`` Objectives:
1. Package/Dependencies Installation
2. Database MySQL 5.0.51a Configuration
3. FreeRADIUS 2.1.4 Configuration
4. Radiusclient-ng Installaion
5. OpenSIPS 1.5.1 Configuration
Package/Dependencies Installation:
Steps In Building Ubuntu Server 8.04.2 (hardy) packages
Double check dependencies and packages on the following:
official site link
a) Install dependencies:
apt-get install autotools-dev
apt-get install debhelper
apt-get install libgdbm-dev
apt-get install libiodbc2-dev
apt-get install libkrb5-dev
apt-get install libldap2-dev
apt-get install libltdl3-dev
apt-get install libmysqlclient15-dev
apt-get install libpam0g-dev
apt-get install libpcap-dev
apt-get install libperl-dev
apt-get install libpq-dev
apt-get install libsasl2-dev
apt-get install libsnmp-dev
apt-get install libtool
apt-get install python-dev
b) Download the source of latest FreeRADIUS version :
c) Extract files in /usr/src directory.
d) switch to newly extracted directory:
Before running followings you must have following files in the directory you issue these commands:
freeradius_2.1.4-0.dsc
freeradius_2.1.4-0.tar.gz
freeradius-server-2.1.4.tar.gz
freeradius-server-2.1.4.tar.gz.sig
##... freeradius_2.1.4-0.dsc file's contents as follows:
Format: 1.0
Source: freeradius
Binary: freeradius, freeradius-krb5, freeradius-ldap, freeradius-postgresql, freeradius-mysql, freeradius-iodbc, freeradius-dialupadmin, freeradius-dbg
Architecture: any
Version: 2.1.4-0
Maintainer: Nicolas Baradakis
Standards-Version: 3.7.3.0
Build-Depends: autotools-dev, debhelper (>= 5), dpatch (>= 2), dpkg-dev (>= 1.13.19), libgdbm-dev, libiodbc2-dev, libkrb5-dev, libldap2-dev, libltdl3-dev, libmysqlclient15-dev | libmysqlclient-dev, libpam0g-dev, libpcap-dev, libperl-dev, libpq-dev, libsasl2-dev, libsnmp9-dev | libsnmp-dev, libssl-dev, libtool (>= 1.5), python-dev, snmp
Files:
42c7d892e1f2f0dfe531ed2ba7f64f1d 3762749 freeradius_2.1.4-0.tar.gz
##...
$ dpkg-source -x *.dsc
$ cd freeradius-2.1.4/
There are some changes that must be done in order to successfully build the package. Make changes in "/debian/rules" file as follows
$ vi debian/rules
From:
confflags += --without-openssl --without-rlm_eap_peap --without-rlm_eap_tls --without-rlm_eap_ttls –without-rlm_otp
To:
confflags += --with-openssl --with-rlm_eap_peap --with-rlm_eap_tls --with-m_eap_ttls --with-rlm_otp
e) Mark the following lines to remark or delete them from file:
# if dh_shlibdeps -p $$pkg -- -O grep -q libssl; then \
# echo "$$pkg links to openssl" ; \
# exit 1 ;
# fi ;
# done
Installing the binary packages
It's best to build FreeRADIUS packages using dpkg-buildpackage (Installing directly from source confuses dpkg about the files installed on the system and it's not possible to uninstall the files later) If you don't have following packages installed use aptitude to install them!!!
(snmp , dpatch, build-essential)
$ aptitude install dpkg-dev
$ aptitude install libssl-dev
$ aptitude install fakeroot
f) Now execute the following command to build binaries:
Got too many warnings/errors, the output is at the following link:
ERRORS LOG
rlm_eap: Failed to initialize type tls
/usr/local/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
/usr/local/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module "eap".
/usr/local/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section.
}
}
$ sudo dpkg -i ../freeradius_*.deb
gpg: skipped "Alan DeKok
gpg: [stdin]: clearsign failed: secret key not available
dpkg-genchanges >../freeradius_2.1.4-0_amd64.changes
dpkg-genchanges: including full source code in upload
dpkg-buildpackage: full upload; Debian-native package (full source is included)
dpkg-buildpackage: warning: Failed to sign .dsc and .changes file
Critical to create directory if it doesn't exists:
$ mkdir /var/run/radiusd
Alternative ways of Building Ubuntu packages
- Using synaptic:
$ synaptic
select the following packages:
x freeradius
x freeradius-dbg
x freeradius-dialupadmin
x freeradius-ldap
x freeradius-mysql
(It didn't work, so i moved to plan b)
bash$ tar zxvf freeradius-[version].tar.gz
bash$ ./configure
bash$ make
bash$ su - root
bash# make install
bash# radiusd -X
/usr/local/etc/raddb/eap.conf[17]: Failed to link to module 'rlm_eap': libfreeradius-eap-2.1.5.so: cannot open shared object file: No such file or directory /usr/local/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module "eap". /usr/local/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section.
Configuring the FreeRADIUS with MySQL
First the MySQL bits (creating the db & its admin user).
Do the following from your shell.
On the MySQL shell type the following:
CREATE DATABASE radius;
GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radpass";
exit;
In my case only:
$ mysqladmin -u root -p create radius
$ cd /usr/share/doc/freeradius/examples
$ gunzip mysql.sql.gz
$ mysql -u root -p radius < mysql="" u="" root="" p="" radius="">
+--------------------+
Database
+--------------------+
information_schema
mysql
opensips
radius
+--------------------+
4 rows in set (0.00 sec)
mysql> use radius;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+------------------+
Tables_in_radius
+------------------+
nas
radacct
radcheck
radgroupcheck
radgroupreply
radippool
radpostauth
radreply
usergroup
+------------------+
9 rows in set (0.00 sec)
mysql> \q
Bye
cp sql.conf /etc/freeradius/
cd /etc/freeradius/
Now edit your /etc/freeradius/sql.conf
#
# Configuration for the Freeradius SQL module using MySQL database and a
# central radacct table. To use monthly tables with auto-rotation see
# radius_accounting.conf and radius_accounting.proc
#
sql {
driver = "rlm_sql_mysql"
server = "127.0.0.1"
login = "root"
password = "secretpwd"
radius_db = "radius"
acct_table = "radacct"
sqltrace = no
sqltracefile = ${logdir}/sqltrace-%Y%m%d.log
num_sql_socks = 25
connect_failure_retry_delay = 60
Reset the user/password/database parameters to reflect the changes (eg. radius/radpass/radius); to turn the NAS management from MySQL, search for the line...
Configuring FreeRADIUS Server:
i) Add OpenSIPS as FR Client:
First we define the devices (remote access gw, 802.1x switches, access points) that will send the authentication and accounting packets to the FR server. I am making SIP proxy server as the FR client, which will be sending accounting requests. Files that are going to be updated are as follows:
/etc/freeradius/clients.conf
/etc/freeradius/radiusd.conf
/etc/freeradius/sql.conf
/etc/freeradius/sites-available/default.conf
Make following changes in section:
client localhost {
....
# # secret and password are mapped through the "secrets" file.
secret = opensips
shortname = OpenSIPS
# # the following three fields are optional, but may be used by
# # checkrad.pl for simultaneous usage checks
nastype = other
....
....
}
- Enable MySQL accounting in FR by editing the cofig file
$ vi /etc/freeradius/radiusd.conf
Make following changes in sections:
security {
....
....
# PROXY CONFIGURATION
#
##?? $INCLUDE proxy.conf
$INCLUDE ${confdir}/proxy.conf
##?? $INCLUDE clients.conf
$INCLUDE ${confdir}/clients.conf
....
....
}
# MODULE CONFIGURATION
#
# The names and configuration of each module is located in this section.
#
# After the modules are defined here, they may be referred to by name,
# in other sections of this configuration file.
#
modules {
...
$INCLUDE sql.conf
...
}
+ Edit /etc/freeradius/sites-available/default
Un comment/add the lines for auth_log, digest, sql, and ldap in accounting section.
accounting {
...
...
#???
acct_unique
#
# If you want to have a log of authentication requests,
# un-comment the following line, and the 'detail auth_log'
# section, above.
auth_log
#
# Create a 'detail'ed log of the packets.
# Note that accounting requests which are proxied
# are also logged in the detail file.
detail
#
# If you have a Cisco SIP server authenticating against
# FreeRADIUS, uncomment the following line, and the 'digest'
# line in the 'authenticate' section.
digest
#
# Look in an SQL database. The schema of the database
# is meant to mirror the "users" file.
#
# See "Authorization Queries" in sql.conf
sql
#
# The ldap module will set Auth-Type to LDAP if it has not
# already been set
ldap
...
...
}
+ Copy the OpenSIPS dictionary to /etc/freeradius
$ cp /usr/local/share/freeradius/dictionary.openser /etc/freeradius
+ Add this line in
$ mkdir /var/run/freeradius
$ chown
$ /etc/init.d/freeradius stop
$ freeradius -X
...
...
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/freeradius/freeradius.sock
Listening on proxy address * port 1814
Ready to process requests.
Radiusclient-ng
ii) Configure the RADIUS Client (radiusclient-ng):
Download tar file radiusclient-ng-0.5.6.tar.gz from official site
# tar zxvf radiusclient-ng-0.5.6.tar.gz
# cd radiusclient-ng-0.5.6
Above process failed since it couldn't find /debian/changelog
Thus i followed following steps:
The radiusclient-ng must be compiled manually, as it is not included in the Debian distribution. Here I used the version 0.5.6
1. Checkout from berlios CVS (hit ENTER when asked for the password):
$ cd /usr/local/src
$ mkdir radiusclient-ng
$ cd radiusclient-ng
$ cvs -d:pserver:anonymous@cvs.radiusclient-ng.berlios.de:/cvsroot/radiusclient-ng login
$ cvs -z3 -d:pserver:anonymous@cvs.radiusclient-ng.berlios.de:/cvsroot/radiusclient-ng co -r RELENG_0_5_6 radiusclient-ng
$ mv radiusclient-ng radiusclient-ng-5.6
$ cd radiusclient-ng-5.6
Note: change the RELENG value to the release version you want to check out, and make the appropriate alterations to the following secitons
Note: cvs often makes problems when you are behind a firewall which blocks cvs (port 2401). To test if you can reach the CVS server try with telnet: “telnet cvs.radiusclient-ng.berlios.de 2401”
2. correct version labeling
We edit the debian/changelog file to have debian packages with the correct version number: change “radiusclient-ng (0.5.0) unstable; urgency=low” to “radiusclient-ng (0.5.6) unstable; urgency=low”
3. build the Debian packages
$ dpkg-buildpackage -rfakeroot -tc
****** I got stuck at this point when i couldn't go any further, so i
went to following link and downloaded libradiusclient-ng-dev
http://packages.ubuntu.com/hardy/amd64/libradiusclient-ng-dev/download
Used the pkg installer to install and tried to install again
$ dpkg-buildpackage -rfakeroot -tc
I only got a warning but it didnt complain about .so like before
Next i followed following steps:
4. install the packages
$ cd ..
$ su (if you are not super user)
$ dpkg -i libradius-ng-dev_0.5.6_amd64.deb libradius-ng_0.5.6_amd64.deb
$ radiusclient-ng_0.5.6_amd64.deb
$ exit
NOW I got following errors:
(Reading database ... 118048 files and directories currently installed.)
Unpacking libradius-ng-dev (from libradius-ng-dev_0.5.6_amd64.deb) ...
dpkg: error processing libradius-ng-dev_0.5.6_amd64.deb (--install):
trying to overwrite `/usr/include/radiusclient-ng.h', which is also
in package libradiusclient-ng-dev
Selecting previously deselected package libradius-ng.
Unpacking libradius-ng (from libradius-ng_0.5.6_amd64.deb) ...
dpkg: error processing libradius-ng_0.5.6_amd64.deb (--install):
trying to overwrite `/usr/lib/libradiusclient-ng.so.2.0.0', which is
also in package libradiusclient-ng2
Selecting previously deselected package radiusclient-ng.
Unpacking radiusclient-ng (from radiusclient-ng_0.5.6_amd64.deb) ...
dpkg: dependency problems prevent configuration of radiusclient-ng:
radiusclient-ng depends on libradius-ng; however:
Package libradius-ng is not installed.
dpkg: error processing radiusclient-ng (--install):
dependency problems - leaving unconfigured
Errors were encountered while processing:
libradius-ng-dev_0.5.6_amd64.deb
libradius-ng_0.5.6_amd64.deb
radiusclient-ng
The following is the list of files that should have been in place and datestamp should have been current but it shows older dates, it was bazar behavior.
/usr/include/radiusclient-ng.h
/usr/lib/libradiusclient-ng.a
/usr/lib/libradiusclient-ng.la
/usr/lib/libradiusclient-ng.so
/usr/share/doc/libradiusclient-ng-dev/BUGS
/usr/share/doc/libradiusclient-ng-dev/CHANGES.gz
/usr/share/doc/libradiusclient-ng-dev/README
/usr/share/doc/libradiusclient-ng-dev/README.Debian
/usr/share/doc/libradiusclient-ng-dev/README.radexample
/usr/share/doc/libradiusclient-ng-dev/changelog.Debian.gz
/usr/share/doc/libradiusclient-ng-dev/changelog.gz
/usr/share/doc/libradiusclient-ng-dev/copyright
*** ***
Somehow i got messed up with older version of radiusclient-ng, and those older files were causing conflict thus i have to remove all the .a and .la files, move .h files. Even all this didn't work it complains about files that i have moved to tmp directory but it says they are there eventhough they are not grrrrrrrr :#
Mike my mentor, my teacher, and my colleague steeped in on my request; fixed the problem magically (trade secret) and finally installed the package manually using ./configure, make, and make install :~{
Thanks a bunch Mike Spice, you are the greatest :)
Lets move on to my objective completion phases ;)
iii) Copy and edit the file
... (/etc/radiusclient-ng/dictionary):
$ cp /home/wiz/Documents/RadiusCDRTool/radiusclient-ng/dictionary.radius /etc/radiusclient-ng/dictionary.radius
$ vi /etc/radiusclient-ng/dictionary
Add the following lines at the end of file:
#***
# The file name given here should be an absolute path.
#***
$INCLUDE /etc/freeradius/dictionary.openser
iv) Edit the file (/etc/radiusclient-ng/servers):
Add the following line at the end of the file...
127.0.0.1 opensips
Now the file should look like this:
#Server Name or Client/Server pair ... Key
#---------------- ... ... ... ... ... ... ... ... ... ... ---------------
#portmaster.elemental.net ... ... ... ... hardlyasecret
#portmaster2.elemental.net ... ... ... . donttellanyone
127.0.0.1 opensips
v) Edit the file (/etc/radiusclient-ng/radiusclient.conf):
Make following changes by adding IP address of RADIUS server
# RADIUS server to use for accouting requests. All that I
# said for authserver applies, too.
#
#acctserver localhost
acctserver 127.0.0.1
Configure OpenSIPS:
The "acc" module have support for RADIUS but its not enabled thus opensips.cfg file needs additional script to enable the RADIUS support.
a) Re-compile OpenSIPS first to start the integration process:
I figured its good time to break my OpenSIPS 1.5.0 and install 1.5.1, it would resolve some of the issues I'm having.
Buckle-up...
