Skip to content

FreeRadius

Jump to bottom
iBNu Maksum edited this page Jul 12, 2024 · 9 revisions

PhpNuxBill Support Radius , but with limited feature

FreeRADIUS is a modular, high performance free RADIUS suite developed and distributed under the GNU General Public License, version 2, and is free for download and use.

RADIUS servers receive user connection requests, authenticate the user, and then return the configuration information necessary for the client to deliver service to the user. A RADIUS server can act as a proxy client to other RADIUS servers or other kinds of authentication servers.

Freeradius

Install Freeradius on your Linux, Follow instruction in here https://networkradius.com/packages/

Installation on Ubuntu

apt-get install freeradius freeradius-mysql freeradius-utils

Installation on RedHat

yum install freeradius freeradius-utils freeradius-mysql freeradius-perl

Enable Mysql

Red Hat

ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/

Ubuntu

ln -s /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-enabled/

In order to configure FreeRADIUS to use the radius database we just created, we have to edit two files:

  • the file sql under /etc/raddb/mods-available(on Red Hat) and under /etc/freeradius/3.0/mods-available (on Ubuntu)
  • the file default under /etc/raddb/sites-enabled (on Red Hat) and under /etc/freeradius/3.0/sites-enabled (on Ubuntu)

Let’s start with the first file. Here, we have to configure the information needed for FreeRADIUS to connect to the radius database. Few hints about this file. As many configuration files for FreeRADIUS, this file is much longer than the one below, because all the configuration files have a lot of lines that are commented out, that mainly are hints about configuration. There are lots of explanation there, and I suggest you look at these comments to understand how to configure your server. They are really useful and explicative.

Below is only a summary with the main information you have to change. Few hints about this file.

  • The field password is your MySQL password you configured some steps above.
  • As driver and dialect, you have to configure MySQL. This informs FreeRADIUS that you are using MySQL as SQL database.
  • radius_db = "radius" means that FreeRADIUS has to use a MySQL database called "radius", that is the one we configured before. So in case you used another name, change the file below accordingly.
  • client_table = "nas" informs the FreeRADIUS that the info about the NAS clients are in a table called "nas".
  • Uncomment all the information below if they are commented.

mods-available/sql

sql {
    driver = "rlm_sql_mysql"
    dialect = "mysql"
    # Connection info:
    server = "localhost"
    port = 3306
    login = "phpnuxbill"
    password = "phpnuxbill"
    # Database table configuration for everything except Oracle
    radius_db = "phpnuxbill"
}
read_clients = yes
client_table = "nas"

The second file informs FreeRADIUS to use either a database or the configuration files to find information about authorization and accounting. By default, the sql tag is commented out (since by default FreeRADIUS uses the configuration files for all the operations about accounting, authorization and so on). So, uncomment the sql tag under the sections authorize, accounting, post-auth, session. You should end up with something like the file below.

For all categories, remove the “file” directive and add the “sql” one. This will instruct FreeRADIUS to relly on the database for user management.

sites-available/default

authorize {
    .....
    sql
    expiration
    quotalimit
    accessperiod
    uptimelimit

    if (User-Name){
        if("%{sql:UPDATE radacct set AcctStopTime=ADDDATE(AcctStartTime,INTERVAL AcctSessionTime SECOND), AcctTerminateCause='Clear-Stale Session' WHERE UserName='%{User-Name}' and CallingStationId='%{Calling-Station-Id}' and AcctStopTime is NULL}"){
        }
    }

    expiration{
        userlock = 1
    }
    if(userlock){
        # Let him connect with EXPIRED pool in reply
        ok
        update reply {
            Reply-Message := "Your account has expired, %{User-Name} / Reason: DATE LIMIT REACHED"
            Framed-Pool := "Expired"
        }
    }

    .....
}

accounting {
    ......
    sql
    ....
}

post-auth {
    ......
    sql
    ....
}

session{
    ......
    sql
    .....
}

In my case, when I tried to start FreeRADIUS I had an error for SSL certificate not found. To avoid this error, just uncomment the section related to TLS encryption in the file sql under /etc/raddb/mods-enabled (on Red Hat) and under /etc/freeradius/3.0/mods-enabled (on Ubuntu).

mysql {
    # If any of the files below are set, TLS encryption is enabled
    tls {
        #ca_file = "/etc/ssl/certs/my_ca.crt"
        #ca_path = "/etc/ssl/certs/"
        #certificate_file = "/etc/ssl/certs/private/client.crt"
        #private_key_file = "/etc/ssl/certs/private/client.key"
        #cipher = "...."
        #tls_required = yes
        #tls_check_cert = no
        #tls_check_cert_cn = no
    }
    # If yes, (or auto and libmysqlclient reports warnings are
    # available), will retrieve and log additional warnings from
    # the server if an error has occured. Defaults to 'auto'warnings = auto
}

Enable SQL Counter

SQLCounter Is a module that is used to record user statistics that are entered and written in the database, such as recording the time a user logs in, transfers data, and sessions.

activating the Access Period and Quota Limit

mods-available/sqlcounter

sqlcounter accessperiod {
    sql_module_instance = sql
    dialect = ${modules.sql.dialect}

    counter_name = Max-Access-Period-Time
    check_name = Access-Period
    key = User-Name
    reset = never

    $INCLUDE ${modconfdir}/sql/counter/${dialect}/${.:instance}.conf
}

sqlcounter quotalimit {
    sql_module_instance = sql
    dialect = ${modules.sql.dialect}

    counter_name = Max-Volume
    check_name = Max-Data
    reply_name = Mikrotik-Total-Limit
    key = User-Name
    reset = never

    $INCLUDE ${modconfdir}/sql/counter/${dialect}/${.:instance}.conf
}

sqlcounter uptimelimit {
    counter_name = 'Max-All-Session-Time'
    check_name = 'Max-All-Session'
    sql_module_instance = sql
    key = 'User-Name'
    reset = never
    query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{${key}}'"
}

mods-config/sql/counter/mysql/accessperiod.conf

query = "\
SELECT UNIX_TIMESTAMP() - UNIX_TIMESTAMP(AcctStartTime) \
FROM radacct \
WHERE UserName='%{${key}}' \
ORDER BY AcctStartTime LIMIT 1"

mods-config/sql/counter/mysql/quotalimit.conf

query = "\
SELECT (SUM(acctinputoctets) + SUM(acctoutputoctets)) \
FROM radacct \
WHERE UserName='%{${key}}'"

sites-enabled/default

authorize {
    expiration
    quotalimit
    accessperiod
}

ln -s mods-available/sqlcounter mods-enabled/sqlcounter

Restart Freeradius

#Ubuntu
systemctl restart freeradius.service
or
system freeradius restart

#Red Hat
service radiusd restart

Integrate with PHPNuxBill

Open config.php change freeradius Credentials

// Database Radius
$radius_host        = 'localhost';
$radius_user        = 'phpnuxbill';
$radius_pass        = 'phpnuxbill';
$radius_name        = 'phpnuxbill';

Log Radius on Mikrotik

/system logging add topics=radius,debug action=memory
Clone this wiki locally