====== Installing FreeRADIUS version 3.x on Raspberry Pi OS ======
===== Introduction =====
  * Install FreeRADIUS and MySQL module.
<code bash>
sudo apt-get -y install libdatetime-perl libdbd-mysql-perl eapoltest
sudo apt-get -y install freeradius freeradius-mysql
# Answer yes to install these with their dependencies
# Please note that when this package is installed there are some things generated that can take up lots of time on slower machines.
</code>
  * Enable and Start FreeRADIUS
<code bash>
sudo systemctl enable freeradius
sudo systemctl start freeradius
sudo systemctl status freeradius
</code>
===== Configuring FreeRADIUS version 3.x =====
  * Do the following to configure FreeRADIUS 3.x to work with RADIUSdesk
<code bash>
# Stop the service if it is already running
sudo systemctl stop freeradius
# Backup the original FreeRADIUSdirectory
sudo mv /etc/freeradius /etc/freeradius.orig
# Extract the RADIUSdesk modified FreeRADIUS directory
sudo tar xzf /var/www/html/cake4/rd_cake/setup/radius/freeradius-radiusdesk.tar.gz --directory /etc
sudo chown -R freerad. /etc/freeradius/3.0/
sudo  mkdir /var/run/freeradius
sudo chown freerad: /var/run/freeradius
</code>
  * Configure the site-wide shared secret. This will be the value used by ALL Dynamic Clients.
<code bash>
sudo vi /etc/freeradius/3.0/sites-enabled/dynamic-clients
</code>
  * Look for this part in the file and change FreeRADIUS-Client-Secret to the value you choose to use.
<code bash>
#  Echo the IP address of the client.
FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}"
 
# require_message_authenticator
FreeRADIUS-Client-Require-MA = no
 
# secret
FreeRADIUS-Client-Secret = "testing123"
 
# shortname
FreeRADIUS-Client-Shortname = "%{Packet-Src-IP-Address}"
</code>
  * Comment out the following two lines in the Systemd unit file
<code bash>
sudo vi /lib/systemd/system/freeradius.service
</code>
  * See this sample to see which two lines to comment out. Failing to do this will result in a broken system with FreeRADIUS not starting up during boot.
<code bash>
[Unit]
Description=FreeRADIUS multi-protocol policy server
After=syslog.target network.target
Documentation=man:radiusd(8) man:radiusd.conf(5) http://wiki.freeradius.org/ http://networkradius.com/doc/
 
[Service]
Type=forking
PIDFile=/run/freeradius/freeradius.pid
#EnvironmentFile=-/etc/default/freeradius
#ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cxm -lstdout
ExecStart=/usr/sbin/freeradius $FREERADIUS_OPTIONS
Restart=on-failure
RestartSec=5
 
[Install]
WantedBy=multi-user.target
</code>
  * After you completed these commands you can test if FreeRADIUS starts up fine.
<code>
sudo systemctl daemon-reload 
sudo systemctl restart freeradius
sudo systemctl status freeradius
</code>
===== Fixing a small bug =====
  * There is a small bug which prevents FreeRADIUS to start up after a reboot.
  * It has been reported here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954911
  * There also seems to be a fix but it has not reached the Debian repositories as of this writing.
  * So here is the fix taken from the discussion in the link.
  * Create a file called **/usr/lib/tmpfiles.d/freeradius.conf**.
<code bash>
sudo vi /usr/lib/tmpfiles.d/freeradius.conf
</code>
  * Add the following line
<code bash>
d /run/freeradius 750 freerad freerad -
</code>
  * If you are curious about what we did, here is a writeup on tmpfiles.d
        * https://www.commandlinux.com/man-page/man5/tmpfiles.d.5.html