 'radiusuder'


      $configValues['CONFIG_DB_USER'] = 'radiususer'

  7. hi,

    after install i've got a blank page on http;//myraspberry_ip/daloradius/login.php


  8. This comment has been removed by the author.

  9. Have you any tips/guide for your mikrotik pppoe setup combined with this daloradius server please

  10. Hi Guys. I keep on getting Error 404 when trying to reach the http://ip/daloradius. I even reinstalled the whole linux and followed steps again. freeradius -X reports no errors. If I only enter http://ip then I get to the apache info page? Any help would be appreciated. Regards

  11. When i try to login : using username : administrator
    password: radius

    I get error:

    Database connection error
    Error Message: DB Error: insufficient permissions

  12. You have to edit the file /etc/apache2/sites-available/000-default.conf. Ther is a line "Document Root /var/www/html". Remove "/html", save the file and restart apache2. Then it will work fine.

  13. Please help, i try to move daloradius with mv /var/www/daloradius-0.9-9/ /var/www/daloradius, but i keep getting "mv: cannot stat `/var/www/daloradius-0.9-9/': No such file or directory"

  14. This comment has been removed by the author.

  15. Database connection error
    Error Message: DB Error: connect failed


    1. Sohanur this tutorial works perfectly. However there a few changes you have to do.

      This is what I did.

      1) Install a fresh copy of Raspbian OS.

      2) Follow Steps until "Download and extract the DaloRADIUS package to /var/www:"

      3) During Mysql installation input the password as radiuspass (just use his usernames and passwords for now)

      4) NOW change "mysql -u root -p radiusdb < /usr/src/daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql" TO "mysql -u root -p radiusdb < /var/www/daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql"

      Thanks to MarkGyver

      5)Follow the steps after that

      6) Change "$configValues['CONFIG_DB_USER'] = 'radiusuder';" to "$configValues['CONFIG_DB_USER'] = 'radiususer'; "

      7) The rest of the steps are easy. Hope it works for you. All the best

    2. thanks i have already solved this one, but i cant understand daloradius web UI, can u help me with this one ?

  16. it would be easy for everyone, if someone upload a working image of Raspberry PI based daloFreeRadius Server

  17. I followed all the steps but I get "Job for freeradius.service failed. See 'systemctl status freeradius.service' and 'journalctl -xn' for details."

    When I try to restart it. Can someone explain why?

    1. Is it because I'm not using a Mikrotik like he is?

    2. me to (Failed to start LSB: Radius Daemon)
      and i think its not cause of using Mikrotik.

  18. Thanks for the tutorial. I keep getting error 404 when i try to access http://pi_ip/daoradius. I can however access apache server page with http://pi_ip. Any help would be appreciated. Thank you.

  19. Using Lighthttpd and work with text, define user and password in mysql database radcheck and run radtest .. .. and works fine. Installed daloradius and use user : administrator and password :radius (verified in database using phpmyadmin) but keep on showing error 500.

  20. I have gone though all the steps and when I run the command
    service freeradius restart

    I get this error
    Job for freeradius.service failed. See 'systemctl status freeradius.service' and 'journalctl -xn' for details.

    I have the web site working but under service status radius shows disabled.

  21. Hi, i have a Hostspot using raspberry pi and it was connected directly in my MAIN ROUTER(ISP ROUTER) and it's not possible to change the Default username and password of the Router. Now how can i prevent Clients from Hotspot to Access my MAIN ROUTER GUI? Thank you.

  22. This comment has been removed by the author.

  23. This comment has been removed by the author.

  24. This comment has been removed by the author.

  25. This comment has been removed by the author.

  26. Hi, i tried to install it.
    Have freeradius 3.0 installed
    at the point /etc/freeradius/radiusd.conf
    changing lines :
    # $INCLUDE sql.conf&lt
    # $INCLUDE sql/mysql/counter.conf
    they did not exist.
    neither a /etc/freeradius/3.0/sql.conf
    so install older freeradius ? does this help?
    or ... where is the sql.conf located ?

  27. Me here stock also. . . tutorial needs to be updated

  28. +1 thanks Jurgens for the write-up, an update and tidy up would be very useful for me too!

  29. When I try to login, it says the login is incorrect. Any idea why?