====== Installing FreeRADIUS version 3.x on Raspberry Pi OS ======
===== Introduction =====
* Install FreeRADIUS and MySQL module.
sudo apt-get -y install libdatetime-perl libdbd-mysql-perl eapoltest
sudo apt-get -y install freeradius freeradius-mysql
# Answer yes to install these with their dependencies
# Please note that when this package is installed there are some things generated that can take up lots of time on slower machines.
* Enable and Start FreeRADIUS
sudo systemctl enable freeradius
sudo systemctl start freeradius
sudo systemctl status freeradius
===== Configuring FreeRADIUS version 3.x =====
* Do the following to configure FreeRADIUS 3.x to work with RADIUSdesk
# Stop the service if it is already running
sudo systemctl stop freeradius
# Backup the original FreeRADIUSdirectory
sudo mv /etc/freeradius /etc/freeradius.orig
# Extract the RADIUSdesk modified FreeRADIUS directory
sudo tar xzf /var/www/html/cake4/rd_cake/setup/radius/freeradius-radiusdesk.tar.gz --directory /etc
sudo chown -R freerad. /etc/freeradius/3.0/
sudo mkdir /var/run/freeradius
sudo chown freerad: /var/run/freeradius
* Configure the site-wide shared secret. This will be the value used by ALL Dynamic Clients.
sudo vi /etc/freeradius/3.0/sites-enabled/dynamic-clients
* Look for this part in the file and change FreeRADIUS-Client-Secret to the value you choose to use.
# Echo the IP address of the client.
FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}"
# require_message_authenticator
FreeRADIUS-Client-Require-MA = no
# secret
FreeRADIUS-Client-Secret = "testing123"
# shortname
FreeRADIUS-Client-Shortname = "%{Packet-Src-IP-Address}"
* Comment out the following two lines in the Systemd unit file
sudo vi /lib/systemd/system/freeradius.service
* See this sample to see which two lines to comment out. Failing to do this will result in a broken system with FreeRADIUS not starting up during boot.
[Unit]
Description=FreeRADIUS multi-protocol policy server
After=syslog.target network.target
Documentation=man:radiusd(8) man:radiusd.conf(5) http://wiki.freeradius.org/ http://networkradius.com/doc/
[Service]
Type=forking
PIDFile=/run/freeradius/freeradius.pid
#EnvironmentFile=-/etc/default/freeradius
#ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cxm -lstdout
ExecStart=/usr/sbin/freeradius $FREERADIUS_OPTIONS
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
* After you completed these commands you can test if FreeRADIUS starts up fine.
sudo systemctl daemon-reload
sudo systemctl restart freeradius
sudo systemctl status freeradius
===== Fixing a small bug =====
* There is a small bug which prevents FreeRADIUS to start up after a reboot.
* It has been reported here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954911
* There also seems to be a fix but it has not reached the Debian repositories as of this writing.
* So here is the fix taken from the discussion in the link.
* Create a file called **/usr/lib/tmpfiles.d/freeradius.conf**.
sudo vi /usr/lib/tmpfiles.d/freeradius.conf
* Add the following line
d /run/freeradius 750 freerad freerad -
* If you are curious about what we did, here is a writeup on tmpfiles.d
* https://www.commandlinux.com/man-page/man5/tmpfiles.d.5.html