Tuesday 1 September 2015

Ubuntu 14.04 LTS/ FreeRadius / Postgresql Step-by-step

16:27 Posted by Jurgens Krause , , , , No comments

Step by step instructions for installing
FreeRadius with Postgresql on
Ubuntu 14.04 LTS

Why 14.04, well it is the current LTS release, and for production environments, I tend to stick to the latest LTS.

I am not going to be going into detail into how to install Ubuntu 14.04 Server, there are enough tutorials on that elsewhere. I need you to get to the point where you have a clean server, with SSH access, and a root prompt.

Installing software

First, let us update the apt-get info:
apt-get update

Now we need to install the basic components, these include:
Freeradius, Postgresql and it's utilities as well as the postgresql module for freeradius:
apt-get install freeradius freeradius-postgresql postgresql postgresql-contrib

This will install all the necessary components, it is normal for the DH Parameter generation to take a couple of minutes.

Configure Postgres

The Postgres installation automatically creates a user called postgres, in order to configure Postgres, you need to log into that account.

sudo -i -u postgres

Now we create the radius user and database, when creating the user, you will be prompted to create a password, make it nice and secure, and make a note for later use:

createuser radius --no-superuser --no-createdb --no-createrole -P
createdb radius --owner=radius exit

Change the database authentication from peer to md5 to allow login from the console:

vim /etc/postgresql/9.3/main/pg_hba.conf

Find the line that matches:
local    all    postgres    peer

and change it to:
local    all    postgres    md5

also find:
local    all          peer

and change it to:
local    all          md5

Reload postgresql
service postgresql restart

Import the database schema using the command below:
cd /etc/freeradius/sql/postgresql
psql -U radius radius < schema.sql

Configure FreeRadius to use Postgres

Change the sql configuration as follows:
cd /etc/freeradius
vim sql.conf

change the following lines to suit your setup:
database = "postgresql"
password = "yourpassword"


You will also need to change the login name to leave out the realm when logging in:

Change the sql configuration as follows:
vim radiusd.conf

change the following line:
sql_user_name = "%{User-Name}"
To:
sql_user_name = "%{Stripped-User-Name}"
Also uncomment the line that reads:
$INCLUDE sql.conf

Now uncomment the line that reads "sql" under the authorize{} section, on my default config it is line 177,
also uncomment the "sql" line under the accounting{} section,
also uncomment the "sql" line under the post-auth{} section
cd /etc/freeradius/sites-available vim default

Also uncomment the line that reads "sql" under the authorize{} section of /etc/freeradius/sites-available/inner-tunnel, on my default config it is line 131
vim inner-tunnel


Restart the FreeRadius server to load the new config, and you should be good to go.
service freeradius restart

0 comments:

Post a Comment