Step by step instructions for installing
FreeRadius with Postgresql on
Ubuntu 14.04 LTS
Why 14.04, well it is the current LTS release, and for production environments, I tend to stick to the latest LTS.
I am not going to be going into detail into how to install Ubuntu 14.04 Server, there are enough tutorials on that elsewhere. I need you to get to the point where you have a clean server, with SSH access, and a root prompt.
Installing software
First, let us update the apt-get info:
apt-get update
Now we need to install the basic components, these include:
Freeradius, Postgresql and it's utilities as well as the postgresql module for freeradius:
apt-get install freeradius freeradius-postgresql postgresql postgresql-contrib
This will install all the necessary components, it is normal for the DH Parameter generation to take a couple of minutes.
Configure Postgres
The Postgres installation automatically creates a user called postgres, in order to configure Postgres, you need to log into that account.
sudo -i -u postgres
Now we create the radius user and database, when creating the user, you will be prompted to create a password, make it nice and secure, and make a note for later use:
createuser radius --no-superuser --no-createdb --no-createrole -P
createdb radius --owner=radius exit
createdb radius --owner=radius exit
Change the database authentication from peer to md5 to allow login from the console:
vim /etc/postgresql/9.3/main/pg_hba.conf
Find the line that matches:
local all postgres peer
and change it to:
local all postgres md5
also find:
local all peer
and change it to:
local all md5
Reload postgresql
service postgresql restart
Import the database schema using the command below:
cd /etc/freeradius/sql/postgresql
psql -U radius radius < schema.sql
psql -U radius radius < schema.sql
Configure FreeRadius to use Postgres
Change the sql configuration as follows:
cd /etc/freeradius
vim sql.conf
vim sql.conf
change the following lines to suit your setup:
database = "postgresql"
password = "yourpassword"
password = "yourpassword"
You will also need to change the login name to leave out the realm when logging in:
Change the sql configuration as follows:
vim radiusd.conf
change the following line:
sql_user_name = "%{User-Name}"
To:
sql_user_name = "%{Stripped-User-Name}"
Also uncomment the line that reads:
$INCLUDE sql.conf
Now uncomment the line that reads "sql" under the authorize{} section, on my default config it is line 177,
also uncomment the "sql" line under the accounting{} section,
also uncomment the "sql" line under the post-auth{} section
also uncomment the "sql" line under the accounting{} section,
also uncomment the "sql" line under the post-auth{} section
cd /etc/freeradius/sites-available
vim default
Also uncomment the line that reads "sql" under the authorize{} section of /etc/freeradius/sites-available/inner-tunnel, on my default config it is line 131
vim inner-tunnel
Restart the FreeRadius server to load the new config, and you should be good to go.
service freeradius restart
0 comments:
Post a Comment