===== Installing FreeRADIUS version 3.x =====
* Ubuntu is still sticking with FreeRADIUS version 2.x even with the 16.04 LTS release.
* Fortunately adding the repository with the version 3.x packages of FreeRADIUS is a snap and super easy.
* https://launchpad.net/~freeradius/+archive/ubuntu/stable-3.0
* Add the Personal Package Archive (PPA) for the version 3 of FreeRADIUS.
sudo apt-get install software-properties-common python-software-properties
sudo add-apt-repository ppa:freeradius/stable-3.0
#Answer yes to include the PPA with it's keys
#Update all the reposiories
sudo apt-get update
* Install the following FreeRADIUS packages.
sudo apt-get install freeradius freeradius-mysql
#Answer yes to install thse with their dependencies
#Please note that when this package is installed there is some things generated that can take up lots of time on slower machines.
* Enable and start freeradius
sudo systemctl enable freeradius.service
sudo systemctl start freeradius.service
== Please Take Note ==
* The current version of FreeRADIUS available on the repository (3.0.12) has this bug: http://lists.freeradius.org/pipermail/freeradius-users/2016-October/085317.html
* While we wait for the maintainer of the repository to update to the latest stable release please follow the instructions in this page to [[getting_started:install_ubuntu_freeradius_upgrade|Upgrade FreeRADIUS]] using our own set of packages.
* Once the repository has been updated we will remove this //'detour'// instructions
-----
===== Configuring FreeRADIUS version 3.x =====
* Do the following to configure FreeRADIUS 3.x to work with RADIUSdesk
#Stop the service if it might be running
sudo systemctl stop freeradius.service
#Backup the original
sudo mv /etc/freeradius /etc/freeradius.orig
#Copy the RADIUSdesk specific one
sudo cp /usr/share/nginx/html/cake2/rd_cake/Setup/Radius/freeradius-3-radiusdesk.tar.gz /etc/
cd /etc
#Extract it
sudo tar -xzvf freeradius-3-radiusdesk.tar.gz
* Configure the site wide shared secret. This will be the value used by ALL Dynamic Clients.
sudo vi /etc/freeradius/sites-enabled/dynamic-clients
* Look for this part in the file and change **FreeRADIUS-Client-Secret** to the value you choose to use.
# Echo the IP address of the client.
FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}"
# require_message_authenticator
FreeRADIUS-Client-Require-MA = no
# secret
FreeRADIUS-Client-Secret = "testing123"
# shortname
FreeRADIUS-Client-Shortname = "%{Packet-Src-IP-Address}"
* Comment out the following two lines in the systemd service file
sudo vi /lib/systemd/system/freeradius.service
* See this sample to see which two lines to comment out. Failing to do this will result in a broken system with FreeRADIUS not starting up during boot
[Unit]
Description=FreeRADIUS multi-protocol policy server
After=syslog.target network.target
Documentation=man:radiusd(8) man:radiusd.conf(5) http://wiki.freeradius.org/ http://networkradius.com/doc/
[Service]
Type=forking
PIDFile=/run/freeradius/freeradius.pid
#EnvironmentFile=-/etc/default/freeradius
#ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cxm -lstdout
ExecStart=/usr/sbin/freeradius $FREERADIUS_OPTIONS
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
* After you completed these commands you can test if FreeRADIUS starts up fine.
sudo systemctl daemon-reload
sudo systemctl restart freeradius.service
sudo systemctl status freeradius.service
* If in future you need to run FreeRADIUS in debug mode on the terminal use this as a reference:
#Stop the current FreeRADIUS instance
sudo systemctl stop freeradius.service
#If it is perhaps stuck use killall
sudo killall freeradius
#Start it in debug mode
sudo freeradius -X
-------
===== Add script to sudoers file =====
Failing to do this step will leave the advanced features of RADIUSdesk broken.
* To create the ability for the web server to exercise some control over FreeRADIUS, we will have a custom script which is added to the sudoers file.
* The correct way to edit the sudoers file is by using:
sudo visudo
* Add the following at the bottom
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL www-data ALL = NOPASSWD:/usr/share/nginx/html/cake2/rd_cake/Setup/Scripts/radmin_wrapper.pl
* Confirm that this line is now inside the /etc/sudoers file
sudo cat /etc/sudoers
* This will allow the root user in RADIUSdesk to start and stop FreeRADIUS and also to do on-the-fly activation of debug traces.
--------------------
===== Configure MESHdesk and APdesk =====
* If you will be using **MESHdesk** or **APdesk** this section is for you and will make life easier for you.
* We need to configure default settings for the Coova Chilli Captive Portal which are used in both **MESHdesk** and **APdesk**.
* Please get the following information ready.
* The IP Address which the server can be reached through. This will typically be a public IP Address but it can also be a private IP Address if you run RADIUSdesk on a private network.
* The FQDN for the server if you registered in on a DNS service.
* The site wide FreeRADIUS shared secret used by the Dynamic RADIUS Clients. This was done earlier in this page when you configured the Dynamic Clients.
* There are two files which you need to edit to reflect your installations detail.
* For MESHdesk:
sudo vi /usr/share/nginx/html/cake2/rd_cake/Config/MESHdesk.php
* Look for this bit and change accordingly:
//_______________________________________________
//== Pre-set values for the Captive Portals
$config['Meshes']['captive_portal']['radius_1'] = '198.27.111.78'; // This will be the public IP Address of the FreeRADIUS / RADIUSdesk
//$config['ApProfiles']['captive_portal']['radius_2'] = '198.27.111.78'; //Optional second fallback RADIUS
$config['Meshes']['captive_portal']['radius_secret'] = 'testing123'; //Change this to the common site wide secret used by Dynamic RADIUS Clients
//Use DNS name in uam_url to looks more professional / or IP Address
$config['Meshes']['captive_portal']['uam_url'] = 'http://198.27.111.78/cake2/rd_cake/dynamic_details/chilli_browser_detect/';
$config['Meshes']['captive_portal']['uam_secret'] = 'greatsecret'; //Usually you will not change this value
//$config['ApProfiles']['captive_portal']['walled_garden'] = "www.radiusdesk.com,www.google.com"; //Optional
$config['Meshes']['captive_portal']['swap_octet'] = true;
$config['Meshes']['captive_portal']['mac_auth'] = true;
//$config['Meshes']['captive_portal']['coova_optional'] = "ssid=radiusdesk";
* For APdesk
sudo vi /usr/share/nginx/html/cake2/rd_cake/Config/ApProfiles.php
* Look for this bit and change accordingly:
//_______________________________________________
//== Pre-set values for the Captive Portals
$config['ApProfiles']['captive_portal']['radius_1'] = '198.27.111.78'; // This will be the public IP Address of the FreeRADIUS / RADIUSdesk
//$config['ApProfiles']['captive_portal']['radius_2'] = '198.27.111.78'; //Optional second fallback RADIUS
$config['ApProfiles']['captive_portal']['radius_secret'] = 'testing123'; //Change this to the common site wide secret used by Dynamic RADIUS Clients
//Use DNS name in uam_url to look more professional / or IP Address
$config['ApProfiles']['captive_portal']['uam_url'] = 'http://198.27.111.78/cake2/rd_cake/dynamic_details/chilli_browser_detect/';
$config['ApProfiles']['captive_portal']['uam_secret'] = 'greatsecret'; //Usually you will not change this value
//$config['ApProfiles']['captive_portal']['walled_garden'] = "www.radiusdesk.com,www.google.com"; //Optional
$config['ApProfiles']['captive_portal']['swap_octet'] = true;
$config['ApProfiles']['captive_portal']['mac_auth'] = true;
//$config['ApProfiles']['captive_portal']['coova_optional'] = "ssid=radiusdesk";
//__________________________________________________
* By defining these items the Add Captive Portal Exit Point windows will be **pre-populated** for you, making it **a snap** to add new Captive Portals to either a mesh or an Access Point profile. :-D
===== Next steps =====
* Be sure to also install **Node.js**.
* [[getting_started:install_ubuntu_node_js|Install node.js]]