====== Installing FreeRADIUS version 3.x on Raspberry Pi OS ====== ===== Introduction ===== * Install FreeRADIUS and MySQL module. sudo apt-get -y install libdatetime-perl libdbd-mysql-perl eapoltest sudo apt-get -y install freeradius freeradius-mysql # Answer yes to install these with their dependencies # Please note that when this package is installed there are some things generated that can take up lots of time on slower machines. * Enable and Start FreeRADIUS sudo systemctl enable freeradius sudo systemctl start freeradius sudo systemctl status freeradius ===== Configuring FreeRADIUS version 3.x ===== * Do the following to configure FreeRADIUS 3.x to work with RADIUSdesk # Stop the service if it is already running sudo systemctl stop freeradius # Backup the original FreeRADIUSdirectory sudo mv /etc/freeradius /etc/freeradius.orig # Extract the RADIUSdesk modified FreeRADIUS directory sudo tar xzf /var/www/html/cake4/rd_cake/setup/radius/freeradius-radiusdesk.tar.gz --directory /etc sudo chown -R freerad. /etc/freeradius/3.0/ sudo mkdir /var/run/freeradius sudo chown freerad: /var/run/freeradius * Configure the site-wide shared secret. This will be the value used by ALL Dynamic Clients. sudo vi /etc/freeradius/3.0/sites-enabled/dynamic-clients * Look for this part in the file and change FreeRADIUS-Client-Secret to the value you choose to use. # Echo the IP address of the client. FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}" # require_message_authenticator FreeRADIUS-Client-Require-MA = no # secret FreeRADIUS-Client-Secret = "testing123" # shortname FreeRADIUS-Client-Shortname = "%{Packet-Src-IP-Address}" * Comment out the following two lines in the Systemd unit file sudo vi /lib/systemd/system/freeradius.service * See this sample to see which two lines to comment out. Failing to do this will result in a broken system with FreeRADIUS not starting up during boot. [Unit] Description=FreeRADIUS multi-protocol policy server After=syslog.target network.target Documentation=man:radiusd(8) man:radiusd.conf(5) http://wiki.freeradius.org/ http://networkradius.com/doc/ [Service] Type=forking PIDFile=/run/freeradius/freeradius.pid #EnvironmentFile=-/etc/default/freeradius #ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cxm -lstdout ExecStart=/usr/sbin/freeradius $FREERADIUS_OPTIONS Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target * After you completed these commands you can test if FreeRADIUS starts up fine. sudo systemctl daemon-reload sudo systemctl restart freeradius sudo systemctl status freeradius ===== Fixing a small bug ===== * There is a small bug which prevents FreeRADIUS to start up after a reboot. * It has been reported here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954911 * There also seems to be a fix but it has not reached the Debian repositories as of this writing. * So here is the fix taken from the discussion in the link. * Create a file called **/usr/lib/tmpfiles.d/freeradius.conf**. sudo vi /usr/lib/tmpfiles.d/freeradius.conf * Add the following line d /run/freeradius 750 freerad freerad - * If you are curious about what we did, here is a writeup on tmpfiles.d * https://www.commandlinux.com/man-page/man5/tmpfiles.d.5.html