For the last week, I have been attempting to install a RADIUS daemon on my Ubuntu Server. Alas, the RADIUS server I had originally installed, did not agree with the version of PERL that Ubuntu had been compiled with. Ain’t it always like that…sigh.
The only option was to compile the latest stable version of freeRADIUS 2.0.5 on Ubuntu and cross my fingers. It was NOT all that easy. Before you compile freeRADIUS, there are two changes you’ll have to make before freeRADIUS plays nice with Debian. After you have downloaded freeRADIUS from freeradius.org (as a non-root user), do the following:
$ tar zxf freeradius-2.0.5.tar.gz
If you don’t have dpkg-buildpackage, then now is the time to download it with :
$ apt-get install dpkg-dev
After the freeradius archive has been expanded, you’ll have to fix an error in the source code. The error is at lines 47-48 in debian/patches/01-radiusd-to-freeradius.dpatch. Make the following alteration:
-#user = nobody -#group = nobody
to
-#user = radius -#group = radius
Next chmod the untared freeradius folder with this:
$ chmod +x -R freeradius-2.0.5
Then, perform the following:
$ cd freeradius-2.0.5 $ fakeroot dpkg-buildpackage -b -uc $ sudo dpkg -i ../freeradius_2.0.5-0_i386.deb
After all that, you may still get some errors. Most notably, what I got was the following:
Error binding to port for 0.0.0.0 port 1812
This had little to do with a mis-configuration of freeradius, rather I had accidentally initiated two freeradius processes running at the same time. The second process couldn’t bind, so simply killing the process gave me fine results.
The people at wiki.freedius.org are fine at handling issues, but you must provide a detailed report by running freeradius with the ‘-X’ switch:
sudo freeradius -X
Add the following to the top of the users file in /etc/freeradius:
test Cleartext-Password := "test"
Without adding that last tid-bit, you’ll never get RADIUS to accept your requests. It took me forever to figure that out. Next, verify there is an entry in the clients.conf file in /etc/freeradius with the following:
client 127.0.0.1 { ipaddr = 127.0.0.1 secret = testing123 shortname = localtest login = test password = test require_message_authenticator = no }
If you have used freeRADIUS before, you’ll notice that the client format has changed. You can use the previous 1.x format for compatibility if you choose. Fire-up another terminal window and type the following:
radtest test test 127.0.0.1 1812 testing123
You should have reported back to you the following message:
Sending Access-Request of id XX to 127.0.0.1 port 1812 User-Name = "test" User-Password = "test" NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=XX, length=YY
So far, all this means is your server is running and is returning Access-Accept messages back to you. Plus, authentication is working…for the most part.