May 25, 2023
Updated May 25, 2023

How to setup FreeRADIUS on Linux

Linux Networks Security

Modern business network architecture has a complicated structure and a lot of devices can connect simultaneously which is a convenient feature for hackers and anybody who has illegal intentions. To solve this problem people invented one exciting solution. Radius server (aaa server), which can provide 3 functions of protection: authentication, authorization, and accounting. Every step on the system will be logged and all entries, and points of input are under control.

RADIUS server

FreeRADIUS — is an exceptional RADIUS server that offers centralized authentication and authorization services for devices, including switches, routers, VPN gateways, and WiFi access points. Its unique ability to manage user access to network resources based on various parameters, such as identity, location, device characteristics, and time of day, makes it a versatile solution for enterprise, academic, and service provider environments.

The server supports multiple authentication methods and can integrate with external databases like SQL, LDAP, and Kerberos for efficient user and device information storage and retrieval. With its scalability, flexibility, and robustness, FreeRADIUS remains a top choice for organizations seeking a reliable and customizable RADIUS solution.

Install FreeRADIUS

Before installing any software, we need to update the index and package on AlmaLinux:

sudo dnf update -y
Update package
Screenshot №1 — Update package

Install the necessary package for the RADIUS server:

sudo dnf install freeradius
Installation-AAA server
Screenshot №2 — Install RADIUS-server

After installation, you need to configure the server according to your requirements. Configuration files we can find with the command below:

sudo nano /etc/raddb/radiusd.conf

But you can still use anything, a convenient text editor. Open the file and look at the parameters: logging, authentication protocol, and ports. All settings can be modified for your purposes.

Configuration file for the server
Screenshot №3 — Configuration file for the server

Next, create a file with the name “user.conf” in the same directory:

sudo touch /etc/raddb/user.conf

Open the file in your text editor using the following command:

sudo nano /etc/raddb/user.conf

In the config add the client's devices and shared secret using the following syntax:

client <client IP or hostname> {
secret = <shared secret>
Configuration file for devices
Screenshot №4 — Configuration file for devices

Instead of “client IP or hostname” enter what you need credentials and the same thing with the “shared secret”, instead put a very strong password because of its single and fast method to get access to your system.

Notice: that the configuration file determines rules for the client’s device!

Now, we go set up config for a user account: configuring accounts and groups for authentication on the server side, an open—source implementation of the RADIUS protocol. This involves creating user accounts and assigning them group memberships in the database.

sudo nano /etc/raddb/users

And paste this:

<username> Cleartext-Password := "<password>"
Configuration file for client
Screenshot №5 — Configuration file for the client

Replace <username> with the desired username, and <password>with the corresponding password in clear text format. Similarly, open the groups file in your text editor using the following command:

sudo nano /etc/raddb/groups

And enter this:

<groupname> User-Name == "<username>"
Configuration file for groups
Screenshot №5 — Configuration file for groups

Start the Radius server: Once the configuration is done, start the server by running the appropriate command. For example, to start the server, you can run:

sudo systemctl start radiusd

And that’s it!

FreeRADIUS Linux

Configuring the RADIUS server (AAA server) on AlmaLinux is a straightforward process that involves several simple steps. Basic the configuration steps outlined in this article, you can have your FreeRADIUS server up and running in no time. However, it is important to note that there are more advanced configuration options and features available in the software that were not covered in this article.

5 out of 5
Аverage rating : 5
Rated by: 1
19703 Claymont 2093 Philadelphia Pike #2345, USA
+1 302 425-97-76
700 300
700 300

You might also like...

We use cookies to make your experience on the Serverspace better. By continuing to browse our website, you agree to our
Use of Cookies and Privacy Policy.