Ok, so you have your core router, your tower router, next is the freeradius server that sits behind your core router and authenticates customers, sets their bandwidth, gives you a way to turn customers on and off with a web interface, which is nice. It stores the customer data in a mariadb/mysql database, so it’s easy to use for other things later. On this server I’m using open source, so all this stuff is free to download and use. You may extend functionality with paid stuff later, probably will, but this will work.
Freeradius does a thing called AAA (Authentication, Authorization and Accounting). It’s designed to figure out who’s trying to connect, what bandwidth they should have, and if they’ve paid their bill. Freeradius is often the hook where commercial billing systems connect to your customers, so if you tell them you have freeradius they’ll (hopefully) be happy with you and they can take it from there.
Daloradius is a glitchy but lovely web interface for freeradius that gives you pretty pictures of what’s happening. It also has billing functionality if you want to use it. But it has a very distinctively Github code feel to it, meaning it was written to solve a particular problem a particular way you might not love. But there’s decent developer support, so hopefully it will endure and get bug fixes. No guarantees.
First, I created a Debian Buster server on a Raspberry Pi. This is a development environment where I can test. But after testing, if you use Debian/freeradius/daloradius/mariadb for this, it’s relatively easy to port this to a production server with more horsepower later by copying files and databases, so you don’t lose your effort.
Let’s install stuff and set a password on your database. Login via ssh and then (I use root, you can use sudo if you want):
apt update && apt upgrade
apt install php apache2 libapache2-mod-php php-{gd,common,mail,mail-mime,mysql,pear,mbstring,xml,curl} freeradius freeradius-mysql freeradius-utils mariadb-server
mysql_secure_installation
Now we create a radius database and populate it:
mysql -u root -p
CREATE DATABASE radius;
GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "somecomplexpassword";
FLUSH PRIVILEGES;
\q
verify you can connect and then populate the database:
mysql -u radius -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
| radius |
+--------------------+
2 rows in set (0.001 sec)
MariaDB [(none)]> QUIT
Bye
mysql -u root -p radius < /etc/freeradius/*/mods-config/sql/main/mysql/schema.sql
Now we link mariadb to freeradius and change the password in the freeradius config file:
vim /etc/freeradius/3.0/mods-available/sql
sql {
dialect = "mysql"
driver = "rlm_sql_mysql"
...
# Connection info:
#
server = "localhost"
port = 3306
login = "radius"
password = "whateveryouused"
radius_db = "radius"
chgrp -h freerad /etc/freeradius/*/mods-available/sql
systemctl enable --now freeradius.service
systemctl restart freeradius
systemctl status freeradius
● freeradius.service - FreeRADIUS multi-protocol policy server
Loaded: loaded (/lib/systemd/system/freeradius.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2022-04-18 10:59:37 PDT; 1min 6s ago
...
If you get something like that last message it means freeradius is running okay. If you see errors you can troubleshoot with:
journalctl -xe
I’ll do another post on setting up Daloradius next, but you have to get freeradius working first.