Installing FreeRadius 2.1 on CentOS 5.x

UPDATE!  RHEL/CentOS 5.5 includes FreeRadius2,  you no longer need to include the external repository to get the freeradius2 packages.   I’ve updated the post to reflect this fact.  CentOS 5.4 users will have to fetch the freeradius2 source rpms and build the packages themselves. :(

Up to version 5.4, RHEL/CentOS  shiped with FreeRadius 1.1.x, a version long in the tooth.  Anyone trying to do anything with FreeRadius 1.x will quickly discover that they are out of luck when it comes to documentation and support.

As of RHEL/CentOS 5.5, Freeradius 2.x is available via the freeradius2 packages.  The FreeRadius  1.x packages are still available if you need them  You cannot install version 1 and version 2 on the same host at the samet ime!

Here are the steps to install FreeRadius2 on CentOS5.

  1. To see the list of available packages, run
    # yum search freeradius2
    Loaded plugins: fastestmirror
    Loading mirror speeds from cached hostfile
    * addons: mirror.csclub.uwaterloo.ca
    * base: mirror.skiplink.com
    * extras: mirror.csclub.uwaterloo.ca
    * updates: centos.omnispring.com
    freeradius2 | 1.2 kB 00:00
    freeradius2/primary | 43 kB 00:00
    freeradius2 149/149
    ============================================ Matched: freeradius2 ============================================
    freeradius2.i386 : High-performance and highly configurable free RADIUS server
    freeradius2-debuginfo.i386 : Debug information for package freeradius2
    freeradius2-devel.i386 : FreeRADIUS Development Files
    freeradius2-krb5.i386 : Kerberos 5 support for freeradius
    freeradius2-ldap.i386 : LDAP support for freeradius
    freeradius2-mysql.i386 : MySQL support for freeradius
    freeradius2-perl.i386 : Perl support for freeradius
    freeradius2-postgresql.i386 : Postgresql support for freeradius
    freeradius2-python.i386 : Python support for freeradius
    freeradius2-unixODBC.i386 : Unix ODBC support for freeradius
    freeradius2-utils.i386 : FreeRADIUS utilities
  2. Install the the packages you want. You’ll at least want to install freeradius2, freeradius2-utils.# yum install freeradius2 freeradius2-utils freeradius2-ldap
    Loaded plugins: fastestmirror
    Loading mirror speeds from cached hostfile
    * addons: mirror.csclub.uwaterloo.ca
    * base: mirror.skiplink.com
    * extras: mirror.csclub.uwaterloo.ca
    * updates: centos.omnispring.com
    freeradius2 | 1.2 kB 00:00
    Setting up Install Process
    Resolving Dependencies
    --> Running transaction check
    ---> Package freeradius2.i386 0:2.1.8-2.el5 set to be updated
    ---> Package freeradius2-ldap.i386 0:2.1.8-2.el5 set to be updated
    ---> Package freeradius2-utils.i386 0:2.1.8-2.el5 set to be updated
    --> Finished Dependency Resolution

    Dependencies Resolved

    ===========================================================================================================================================
    Package Arch Version Repository Size
    ===========================================================================================================================================
    Installing:
    freeradius2 i386 2.1.8-2.el5 freeradius2 1.5 M
    freeradius2-ldap i386 2.1.8-2.el5 freeradius2 49 k
    freeradius2-utils i386 2.1.8-2.el5 freeradius2 118 k

    Transaction Summary
    ===========================================================================================================================================
    Install 3 Package(s)
    Update 0 Package(s)
    Remove 0 Package(s)

    Total size: 1.6 M
    Is this ok [y/N]: y
    Downloading Packages:
    Running rpm_check_debug
    Running Transaction Test
    Finished Transaction Test
    Transaction Test Succeeded
    Running Transaction
    Installing : freeradius2 1/3
    Installing : freeradius2-utils 2/3
    Installing : freeradius2-ldap 3/3

    Installed:
    freeradius2.i386 0:2.1.8-2.el5 freeradius2-ldap.i386 0:2.1.8-2.el5 freeradius2-utils.i386 0:2.1.8-2.el5

    Complete!

That’s it. If you have never setup radius before I recommend you start with Setting up FreeRADIUS for the first time.

The primary source of documentation is the FreeRadius documentation page. A second valuable source of documentation site is DeployingRadius.com.

Enterprise Networking Planet has a series of articles on using FreeRADIUS for Wi-Fi Authentication. If you decide to follow the articles, just remember that you no longer need to install the third party repo.

11 comments

    1. can you post a guide how did you configure it to work with ppp coecrrtly ?i want to connect it to RRAS thank you.[] Reply:November 12th, 2010 at 12:13 pmI would love to write the detailed guide. Maybe it would take some time. I can answer your questions before the guide finished.The configuration would including:ppp freeradius mysql WebTo connect ppp and freeradius, Maybe you should:1. Get ppp radius modules 1.1 compile ppp from source code (because the ppp debian package doesn’t include radius modules) 1.2 find compiled radius.so radattr.so 1.3 find radiusclient folder in the ppp soucecode2. Configure ppp 2.1 Configure the radius server and shared key in: radiusclient/server ,radiusclient/realms and radiusclient/radiusclient.conf 2.2 add radius to ppp server options file. This is mine.===================================plugin /etc/ppp/radius.soplugin /etc/ppp/radattr.soradius-config-file /etc/radiusclient/radiusclient.conf====================================[]

  1. Unf. the yum install freeradius2 will install freeradius 2.1.7 which is not the latest version.

    I prefer ./configure, make, make install from source.

    1. Fetching the source and building it yourself will always result in your having the latest. However your now on your own when it comes to maintaining the software. Not always an attractive situation. Lets face it, you don’t use RHEL/CentOS to get the latest and greatest. You use it for the stability and long term support for your server’s OS.

    2. Hi Mike,I guess I made some assumptions that might not be obovius to all readers. You’re absolutely right, performance through the VM would not be acceptable. I/O would be slow not least because your two VMs and the larger OS are all sharing a single disk. But further, I wouldn’t run MySQL on a laptop or other single disk machine anyway. The purpose of the article here is to create a virtual environment or sandbox within which an admin play around. You can pull the levers and turn the dials, and get comfortable with how all the moving parts work. For production use you’d have two separate servers with their own disk subsystem or shared storage.-Sean

  2. Ludo,I hadn’t gotten that far yet :). Currently, since this for ttinseg. My initial idea was to use setuid root. After you posted I thought I’d poke around, but I can’t figure out what I’d need to actually make setuid root since making the OpenDS.jar or the start-ds script won’t really work.If someone has an idea, I’d like to hear it.So after some hacking around with the other admins here, we have decided to try some iptables rules.We made the Directory server owned by a regular user, and let it attach to an unprivileged port, and then tossed this into iptables:iptables -t nat -A PREROUTING -p tcp –dport 389 -j REDIRECT –to-port 1389iptables -t nat -A OUTPUT -p tcp –dport 389 -j REDIRECT –to-ports 1389I am not sure how much I like that, but it’s a fix for now.

  3. Tell me, for what, somebody explained how to install the packets, this is easy. You should have explain how to configure. Thanks for nothing.

    1. The post “Installing FreeRadius 2.1 on CentOS 5.x” is for exactly that, how to install it. The goal was to show people looking for RPMs how to build their own and install them. There is plenty of documentation out there on how to configure and use FreeRadius already. A good starting point is http://freeradius.org/doc/.

Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>