-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
22 additions
and
120 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,120 +1,23 @@ | ||
| # eduroam-freeradius | ||
|
|
||
| ### Commands for installing FreeRadius on CentOS 8: | ||
|
|
||
| ## Install FreeRadius | ||
| sudo dnf install -y @freeradius freeradius-utils freeradius-mysql | ||
|
|
||
| ## Enable and start radiusd service: | ||
| sudo systemctl enable --now radiusd.service | ||
|
|
||
| ## Add firewall rule for Radius in Firewalld: | ||
| sudo firewall-cmd --add-service=radius --permanent &&\ | ||
| sudo firewall-cmd --reload | ||
|
|
||
|
|
||
|
|
||
| ## Install MariaDB: | ||
| sudo dnf module install mariadb | ||
|
|
||
| ## Enable and start MariaDB: | ||
| sudo systemctl enable --now mariadb.service | ||
|
|
||
| ## Securely configure MariaDB: | ||
| sudo mysql_secure_installation | ||
|
|
||
|
|
||
|
|
||
| ## Create SQL database in MariaDB for Radius: | ||
| mysql -u root -p | ||
|
|
||
| MariaDB [(none)]> CREATE DATABASE radius; | ||
| Query OK, 1 row affected (0.000 sec) | ||
|
|
||
| MariaDB [(none)]> GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "SuperStrongPassword"; | ||
| Query OK, 0 rows affected (0.000 sec) | ||
|
|
||
| MariaDB [(none)]> FLUSH PRIVILEGES; | ||
| Query OK, 0 rows affected (0.000 sec) | ||
|
|
||
| MariaDB [(none)]> quit; | ||
| Bye | ||
|
|
||
|
|
||
| ## Initialize database for Radius (as root): | ||
| sudo su - | ||
| mysql -u root -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql | ||
|
|
||
| ## Exit root shell: | ||
| exit | ||
|
|
||
| ## Enable MySQL mod for Radius: | ||
| sudo ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/ | ||
|
|
||
| ## Edit the SQL config file to point to MySQL database: | ||
| sudo vim /etc/raddb/mods-available/sql | ||
|
|
||
| ## Uncomment or add and configure the following parts of the SQL config file undert the 'sql {' section: | ||
| driver = "rlm_sql_mysql" | ||
| dialect = "mysql" | ||
| # Connection info: | ||
| # | ||
| server = "localhost" | ||
| port = 3306 | ||
| login = "radius" | ||
| password = "SuperStrongPassword" | ||
|
|
||
| ## Change group ownership of SQL config file and restart Radius: | ||
| sudo chgrp -h radiusd /etc/raddb/mods-enabled/sql &&\ | ||
| sudo systemctl restart radiusd | ||
|
|
||
| ## Install Apache + PHP for Daloradius web interface: | ||
| sudo dnf -y install @httpd @php | ||
| sudo dnf -y install php-{cli,curl,mysqlnd,devel,gd,pear,mbstring,xml,pear} | ||
| sudo pear install MDB2 DB | ||
|
|
||
| ## Start and enable Apache and php-fpm: | ||
| sudo systemctl enable --now httpd.service php-fpm.service | ||
|
|
||
| ## Configure Firewalld for Apache: | ||
| sudo firewall-cmd --add-service={http,https} --permanent | ||
| sudo firewall-cmd --reload | ||
|
|
||
| ## Download Daloradius (as root): | ||
| sudo su - | ||
| curl -L -O 'https://github.com/lirantal/daloradius/archive/master.zip' &&\ | ||
| unzip master.zip &&\ | ||
| rm master.zip &&\ | ||
| mv daloradius-master/ /opt/daloradius | ||
|
|
||
| ## Import Daloradius database tables (as root): | ||
| mysql -u root -p radius < /opt/daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql | ||
| mysql -u root -p radius < /opt/daloradius/contrib/db/mysql-daloradius.sql | ||
|
|
||
| ## Exit root shell: | ||
| exit | ||
|
|
||
| ## Remove default Apache web root and replace with Daloradius, fixing permissions as well: | ||
| sudo rm -rf /var/www/html &&\ | ||
| sudo cp -r /opt/daloradius /var/www/html &&\ | ||
| sudo chown -R apache:apache /var/www/html/ | ||
|
|
||
| ## Edit Daloradius' config file: | ||
| sudo vim /var/www/html/library/daloradius.conf.php | ||
|
|
||
| ## Specifically, the following values should be edited: | ||
| $configValues['CONFIG_DB_USER'] = 'radius'; | ||
| $configValues['CONFIG_DB_PASS'] = 'SuperStrongPassword'; | ||
| $configValues['CONFIG_DB_NAME'] = 'radius'; | ||
|
|
||
| ## Restart Apache and Radius: | ||
| sudo systemctl restart radiusd.service httpd.service | ||
|
|
||
| ## Configure SELinux to allow Apache to access Daloradius web root: | ||
| sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?" | ||
| sudo restorecon -Rv /var/www/html/ | ||
|
|
||
|
|
||
| ## Daloradius should now be accessible on port 80 (http) of the host. Default creds are: | ||
| username: administrator | ||
| password: radius | ||
| ### How to deploy the eduroam FreeRadius docker container on a docker-enabled host: | ||
|
|
||
| ## Run the container directly: | ||
| docker run -d -p 443:443 -p 1812:1812/udp -p 1813:1813/udp tier/eduroam-freeradius:3.0-20200221 | ||
|
|
||
| ## Below are settings for thhe container and their default values, wihchh can be overridden at run-time: | ||
| DB_LOCATION=local | ||
| DB_DRIVER=rlm_sql_mysql | ||
| DB_DIALECT=mysql | ||
| DB_HOST=localhost | ||
| DB_PORT=3306 | ||
| DB_ROOT_PWD=SuperStrongPassword | ||
| DB_USER=radius | ||
| DB_USER_PWD=SuperStrongPassword | ||
| DB_NAME=radius | ||
| ENV=dev | ||
| USERTOKEN=nothing | ||
|
|
||
| ## The Daloradius UI should now be accessible on port 443 (https) of the host (with a self-signed cert). Default creds are: | ||
| username: administrator | ||
| password: radius |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters