===== Installing FreeRADIUS version 3.x =====
* Ubuntu 18.04 now comes with a FreeRADIUS 3.x release.
* Install FreeRADIUS and MySQL module.
sudo apt-get install libdatetime-perl
sudo apt-get install freeradius freeradius-mysql
# Answer yes to install these with their dependencies
# Please note that when this package is installed there are some things generated that can take up lots of time on slower machines.
* Enable and Start FreeRADIUS
sudo systemctl enable freeradius
sudo systemctl start freeradius
-----
===== Configuring FreeRADIUS version 3.x =====
* Do the following to configure FreeRADIUS 3.x to work with RADIUSdesk
# Stop the service if it is already running
sudo systemctl stop freeradius
# Backup the original FreeRADIUSdirectory
sudo mv /etc/freeradius /etc/freeradius.orig
# Extract the AMPcore modified FreeRADIUS directory
sudo tar xzf /usr/share/nginx/html/cake2/rd_cake/Setup/Radius/freeradius-3-radiusdesk.tar.gz --one-top-level=/etc/freeradius/
sudo mv /etc/freeradius/freeradius /etc/freeradius/3.0
* Correct some PATHs for FreeRADIUS 3.x
sudo vi /etc/freeradius/3.0/dictionary
# Change
$INCLUDE /etc/freeradius/dictionary_overrides/dictionary.mikrotik
$INCLUDE /etc/freeradius/dictionary_overrides/dictionary.chillispot
# To
$INCLUDE /etc/freeradius/3.0/dictionary_overrides/dictionary.mikrotik
$INCLUDE /etc/freeradius/3.0/dictionary_overrides/dictionary.chillispot
sudo vi /etc/freeradius/3.0/radiusd.conf
# Change
raddbdir = /etc/freeradius
# To
raddbdir = /etc/freeradius/3.0
* Configure the site wide shared secret. This will be the value used by ALL Dynamic Clients.
sudo vi /etc/freeradius/3.0/sites-enabled/dynamic-clients
* Look for this part in the file and change **FreeRADIUS-Client-Secret** to the value you choose to use.
# Echo the IP address of the client.
FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}"
# require_message_authenticator
FreeRADIUS-Client-Require-MA = no
# secret
FreeRADIUS-Client-Secret = "testing123"
# shortname
FreeRADIUS-Client-Shortname = "%{Packet-Src-IP-Address}"
* Comment out the following two lines in the systemd service file
sudo vi /lib/systemd/system/freeradius.service
* See this sample to see which two lines to comment out. Failing to do this will result in a broken system with FreeRADIUS not starting up during boot
[Unit]
Description=FreeRADIUS multi-protocol policy server
After=syslog.target network.target
Documentation=man:radiusd(8) man:radiusd.conf(5) http://wiki.freeradius.org/ http://networkradius.com/doc/
[Service]
Type=forking
PIDFile=/run/freeradius/freeradius.pid
#EnvironmentFile=-/etc/default/freeradius
#ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cxm -lstdout
ExecStart=/usr/sbin/freeradius $FREERADIUS_OPTIONS
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
* After you completed these commands you can test if FreeRADIUS starts up fine.
sudo systemctl daemon-reload
sudo systemctl restart freeradius.service
sudo systemctl status freeradius.service
* If in future you need to run FreeRADIUS in debug mode on the terminal use this as a reference:
#Stop the current FreeRADIUS instance
sudo systemctl stop freeradius.service
#If it is perhaps stuck use killall
sudo killall freeradius
#Start it in debug mode
sudo freeradius -X
-------
===== Add script to sudoers file =====
Failing to do this step will leave the advanced features of RADIUSdesk broken.
* To create the ability for the web server to exercise some control over FreeRADIUS, we will have a custom script which is added to the sudoers file.
* The correct way to edit the sudoers file is by using:
sudo visudo
* Add the following at the bottom
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL www-data ALL = NOPASSWD:/usr/share/nginx/html/cake2/rd_cake/Setup/Scripts/radmin_wrapper.pl
* Confirm that this line is now inside the /etc/sudoers file
sudo cat /etc/sudoers
* This will allow the root user in RADIUSdesk to start and stop FreeRADIUS and also to do on-the-fly activation of debug traces.
--------------------
===== Configure MESHdesk and APdesk =====
* If you will be using **MESHdesk** or **APdesk** this section is for you and will make life easier for you.
* We need to configure default settings for the Coova Chilli Captive Portal which are used in both **MESHdesk** and **APdesk**.
* Please get the following information ready.
* The IP Address which the server can be reached through. This will typically be a public IP Address but it can also be a private IP Address if you run RADIUSdesk on a private network.
* The FQDN for the server if you registered in on a DNS service.
* The site wide FreeRADIUS shared secret used by the Dynamic RADIUS Clients. This was done earlier in this page when you configured the Dynamic Clients.
* There are two files which you need to edit to reflect your installations detail.
* For MESHdesk:
sudo vi /usr/share/nginx/html/cake2/rd_cake/Config/MESHdesk.php
* Look for this bit and change accordingly:
//_______________________________________________
//== Pre-set values for the Captive Portals
$config['Meshes']['captive_portal']['radius_1'] = '198.27.111.78'; // This will be the public IP Address of the FreeRADIUS / RADIUSdesk
//$config['ApProfiles']['captive_portal']['radius_2'] = '198.27.111.78'; //Optional second fallback RADIUS
$config['Meshes']['captive_portal']['radius_secret'] = 'testing123'; //Change this to the common site wide secret used by Dynamic RADIUS Clients
//Use DNS name in uam_url to looks more professional / or IP Address
$config['Meshes']['captive_portal']['uam_url'] = 'http://198.27.111.78/cake2/rd_cake/dynamic_details/chilli_browser_detect/';
$config['Meshes']['captive_portal']['uam_secret'] = 'greatsecret'; //Usually you will not change this value
//$config['ApProfiles']['captive_portal']['walled_garden'] = "www.radiusdesk.com,www.google.com"; //Optional
$config['Meshes']['captive_portal']['swap_octet'] = true;
$config['Meshes']['captive_portal']['mac_auth'] = true;
//$config['Meshes']['captive_portal']['coova_optional'] = "ssid=radiusdesk";
* For APdesk
sudo vi /usr/share/nginx/html/cake2/rd_cake/Config/ApProfiles.php
* Look for this bit and change accordingly:
//_______________________________________________
//== Pre-set values for the Captive Portals
$config['ApProfiles']['captive_portal']['radius_1'] = '198.27.111.78'; // This will be the public IP Address of the FreeRADIUS / RADIUSdesk
//$config['ApProfiles']['captive_portal']['radius_2'] = '198.27.111.78'; //Optional second fallback RADIUS
$config['ApProfiles']['captive_portal']['radius_secret'] = 'testing123'; //Change this to the common site wide secret used by Dynamic RADIUS Clients
//Use DNS name in uam_url to look more professional / or IP Address
$config['ApProfiles']['captive_portal']['uam_url'] = 'http://198.27.111.78/cake2/rd_cake/dynamic_details/chilli_browser_detect/';
$config['ApProfiles']['captive_portal']['uam_secret'] = 'greatsecret'; //Usually you will not change this value
//$config['ApProfiles']['captive_portal']['walled_garden'] = "www.radiusdesk.com,www.google.com"; //Optional
$config['ApProfiles']['captive_portal']['swap_octet'] = true;
$config['ApProfiles']['captive_portal']['mac_auth'] = true;
//$config['ApProfiles']['captive_portal']['coova_optional'] = "ssid=radiusdesk";
//__________________________________________________
* By defining these items the Add Captive Portal Exit Point windows will be **pre-populated** for you, making it **a snap** to add new Captive Portals to either a mesh or an Access Point profile. :-D
===== Next steps =====
* Be sure to also install **Node.js**.
* [[getting_started:18_install_ubuntu_node_js|Install node.js]]