FreeRADIUS Full Documentation
This guide covers installation and configuration of FreeRADIUS including authentication without SQL, database authentication with MySQL, utilities, testing, integration with pfSense, and troubleshooting.
Install FreeRADIUS
# Update packages
sudo apt update
# Install FreeRADIUS
sudo apt install freeradius freeradius-utils -y
sudo apt update
# Install FreeRADIUS
sudo apt install freeradius freeradius-utils -y
Check FreeRADIUS Version
freeradius -v
Start & Enable Service
sudo systemctl start freeradius
sudo systemctl enable freeradius
# Check service status
sudo systemctl status freeradius
sudo systemctl enable freeradius
# Check service status
sudo systemctl status freeradius
Run Debug Mode
# Stop service first
sudo systemctl stop freeradius
# Run debug mode
sudo freeradius -X
sudo systemctl stop freeradius
# Run debug mode
sudo freeradius -X
Important Configuration Files
/etc/freeradius/3.0/
clients.conf
mods-enabled/
mods-available/
sites-enabled/
sites-available/
clients.conf
mods-enabled/
mods-available/
sites-enabled/
sites-available/
Create Local Test User
sudo nano /etc/freeradius/3.0/mods-config/files/authorize
# Add user
testuser Cleartext-Password := "testpassword"
# Add user
testuser Cleartext-Password := "testpassword"
Test Authentication
radtest testuser testpassword localhost 0 testing123
radtest Utility
# Test RADIUS authentication
radtest username password server port secret
radtest username password server port secret
radclient Utility
# Send custom RADIUS request
echo "User-Name=testuser,User-Password=testpassword" | radclient localhost auth testing123
echo "User-Name=testuser,User-Password=testpassword" | radclient localhost auth testing123
radsniff Utility
# Capture RADIUS packets
sudo radsniff -i any
sudo radsniff -i any
Authentication Without SQL
FreeRADIUS can authenticate users directly from the local files module.
sudo nano /etc/freeradius/3.0/mods-config/files/authorize
Example User Configuration
john Cleartext-Password := "123456"
Reply-Message := "Welcome John"
Reply-Message := "Welcome John"
Install MySQL
sudo apt install mysql-server freeradius-mysql -y
Create Radius Database
sudo mysql -u root -p
CREATE DATABASE radius;
CREATE USER 'radius'@'localhost' IDENTIFIED BY 'StrongPassword';
GRANT ALL PRIVILEGES ON radius.* TO 'radius'@'localhost';
FLUSH PRIVILEGES;
CREATE DATABASE radius;
CREATE USER 'radius'@'localhost' IDENTIFIED BY 'StrongPassword';
GRANT ALL PRIVILEGES ON radius.* TO 'radius'@'localhost';
FLUSH PRIVILEGES;
Import FreeRADIUS Schema
sudo mysql -u radius -p radius < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql
Enable SQL Module
sudo ln -s /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-enabled/
Add User to Database
INSERT INTO radcheck (username,attribute,op,value)
VALUES ('testuser','Cleartext-Password',':=','testpassword');
VALUES ('testuser','Cleartext-Password',':=','testpassword');
Configure Network Clients
sudo nano /etc/freeradius/3.0/clients.conf
client router {
ipaddr = 192.168.1.1
secret = testing123
}
client router {
ipaddr = 192.168.1.1
secret = testing123
}
pfSense Integration
# In pfSense Captive Portal RADIUS settings
Server IP: 192.168.1.10
Authentication Port: 1812
Accounting Port: 1813
Shared Secret: testing123
Server IP: 192.168.1.10
Authentication Port: 1812
Accounting Port: 1813
Shared Secret: testing123
RADIUS Ports
1812 - Authentication
1813 - Accounting
1813 - Accounting
Service Failed to Start
sudo systemctl status freeradius
sudo journalctl -xeu freeradius
sudo journalctl -xeu freeradius
Port 1812 Already in Use
sudo ss -tulpn | grep 1812
# Stop service using the port
sudo systemctl stop freeradius
# Stop service using the port
sudo systemctl stop freeradius
SQL Connection Errors
# Run debug
sudo freeradius -X
sudo freeradius -X
Check FreeRADIUS Logs
sudo tail -f /var/log/freeradius/radius.log