Inspired by my previous post here: How to install a PPTPD VPN server on Centos 6.X in just 4 commands I wanted to make an installer for FreeRadius that could be achieved in as little steps as PPTPD.
And here we go, FreeRadius in 3 steps (or 5 if you’re using CentOS 5).
What you will need for this tutorial
- A VPS with Centos 5.x or 6.x (32 or 64 bit is ok)
- About 2 minutes of free time! (yes it’s that quick!)
- Putty terminal already connected to your server, ready to go!
Need a VPS? I highly recommend DigitalOcean if you are shopping around, pretty quick support and their entire website is perfectly automated. It’s a very impressive place to hang out!
Let’s begin, and finish in one step!
Simply copy and paste the appropriate set of commands below for your OS version into your putty session:
CentOS 6:
yum install -y git cd /opt && git clone git://github.com/xaviertidus/FreeRadiusQuickScript.git cd FreeRadiusQuickScript && bash install.centos6.sh
CentOS 5:
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt rpm -K rpmforge-release-0.5.2-2.el5.rf.i386.rpm rpm -i rpmforge-release-0.5.2-2.el5.rf.i386.rpm yum install -y git
cd /opt && git clone git://github.com/xaviertidus/FreeRadiusQuickScript.git cd FreeRadiusQuickScript && bash install.centos5.sh
Once the final command from the lists above is input, my installer will start. It will ask you for two new passwords at the beginning, these are (in order of appearance):
Radius SQL User Password – this is the password that FreeRadius will use to connect to MySQL to verify logins sent to it for authorization.
Localhost Auth Request Secret – This is the secret that applications running on localhost will pass to FreeRadius to verify they are allowed to query.
Both of these have a default password set in the installer, so if you aren’t to bothered about security you can just hit enter for both of these without entering a thing.
Why does CentOS5 have a couple extra steps?
CentOS 5 was released back when Git was still a lil baby, and so it wasn’t in the repos for CentOS5. However we can add it in by using the few extra commands above our quick install script.
Ok I am done, what should I do now?
I recommend that if you’re actually doing to use this application for something other than fun you read the tutorial here: Installing FreeRadius on CentOS 5/6 or Ubuntu 11 for a more in depth explination about FreeRadius and it’s configuration files.
However if you already know all this or don’t care here are the next steps you should take (and with links on how to do them!)
- Secure your MySQL installation!
We didn’t set a password for root in MySQL during this install, which means anyone can gain access to MySQL using root with no password. MySQL comes with a utility to help us with that called “mysql_secure_installation”, you can execute it by running this in your terminal “/usr/bin/mysql_secure_installation“, or you can read the tutorial on this here: Securing your new MySQL installation with /usr/bin/mysql_secure_installation - Authorize additional servers to use your new FreeRadius server!
At the moment only applications on the same server as FreeRadius only have access to FreeRadius’s authorization abilities, wouldn’t it be nice to only maintain one configuration of logins across multiple servers and applications? You need to add a few entries to your /etc/raddb/clients.conf (CentOS6) or /etc/freeradius/clients.conf (CentOS5) to do this, or you can read my tutorial on this here: Authorzing External Servers to use your FreeRadius Server - Add additional user accounts to your FreeRadius server!
If you only needed the one login for your purposes then FreeRadius is severely overkill, so you need to add more user accounts to the MySQL database we created during the script called ‘radius’, within that database is a table called ‘radcheck’ and that’s were you need to add more accounts. If you like however I have an tutorial on how to do this here: Adding and removing users from the FreeRadius Database (MySQL)