Dies ist eine alte Version des Dokuments!
Inhaltsverzeichnis
Install Free Radius and Free-Radius MYSQL
apt-get install freeradius freeradius-mysql
During Freeradius installation there is a point where
Diffie-Hellmann (DH) parameters are generated
this will take some time, so be pationed or just grep a cup of coffee
Config Free RADIUS to work with MYSQL
In case you will install Easy-Hotspot Admin-Gui: Continue with: raspeasyhpdb and return afterwards.
If you have created the Radius / Easyhotspot Database raspeasyhpdb, continue below
Edit Free-Radius main configuration files
Freeradius is per default configured to work out of the box, however the default setup is using
flatfiles, here we configure it to use the MySQL, so most of this config is needed to get radius to
connect and use MySQL DB.
First remove the # in front of line $INCLUDE sql.conf, leaf all other lines as they are.
vi /etc/freeradius/radiusd.conf $INCLUDE sql.conf
More MySQL related config, this file has three sections of code in each modify the sql line. Find the following blocks and the sql line to modify:
vi /etc/freeradius/sites-available/default
authorize {
sql
accounting {
sql
session {
sql
Check / Change Freeradius shared secret default is "testing123".
In case of using a different secret change password of radius user in mysql and change secret in Free-Radius config.
mysql -u root -p radius
Enter password: 2=
mysql> select Host,User from mysql.user where User='radius';
+-----------+--------+
| Host | User |
+-----------+--------+
| localhost | radius |
+-----------+--------+
1 row in set (0.00 sec)
mysql> UPDATE mysql.user SET Password=PASSWORD('Radpass12345') WHERE User='radius' AND Host='localhost';
Query OK, 1 row affected (0.01 sec)
Rows matched: 1 Changed: 1 Warnings: 0
mysql> FLUSH PRIVILEGES;
# Optional:
mysql> GRANT USAGE ON * . * TO 'radius'@'%' IDENTIFIED BY 'Radpass12345' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
Query OK, 0 rows affected (0.01 sec)
mysql>quit;
We have decided to use soemthing different then testing123, the login is the same only the name of the DB is changing
vi /etc/freeradius/sql.conf
# Connection info:
server = "localhost"
#port = 3306
login = "radius"
password = "Radpass12345
# Database table configuration for everything except Oracle
radius_db = "radius"
# radius_db = "easyhpradiusdb"
NOTE: Restart MySQL and Freeradius to enshure the new password is used. Check /var/log/freeradius/radius.log for a successfull DB
connection in case of problems see:raspmysqladmin
Change the radius secret that clients use to authenticate at radius for AAA services
vi /etc/freeradius/clients.conf
#
secret = RaspiRadi1234
Freeradius is now configured for interact with MySQL. To test this, stop Free-Radius daemon:
/etc/init.d/freeradius stop [ ok ] Stopping FreeRADIUS daemon: freeradius. </code ===Start in debug mode:=== <code> freeradius -X
Dont panic, tons of output will run over the screen, but important is that after some time
a line named: Ready to process requests. is displayed
Now login on another terminal and test radius communication with MySQL by requesting login-Infor for user1 with pw passwd123 on localhost 1812 and secret RaspiRadi1234:
root@raspberrypi:~# radtest user1 passwd123 localhost 0 RaspiRadi1234 Sending Access-Request of id 35 to 127.0.0.1 port 1812 User-Name = "user1" User-Password = "passwd123" NAS-IP-Address = 127.0.1.1 NAS-Port = 0 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=35, length=20 root@raspberrypi:~#
Done
