Installing FreeRADIUS version 3.x on Raspberry Pi OS

Introduction

• Install FreeRADIUS and MySQL module.

sudo apt-get -y install libdatetime-perl libdbd-mysql-perl eapoltest
sudo apt-get -y install freeradius freeradius-mysql
# Answer yes to install these with their dependencies
# Please note that when this package is installed there are some things generated that can take up lots of time on slower machines.

• Enable and Start FreeRADIUS

sudo systemctl enable freeradius
sudo systemctl start freeradius
sudo systemctl status freeradius

Configuring FreeRADIUS version 3.x

• Do the following to configure FreeRADIUS 3.x to work with RADIUSdesk

# Stop the service if it is already running
sudo systemctl stop freeradius
# Backup the original FreeRADIUSdirectory
sudo mv /etc/freeradius /etc/freeradius.orig
# Extract the RADIUSdesk modified FreeRADIUS directory
sudo tar xzf /var/www/html/cake4/rd_cake/setup/radius/freeradius-radiusdesk.tar.gz --directory /etc
sudo chown -R freerad. /etc/freeradius/3.0/
sudo  mkdir /var/run/freeradius
sudo chown freerad: /var/run/freeradius

• Configure the site-wide shared secret. This will be the value used by ALL Dynamic Clients.

sudo vi /etc/freeradius/3.0/sites-enabled/dynamic-clients

• Look for this part in the file and change FreeRADIUS-Client-Secret to the value you choose to use.

#  Echo the IP address of the client.
FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}"
 
# require_message_authenticator
FreeRADIUS-Client-Require-MA = no
 
# secret
FreeRADIUS-Client-Secret = "testing123"
 
# shortname
FreeRADIUS-Client-Shortname = "%{Packet-Src-IP-Address}"

• Comment out the following two lines in the Systemd unit file

sudo vi /lib/systemd/system/freeradius.service

• See this sample to see which two lines to comment out. Failing to do this will result in a broken system with FreeRADIUS not starting up during boot.

[Unit]
Description=FreeRADIUS multi-protocol policy server
After=syslog.target network.target
Documentation=man:radiusd(8) man:radiusd.conf(5) http://wiki.freeradius.org/ http://networkradius.com/doc/
 
[Service]
Type=forking
PIDFile=/run/freeradius/freeradius.pid
#EnvironmentFile=-/etc/default/freeradius
#ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cxm -lstdout
ExecStart=/usr/sbin/freeradius $FREERADIUS_OPTIONS
Restart=on-failure
RestartSec=5
 
[Install]
WantedBy=multi-user.target

• After you completed these commands you can test if FreeRADIUS starts up fine.

sudo systemctl daemon-reload 
sudo systemctl restart freeradius
sudo systemctl status freeradius

Fixing a small bug

• There is a small bug which prevents FreeRADIUS to start up after a reboot.
• It has been reported here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954911
• There also seems to be a fix but it has not reached the Debian repositories as of this writing.
• So here is the fix taken from the discussion in the link.
• Create a file called /usr/lib/tmpfiles.d/freeradius.conf.

sudo vi /usr/lib/tmpfiles.d/freeradius.conf

• Add the following line

d /run/freeradius 750 freerad freerad -

• If you are curious about what we did, here is a writeup on tmpfiles.d
  • https://www.commandlinux.com/man-page/man5/tmpfiles.d.5.html