Installing And Configure Freeradius and MySQL on Ubuntu Server – Mikrotik


1. Update your apt-get

$sudo apt-update

2. Install freeradius and mysql

sudo apt-get install freeradius freeradius-mysql mysql-server

3. Create Database for radius

# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 51
Server version: 5.5.24-0ubuntu0.12.04.1 (Ubuntu)
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.
mysql> create database radius;
mysql> grant all on radius.* to radius@localhost identified by “thepassword“;
Query OK, 0 rows affected (0.00 sec)
4. Insert database scheme
# mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql
Enter password:
# mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sql
Enter password:
5. insert new user for testing purpose
# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 72
Server version: 5.5.24-0ubuntu0.12.04.1 (Ubuntu)
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.
mysql> use radius;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES (‘sqltest’, ‘Password’, ‘testpwd’);
Query OK, 1 row affected (0.04 sec)
mysql> exit
Bye
6. Edit /etc/freeradius/sql.conf file. setting database type, login and password that we already before
# vim /etc/freeradius/sql.conf
  database = mysql
  login = radius
  password = thepassword
  readclients = yes
7. Then edit the /etc/freeradius/sites-enabled/default file
# vim /etc/freeradius/sites-enabled/default
    Uncomment sql on authorize{}
    # See “Authorization Queries” in sql.conf
    sql
    Uncomment sql on accounting{}
    # See “Accounting queries” in sql.conf
    sql
    Uncomment sql on session{}
    # See “Simultaneous Use Checking Queries” in sql.conf
    sql
    Uncomment sql on post-auth{}
    # See “Authentication Logging Queries” in sql.conf
    sql
8. Then we edit /etc/freeradius/radiusd.conf file
# vim /etc/freeradius/radiusd.conf
  #Uncomment #$INCLUDE sql.conf
  $INCLUDE sql.conf
9. To test our configuration, first we must stop freeradius service (if already running)
#service freeradius stop
     then run freeradius in debugging mode
#freeradius -X
10.  Open new shell for test and run this command
$ radtest sqltest testpwd localhost 18128 testing123
Sending Access-Request of id 65 to 127.0.0.1 port 1812
User-Name = “sqltest”
User-Password = “testpwd”
NAS-IP-Address = 127.0.1.1
NAS-Port = 18128
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=65, length=20
11. To enable Mikrotik device to access our server we need to add client in clients.conf file or add on nas table mysql
#vim /etc/freeradius/clients.conf
client 202.151.44.22 { <= this is ip of mikrotik. if network in NAT mode input ip public mikrotik
        secret = testingpassword
        shortname = testing
        nastype= other
}
12. If we want to add specific value for Mikrotik, we need to add mikrotik dictionary
#vim /etc/freeradius/dictionary

Then add this line below

$INCLUDE  /usr/share/freeradius/dictionary.mikrotik

Configure Mikrotik
We need to configure our Mikrotik devices to use our new radius server.  We need to login to Mikrotik device and configure the radius in Radius menu.
Below image is an example of our configuration.
mikrotikincrease timeout settting to 3000ms to enable invalid login notifications. (not working with default 300ms).
now mikrotik already usage freeradius 😀

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout /  Ubah )

Foto Google

You are commenting using your Google account. Logout /  Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout /  Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout /  Ubah )

Connecting to %s