FreeRadius install howto (2)

Last post about FreeRadius (available on this LINK) introduced FreeRadius and basic installation steps (install from RPM and directly from source). My advice is to install from source (frequent updates, less bugs, etc). Also, please remember that FreeRadius is active project and you should always stick to the official site and wiki. Very often all of the documentation on “third party” web sites is outdated.

I suppose you already installed the FreeRadius (from source) and now I will try to explain a few basic steps.

Files

-rw-r----- 1 root root   671 Jan 27 15:54 acct_users
-rw-r----- 1 root root  4174 Jan 27 15:54 attrs
-rw-r----- 1 root root   513 Jan 27 15:54 attrs.access_challenge
-rw-r----- 1 root root   458 Jan 27 15:54 attrs.access_reject
-rw-r----- 1 root root   437 Jan 27 15:54 attrs.accounting_response
-rw-r----- 1 root root  2022 Jan 27 15:54 attrs.pre-proxy
drwxr-x--- 2 root root  4096 Jan 27 16:00 certs
-rw-r----- 1 root root  6703 Jan 27 15:54 clients.conf
-rw-r----- 1 root root   883 Jan 27 15:54 dictionary
-rw-r----- 1 root root 18063 Jan 27 15:54 eap.conf
-rwxr-xr-x 1 root root  4744 Jan 27 15:54 example.pl
-rw-r----- 1 root root 12722 Jan 27 15:54 experimental.conf
-rw-r----- 1 root root  2352 Jan 27 15:54 hints
-rw-r----- 1 root root  1604 Jan 27 15:54 huntgroups
-rw-r----- 1 root root  3218 Jan 27 15:54 ldap.attrmap
drwxr-x--- 2 root root  4096 Jan 27 15:54 modules
-rw-r----- 1 root root  2840 Jan 27 15:54 policy.conf
-rw-r----- 1 root root  4873 Jan 27 15:54 policy.txt
-rw-r----- 1 root root   984 Jan 27 15:54 preproxy_users
-rw-r----- 1 root root 26529 Jan 27 15:54 proxy.conf
-rw-r----- 1 root root 27238 Jan 27 15:54 radiusd.conf
drwxr-x--- 2 root root  4096 Jan 27 15:54 sites-available
drwxr-x--- 2 root root  4096 Jan 27 15:54 sites-enabled
drwxr-x--- 7 root root  4096 Jan 27 15:54 sql
-rw-r----- 1 root root  3042 Jan 27 15:54 sql.conf
-rw-r----- 1 root root  2475 Jan 27 15:54 sqlippool.conf
-rw-r----- 1 root root  3597 Jan 27 15:54 templates.conf
-rw-r----- 1 root root  6524 Jan 27 15:54 users

Initial test

Start the server with

# radiusd

The easiest way to test your radius installation is via radtest utility. It is a fast and convenient way to test a radius server. The radtest syntax is

radtest [-d raddb_directory] [-t pap/chap/mschap] [-x ] user password radius-server nas-port-number secret [ppphint] [nasname]

In this case lets test with user “user” and password “password” on localhost (127.0.0.1) with secret testing123

# radtest user password 127.0.0.1 0 testing123

You should see something like this:

[root@test raddb]# radtest user password 127.0.0.1 0 testing123
Sending Access-Request of id 245 to 127.0.0.1 port 1812
        User-Name = "user"
        User-Password = "password"
        NAS-IP-Address = 192.168.1.10
        NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=245, length=20

Notice the Access-Reject message. This is the normal message because user “user” doesn’t exist.

Now add

user Cleartext-Password := "password"

inside users file (at the top, before anything else). Save the file, restart radius server (pkill radiusd, radiusd) and test again.

# radtest user password 127.0.0.1 0 testing123
[root@test raddb]# radtest user password 127.0.0.1 0 testing123
Sending Access-Request of id 53 to 127.0.0.1 port 1812
        User-Name = "user"
        User-Password = "password"
        NAS-IP-Address = 192.168.1.10
        NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=53, length=20

Fine. Now we have a Access-Accept message.

If you notice some problems wile testing, start the server in debug mode (radiusd -X) and test it from the new terminal window. In debug mode you will have more details so it is very easy to find out where the problem is.

In next post, I will write something about basic configuration (which config files you should check), how to assign FreeRadius and MySQL (or other database).

Stay tuned.

27 thoughts on “FreeRadius install howto (2)”

  1. When I start debug nothing error but when I use ” radtest user password 127.0.0.1 0 testing123″ it show radclient: no response from server for ID 97 socket 3. what wrong? how to fix it? plz I need your help

  2. Try radtest user password localhost 0 testing123

    Also, try to run radiusd -X in one terminal and the command radtest user password 127.0.0.1 0 testing123 in the second and see what is the problem

  3. when i run (user Cleartext-Password := “password”) i get this error bash: user: command not found… wh<t is missing and i don't really understand what you mean here (inside users file (at the top, before anything else). Save the file, restart radius server (pkill radiusd, radiusd) and test again.) in your instructions supporting the above mentioned command that am getting an error i know am missing something but can't figure out

  4. @Mwayi

    You need to read a complete post once again…

    I did’t wrote
    “exec user Cleartext-Password := “password””

    I wrote ADD LINE “user Cleartext-Password := “password” ” INSIDE users file which is located inside raddb dir.

    Then EXEC

    radtest user password 127.0.0.1 0 testing123

  5. bash: /usr/local/etc/raddb/users: Permission denied this is the other error i get when am trying to acces the users file

  6. Login as root and enter the next command

    nano /usr/local/etc/raddb/users

    or in case you don’t have nano editor, enter

    vi /usr/local/etc/raddb/users

    press i and add the line I mentioned above, press ESC and then write :wq! to exit from Vi editor and to save changes…

    I posted here basic commands which you should know already… Especially if you want to work with FreeRadius…

  7. thanks it worked am new in this whole thing just trying to fix or build a radius server out of great pressure. hope u understand

  8. When i add user Cleartext-Password := “password” in users and ran radiusd -X i get this error
    /etc/raddb/users[1]: Parse error (check) for entry user: Unknown attribute “Cleartext-Password”
    Errors reading /etc/raddb/users
    radiusd.conf[1059]: files: Module instantiation failed.
    radiusd.conf[1837] Unknown module “files”.
    radiusd.conf[1773] Failed to parse authorize section.

    Pls help me

  9. I am getting the problem as:

    /usr/local/etc/raddb/users[204]: Parse error (check) for entry test: Expected end of line or comma
    Errors reading /usr/local/etc/raddb/users
    /usr/local/etc/raddb/modules/files[7]: Instantiation failed for module “files”
    /usr/local/etc/raddb/sites-enabled/default[170]: Failed to load module “files”.
    /usr/local/etc/raddb/sites-enabled/default[69]: Errors parsing authorize section.

    Please help me..

  10. when i run radius -X :

    FreeRADIUS Version 2.1.12, for host i686-pc-linux-gnu, built on Oct 18 2011 at 05:50:23
    Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
    There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
    PARTICULAR PURPOSE.
    You may redistribute copies of FreeRADIUS under the terms of the
    GNU General Public License v2.
    Starting – reading configuration files …
    including configuration file /usr/local/etc/raddb/radiusd.conf
    Unable to open file “/usr/local/etc/raddb/radiusd.conf”: Permission denied
    Errors reading /usr/local/etc/raddb/radiusd.conf

  11. root@binodshah-MS-7592:/home/binodshah# radtest user password 127.0.0.1 0 testing123
    Sending Access-Request of id 35 to 127.0.0.1 port 1812
    User-Name = “user”
    User-Password = “password”
    NAS-IP-Address = 127.0.0.1
    NAS-Port = 0
    Message-Authenticator = 0x00000000000000000000000000000000
    Sending Access-Request of id 35 to 127.0.0.1 port 1812
    User-Name = “user”
    User-Password = “password”
    NAS-IP-Address = 127.0.0.1
    NAS-Port = 0
    Message-Authenticator = 0x00000000000000000000000000000000
    Sending Access-Request of id 35 to 127.0.0.1 port 1812
    User-Name = “user”
    User-Password = “password”
    NAS-IP-Address = 127.0.0.1
    NAS-Port = 0
    Message-Authenticator = 0x00000000000000000000000000000000
    radclient: no response from server for ID 35 socket 3

    Please help me…… for successful running of RADIUS server

  12. You didn’t install freeradius correctly. Get back to configure section and check the output…

    Of course you need to be logged in as root during installation process…

  13. Regarding this:
    “When I start debug nothing error but when I use ” radtest user password 127.0.0.1 0 testing123″ it show radclient: no response from server for ID 97 socket 3. what wrong? how to fix it? plz I need your help”
    You need to add name of your server to the hosts file. Even if you sending request to 127.0.0.1 Radius for some reason try to resolve this ip into your name.

  14. Hi all,
    I am at the end of my wits.
    Same error as kps above…

    When i add user Cleartext-Password := “password” in users and run radiusd -X i get this error
    /etc/raddb/users[1]: Parse error (check) for entry user: Unknown attribute “Cleartext-Password”

    Any help greatly appreciated
    Dennis

  15. hi
    when i enter this command “radtest testing password 127.0.0.1 testing123” , this error shows up : “radclient:: Failed to find IP address for … radclient: Nothing to send. ”
    whats wrong ????

  16. its really good explanation but i have a problem hope it simple

    when i make radtest {# radtest user password 127.0.0.1 0 testing123 }
    i get repealy from 127.0.0.1 but you get repleay from 192.168.1.10
    why that changes ???

    adding user {user Cleartext-Password := “password”}
    you add user under what (freeradius user or user under system (i think it for freeradius) ) cuz i get error command not found

    last thing should i install or config or do any thing before start installation

    i am allready installed (php – phpmyadmin – apache server- mysql {lamp server})

    thank you and soory for long question

  17. i am soory
    i read it again and i get my mistake but i still can not access after i added the test user
    and what is the difference between /usr/local/etc/raddb/radiusd.conf and
    /usr/local/etc/raddb/clients.conf

  18. hi people
    i have one problem .
    when i run /etc/init.d/radiusd start , i take this error :
    /etc/freeradius/raddb/modules/files[7]: Instantiation failed for module “files”
    i see admin say “Check dictionary files… (/usr/share/dictionary).”
    but how to check this dict ? and what i need to do for dict ?
    Best regards 😉

  19. I followed what is instructed on this blog, just need some help. Fairly new in Unix/Linux cli’s…

    I have pasted this on the 1st line of the user file,
    [root@localhost /]# vi /etc/raddb/users
    testing Cleartext-Password := “password”
    #
    did :wq!

    now I used this command:
    [root@localhost /]# radtest testing password localhost 0 testing123
    bash: radtest: command not found…

    As you can see the radtest command is not found…

    Can anyone shed some light on this?

  20. I run the following command:
    radtest testuser testpw localhost 0 testing123
    and received Reject message.
    I have added testuser Cleartext-Password := “testpw” as 1st line in users file and restarted FR. Still my request is not accepted by FR.
    I tried changing my username and password. But its of no use.
    Can you help me pls!
    I am a beginner in this area.
    I also want to know if FR supports IPv6 address and does it support TLS?

  21. When I run radiusd -X it throws the following error.
    auth: Failed to validate the user.
    Login incorrect (rlm_pap: CLEAR TEXT password check failed): [testuser/testpw] (
    st port 123)
    And I am running freeradius on windows, not on Linux.

  22. Why windows? Since I never tested the Win/FR combination, I have no idea why you’re facing this problem and I can’t help you with it. You can always run Linux on virtual machine…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.