From faf33660e47d311cc2e2586514e1822cfc1a2403 Mon Sep 17 00:00:00 2001 From: Christopher Hubing Date: Fri, 14 Feb 2020 12:05:07 -0500 Subject: [PATCH] Update README.md --- README.md | 121 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 120 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 1e596fd..6b22048 100644 --- a/README.md +++ b/README.md @@ -1 +1,120 @@ -# eduroam-freeradius \ No newline at end of file +# eduroam-freeradius + +### Commands for installing FreeRadius on CentOS 8: + +## Install FreeRadius +sudo dnf install -y @freeradius freeradius-utils freeradius-mysql + +## Enable and start radiusd service: +sudo systemctl enable --now radiusd.service + +## Add firewall rule for Radius in Firewalld: +sudo firewall-cmd --add-service=radius --permanent &&\ + sudo firewall-cmd --reload + + + +## Install MariaDB: +sudo dnf module install mariadb + +## Enable and start MariaDB: +sudo systemctl enable --now mariadb.service + +## Securely configure MariaDB: +sudo mysql_secure_installation + + + +## Create SQL database in MariaDB for Radius: +mysql -u root -p + +MariaDB [(none)]> CREATE DATABASE radius; +Query OK, 1 row affected (0.000 sec) + +MariaDB [(none)]> GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "SuperStrongPassword"; +Query OK, 0 rows affected (0.000 sec) + +MariaDB [(none)]> FLUSH PRIVILEGES; +Query OK, 0 rows affected (0.000 sec) + +MariaDB [(none)]> quit; +Bye + + +## Initialize database for Radius (as root): +sudo su - +mysql -u root -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql + +## Exit root shell: +exit + +## Enable MySQL mod for Radius: +sudo ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/ + +## Edit the SQL config file to point to MySQL database: +sudo vim /etc/raddb/mods-available/sql + +## Uncomment or add and configure the following parts of the SQL config file undert the 'sql {' section: + driver = "rlm_sql_mysql" + dialect = "mysql" + # Connection info: + # + server = "localhost" + port = 3306 + login = "radius" + password = "SuperStrongPassword" + +## Change group ownership of SQL config file and restart Radius: +sudo chgrp -h radiusd /etc/raddb/mods-enabled/sql &&\ + sudo systemctl restart radiusd + +## Install Apache + PHP for Daloradius web interface: +sudo dnf -y install @httpd @php +sudo dnf -y install php-{cli,curl,mysqlnd,devel,gd,pear,mbstring,xml,pear} +sudo pear install MDB2 DB + +## Start and enable Apache and php-fpm: +sudo systemctl enable --now httpd.service php-fpm.service + +## Configure Firewalld for Apache: +sudo firewall-cmd --add-service={http,https} --permanent +sudo firewall-cmd --reload + +## Download Daloradius (as root): +sudo su - +curl -L -O 'https://github.com/lirantal/daloradius/archive/master.zip' &&\ + unzip master.zip &&\ + rm master.zip &&\ + mv daloradius-master/ /opt/daloradius + +## Import Daloradius database tables (as root): +mysql -u root -p radius < /opt/daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql +mysql -u root -p radius < /opt/daloradius/contrib/db/mysql-daloradius.sql + +## Exit root shell: +exit + +## Remove default Apache web root and replace with Daloradius, fixing permissions as well: +sudo rm -rf /var/www/html &&\ + sudo cp -r /opt/daloradius /var/www/html &&\ + sudo chown -R apache:apache /var/www/html/ + +## Edit Daloradius' config file: +sudo vim /var/www/html/library/daloradius.conf.php + +## Specifically, the following values should be edited: + $configValues['CONFIG_DB_USER'] = 'radius'; + $configValues['CONFIG_DB_PASS'] = 'SuperStrongPassword'; + $configValues['CONFIG_DB_NAME'] = 'radius'; + +## Restart Apache and Radius: +sudo systemctl restart radiusd.service httpd.service + +## Configure SELinux to allow Apache to access Daloradius web root: +sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?" +sudo restorecon -Rv /var/www/html/ + + +## Daloradius should now be accessible on port 80 (http) of the host. Default creds are: +username: administrator +password: radius