Install FreeRADIUS on Debian 7

In this tutorial, we will go through how to install the FreeRADIUS server in conjunction with MySQL as its database. FreeRADIUS is the most widely used radius server in the world. The server itself is completely modular and can easily cover all of your AAA (Authentication, Authorization, and Accounting) needs. FreeRADIUS is licened under GPL and is regularly tested by a large community to ensure that it provides the stability and performance that a system administrator would expect from it.

In this tutorial, we use Debian 7 (Wheezy) 32-bit. Similar distributions should work too.

First, ensure that our server is up-to-date.

sudo apt-get update
sudo apt-get upgrade

Install the FreeRADIUS software and its dependencies.

aptitude install -y freeradius freeradius-utils freeradius-mysql phpmyadmin mysql-server php5-gd php5-curl php-pear php-db php-mail-mime

Configure FreeRADIUS to use MySQL as backend database. We will install phpMyAdmin here too, which is optional. Answer the prompts with the list below.

aptitude install -y phpmyadmin mysql-server php5-gd php5-curl php-pear php-db php-mail-mime 

• Enter your password for the MySQL root user. Type it on the second page as well.
• Choose the web server that should be automatically configured to run phpMyAdmin. Choose “Apache 2”.
• Configure phpMyAdmin. Choose “No”.

Next, we will create the radius SQL database and user. Start the MySQL command line client.

mysql -u root -p 

Create a database and user. In this example, the user is named “radius”. Replace “YOUR PASSWORD” with your own desired password.

CREATE DATABASE radius;
GRANT ALL PRIVILEGES ON radius.* TO radius@localhost IDENTIFIED BY "YOUR PASSWORD";
flush privileges;
exit

Close the SQL prompt.

Enable the SQL module in FreeRADIUS. Open the sql.conf file.

nano /etc/freeradius/sql.conf 

Find the section #Connection info and edit the parameters as follows.

server = "localhost"
login = "radius"
password = "YOUR PASSWORD"
radius_db = "radius"

Save and close the file.

Uncomment #sql.conf in the radius.conf file.

nano /etc/freeradius/radiusd.conf

# Uncomment this:
$INCLUDE sql.conf

Next, we tell the FreeRADIUS server that our MySQL server is responsible for authorization, authentication, and accounting. Edit the following file.

nano /etc/freeradius/sites-available/default

# Uncomment "sql" under the following sections:

authorize {
accounting {

Lastly, it is necessary to set a new “shared secret” rather than default one. You can set your own “shared secret” by editing clients.conf.

nano /etc/freeradius/clients.conf

Setup and configuration is complete.