Installing FreeRADIUS version 3.x on Ubuntu 22.04

Introduction

• Ubuntu 22.04 now comes with a FreeRADIUS 3.x version.
• Install FreeRADIUS and MySQL module.

sudo apt-get -y install libdatetime-perl libdbd-mysql-perl libdigest-hmac-perl  libdatetime-format-rfc3339-perl
 eapoltest
sudo apt-get -y install freeradius freeradius-mysql
# Answer yes to install these with their dependencies
# Please note that when this package is installed there are some things generated that can take up lots of time on slower machines.

• Activating and starting FreeRADIUS

sudo systemctl enable freeradius
sudo systemctl start freeradius
sudo systemctl status freeradius

Configuring FreeRADIUS version 3.x

• Proceed as follows to configure FreeRADIUS 3.x to work with RADIUSdesk

# Stop the service if it is already running
sudo systemctl stop freeradius
# Backup the original FreeRADIUSdirectory
sudo mv /etc/freeradius /etc/freeradius.orig
# Extract the RADIUSdesk modified FreeRADIUS directory
sudo tar xzf /var/www/html/cake4/rd_cake/setup/radius/freeradius-radiusdesk.tar.gz --directory /etc
sudo chown -R freerad. /etc/freeradius/3.0/
sudo  mkdir /var/run/freeradius
sudo chown freerad. /var/run/freeradius

• Configure the site-wide shared secret. This is the value used by ALL dynamic clients.

sudo vi /etc/freeradius/3.0/sites-enabled/dynamic-clients

• Find this part in the file and change FreeRADIUS-Client-Secret to the value you want to use.

#  Echo the IP address of the client.
FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}"
 
# require_message_authenticator
FreeRADIUS-Client-Require-MA = no
 
# secret
FreeRADIUS-Client-Secret = "testing123"
 
# shortname
FreeRADIUS-Client-Shortname = "%{Packet-Src-IP-Address}"

• Comment out the following two lines in the systemd unit file

sudo vi /lib/systemd/system/freeradius.service

• Take a look at this example to see which two lines you need to comment out. If you do not do this, the system will not work and FreeRADIUS will not start at boot time.

[Unit]
Description=FreeRADIUS multi-protocol policy server
After=syslog.target network.target
Documentation=man:radiusd(8) man:radiusd.conf(5) http://wiki.freeradius.org/ http://networkradius.com/doc/
 
[Service]
Type=forking
PIDFile=/run/freeradius/freeradius.pid
#EnvironmentFile=-/etc/default/freeradius
#ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cxm -lstdout
ExecStart=/usr/sbin/freeradius $FREERADIUS_OPTIONS
Restart=on-failure
RestartSec=5
 
[Install]
WantedBy=multi-user.target

• After you have executed these commands, you can test whether FreeRADIUS starts without any problems.

sudo systemctl daemon-reload 
sudo systemctl restart freeradius
sudo systemctl status freeradius

Correction of a minor error

• There is a small bug that prevents FreeRADIUS from starting after a restart.
• It was reported here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954911
• There also seems to be a fix, but it has not yet arrived in the Ubuntu repositories.
• So here is the solution from the discussion in the link
• Create a file called /usr/lib/tmpfiles.d/freeradius.conf

sudo vi /usr/lib/tmpfiles.d/freeradius.conf

• Add the following line

d /run/freeradius 750 freerad freerad -

• If you are curious about what we did, you can find a report on tmpfiles.d here
  • https://www.commandlinux.com/man-page/man5/tmpfiles.d.5.html

Next steps

• You need to do a few small tweaks for your environment
• Tweak Your Install