Installation FreeRADIUS and Daloradius on CentOS 7 and RHEL 7

SELINUX Setting:-

Before installations, I recommend turning off SELinux or setting it in permissive mode:-

[root@radius ~]# setenforce 0
[root@radius ~]# sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config
[root@radius ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@radius ~]#

Prerequisites:-

Update your CentOS 7 and install Deployment Tool. You can run this commands to update your CentOS and for Deployment Tool installation.

[root@radius ~]# yum -y update
[root@radius ~]# yum groupinstall "Development Tools" -y

Install httpd server

[root@radius ~]# yum -y install httpd httpd-devel

Once installation competed you can enable and start your HTTPD service using below commands. You can also check running status of HTTPD service using below commands. As like below screen shot.

[root@radius ~]# systemctl enable httpd
[root@radius ~]# systemctl start httpd
[root@radius ~]# systemctl status httpd

Installing and Configuring MariaDB

Now we are going to install and configure MariaDB 10.1.33, using below steps:-

Add MariaDB official repo content to CentOS 7 system

Add the below content in MariaDB.repo file and save the file.

[root@radius ~]#vi /etc/yum.repos.d/MariaDB.repo
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDBgpgcheck=1

Update system and install MariaDB to configure Database server

[root@radius ~]# yum -y update
[root@radius ~]# yum install -y mariadb-server mariadb

You will get prompted to install MariaDB GPG Signing key. Just press y to allow installation.

Start and enable MariaDB

[root@radius ~]# systemctl start mariadb
[root@radius ~]# systemctl enable mariadb

Check running and enabled status of MariaDB

[root@radius ~]# systemctl status mariadb
[root@radius ~]# systemctl is-enabled mariadb.service
 enabled

Configure initial MariaDB settings to secure it.

Here we will set root password. For security purposes, consider removing anonymous users and disallowing remote root login. You can see below example configuration. Key choices has been marked in bold.

[root@radius ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
[root@radius ~]#

Allow only local connection to mysql server. This is a security mechanism.

[root@radius ~]# vi /etc/my.cnf
 [mysqld]
 bind-address=127.0.0.1

Configure Database for freeradius

[root@radius ~]# mysql -u root -p -e " CREATE DATABASE radius"
[root@radius ~]# mysql -u root -p -e "show databases"
[root@radius ~]# mysql -u root -p
MariaDB [(none)]> GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radiuspassword";
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> \q
Bye
[root@radius ~]#

Installing php 7 on CentOS 7

[root@radius ~]# cd ~
[root@radius ~]# curl 'https://setup.ius.io/' -o setup-ius.sh
[root@radius ~]# bash setup-ius.sh
[root@radius ~]# yum remove php-cli mod_php php-common
[root@radius ~]# yum -y install mod_php70u php70u-cli php70u-mysqlnd php70u-devel php70u-gd php70u-mcrypt php70u-mbstring php70u-xml php70u-pear
[root@radius ~]# apachectl restart

After installation you can check php version to confirm using below commands:-

[root@radius ~]# php -v

If php 7 fails to work for you, then you can install php 5 by running below commands. You have to first uninstall php 7 then you can try with php 5.

[root@radius ~]# yum -y install php-pear php-devel php-mysql php-common php-gd php-mbstring php-mcrypt php php-xml

Installing FreeRADIUS

[root@radius ~]# yum -y install freeradius freeradius-utils freeradius-mysql

You have to start and enable freeradius with below commands, after successfully installation.

[root@radius ~]# systemctl start radiusd.service
[root@radius ~]# systemctl enable radiusd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/radiusd.service to /usr/lib/systemd/system/radiusd.service.

Now you can check the status:-

[root@radius ~]# systemctl status radiusd.service

Now we have to configure firewalld to allow radius and httpd packets in and out.
Radius server use udp ports 1812 and 1813. This can be confirmed by viewing the contents of the file /usr/lib/firewalld/services/radius.xml. You can cat this file and see.

[root@radius ~]# cat /usr/lib/firewalld/services/radius.xml

First start and enable firewalld for security

[root@radius ~]# systemctl enable firewalld
[root@radius ~]# systemctl start firewalld
[root@radius ~]# systemctl status firewalld

Confirm firewalld is running or not

[root@radius ~]# firewall-cmd --state
running

Add permanent rules to default zone to allow http,https and radius services

[root@radius ~]# firewall-cmd --get-services | egrep 'http|https|radius'
[root@radius ~]# firewall-cmd --add-service={http,https,radius} --permanent

Reload firewalld for changes to take effect

[root@radius ~]# firewall-cmd --reload

We can confirm that services were successfully added to default zone

[root@radius ~]# firewall-cmd --get-default-zone
public
[root@radius ~]# firewall-cmd --list-services --zone=public
dhcpv6-client http https radius ssh

You can see the three services present hence we are good to proceed.

[root@radius ~]# ss -tunlp | grep radiusd

If you want to run radius server in debug mode. You can run this command radiusd -X If debug mode is going to fail to bind to ports, you may have to kill radius server daemon first. You will get this types of massage if your radius server will fail to bind the port.

In this case you have to kill radius daemon first then you can start radiusd -X

[root@radius ~]# pkill radius

Then you can start radius server in debugging mode and you will see below massage if your radius service successfully run in debug mode.

[root@radius ~]# radiusd –X
----------------------------
----------------------------------
--------------------------------------
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on proxy address * port 39556
Listening on proxy address :: port 52609
Ready to process requests

Configure FreeRADIUS

To Configure FreeRADIUS to use MariaDB, you can follow steps below:-

Import the Radius database scheme to populate radius database

[root@radius ~]# mysql -u root -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql

Configure Radius at this point

First of all we have to create a soft link for SQL under /etc/raddb/mods-enabled

[root@radius ~]# ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/

Then we can configure SQL module /raddb/mods-available/sql and change the database connection parameters to suitable our environment like this:-

sql section should be look similar to below.

[root@radius ~]# vi /etc/raddb/mods-available/sql
sql {
driver = "rlm_sql_mysql"
dialect = "mysql"
# Connection info:
server = "localhost"
port = 3306
 login = "radius"
 password = "radiuspassword"
# Database table configuration for everything except Oracle
radius_db = "radius"
}
# Set to ‘yes’ to read radius clients from the database (‘nas’ table)
# Clients will ONLY be read on server startup.
read_clients = yes
# Table to keep radius client info
client_table = “nas”

Then change group right of /etc/raddb/mods-enabled/sql to radiusd:-

[root@radius ~]# chgrp -h radiusd /etc/raddb/mods-enabled/sql

Installing and Configuring Daloradius

Installing Daloradius

We can use Daloradius to manage our radius server. This is optional and should not be done before install FreeRADIUS. There are two ways to download daloradius, either from github or sourceforge.

Github method:-

[root@radius ~]# wget https://github.com/lirantal/daloradius/archive/master.zip
[root@radius ~]# unzip master.zip
[root@radius ~]# mv daloradius-master/ daloradius

Sourceforge way:-

[root@radius ~]# wget http://liquidtelecom.dl.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz
[root@radius ~]# tar zxvf daloradius-0.9-9.tar.gz
[root@radius ~]# mv daloradius-0.9-9 daloradius

Change directory for configuration

[root@radius ~]# cd daloradius

Configuring daloradius

Now import Daloradius mysql tables

[root@radius ~]# mysql -u root -p radius < contrib/db/fr2-mysql-daloradius-and-freeradius.sql
[root@radius ~]# mysql -u root -p radius < contrib/db/mysql-daloradius.sql

Configure daloRADIUS database connection details

[root@radius ~]# cd ..
[root@radius ~]# mv daloradius /var/www/html/

We need to change permissions for http folder and set the right permissions for daloradius configuration file.

[root@radius ~]# chown -R apache:apache /var/www/html/daloradius/
[root@radius ~]# chmod 664 /var/www/html/daloradius/library/daloradius.conf.php

Now we have to modify daloradius.conf.php file to adjust the MySQL database information . So let’s open the daloradius.conf.php and add the database username, password and db name.

[root@radius ~]# vi /var/www/html/daloradius/library/daloradius.conf.php

Especially relevant variables to configure are:

CONFIG_DB_USER

CONFIG_DB_PASS

CONFIG_DB_NAME

Make sure everything works, restart radiusd, httpd and mysql:

[root@radius ~]# systemctl restart radiusd.service
[root@radius ~]# systemctl restart mariadb.service
[root@radius ~]# systemctl restart httpd

If you have install php 7 then you can ignore php-pear installation. And you have to only run pear install DB.

[root@radius ~]# yum install php-pear
[root@radius ~]# pear install DB

We have completed installation and configuration of daloradius and freeradius. To access daloradius, open the link using your IP address, then you will get your radius dashboard.

http://ip-address/daloradius/login.php

Default login details are:
Username: administrator
Password: radius

In this tutorial we have seen how to install FreeRADIUS and DaloRADIUS. If you getting any issue in this steps, let us know. My pleasure to help you. 

How to install python on centos 7

Install Python 3.6.4 on CentOS 7 From a Repository

This is the easier method of the two for installing Python on your machine. Here, we simply add a repository that has the pre-compiled version ready for us to install. In this case, we are adding the Inline with Upstream Stable repository, a community project whose goal is to bring new versions of software to RHEL-based systems.

Step 1: Open a Terminal and add the repository to your Yum install.

sudo yum install -y https://centos7.iuscommunity.org/ius-release.rpm

Step 2: Update Yum to finish adding the repository.

sudo yum update

Step 3: Download and install Python.

This will not only install Python – but it will also install pip to help you with installing add-ons.

sudo yum install -y python36u python36u-libs python36u-devel python36u-pip

Once these commands are executed, simply check if the correct version of Python has been installed by executing the following command:

python3.6 -V

You have now finished installing Python 3.6.4 on your CentOS 7 machine, as well as installing a native Python package management tool called pip.

Method 2: Compiling Python 3.6.4 on CentOS 7 From Source Code

This is the more complicated method of the two, and will take more time – however, this method gives you more control over what gets installed and what doesn’t. It can also be more secure at times, depending on where the software package is downloaded from.

Important: Keep in mind that your Yum package manager will not know that you have installed Python 3.6.4 (or any other software) if you install software by manually compiling the source code. This means that no updates will be available for your manually installed software.

Step 1: Install the development tools needed for compilation.

First, we will need the tools in order to be able to compile and install programs from their source code. To do this, we will install the group “Development Tools” through Yum itself:

sudo yum groupinstall -y "Development Tools"

Once this is done, move on to step 2.

Step 2: Download the Python source files.

First, we need to create a directory in which our install will take place. Make a directory with a name of your choosing, then enter the directory. Once you are in your new directory, enter the following command to download the compressed Python source file.

wget https://www.python.org/ftp/python/3.6.4/Python-3.6.4.tar.xz

Once the file is finished downloading, uncompress the file by using tar, then enter into the new directory that was just created:

tar -xJf Python-3.6.4.tar.xz
cd Python-3.6.4

Step 3: Run the configuration script.

Use the following command to have the installation software check your system before actually starting the installation process.

./configure

This command ensures that the install will work, along with creating a special ‘makefile’ that is unique to your system. This makefile is what you will use to install Python onto your system.

Step 4: Install Python.

Now we can finally execute the makefile. Run the following command to install Python onto your system. Note: This will take a few minutes. The speed of the compilation and install will depend on the speed of your processor.

First, we run the ‘make’ command which compiles the program.

make

Then, once that is finished, we can run the installation command.

make install

Once this command finishes, you will have installed Python successfully, along with pip and setuptools. From here, creating a virtual environment is easy, and coding and executing the latest Python code is now possible.

MySQL Backup and Restore Commands for Database Administration

How to Backup a Single MySQL Database?

To take a backup of single database, use the command as follows. The command will dump database [rsyslog] structure with data on to a single dump file called rsyslog.sql.

# mysqldump -u root -ptecmint rsyslog > rsyslog.sql

How to Backup Multiple MySQL Databases?

If you want to take backup of multiple databases, run the following command. The following example command takes a backup of databases [rsyslog, syslog] structure and data in to a single file called rsyslog_syslog.sql.

# mysqldump -u root -ptecmint --databases rsyslog syslog > rsyslog_syslog.sql

How to Backup All MySQL Databases?

If you want to take backup of all databases, then use the following command with option –all-database. The following command takes the backup of all databases with their structure and data into a file called all-databases.sql.

# mysqldump -u root -ptecmint --all-databases > all-databases.sql

How to Backup MySQL Database Structure Only?

If you only want the backup of database structure without data, then use the option –no-data in the command. The below command exports database [rsyslog] Structure into a file rsyslog_structure.sql.

# mysqldump -u root -ptecmint -–no-data rsyslog > rsyslog_structure.sql

How to Backup MySQL Database Data Only?

To backup database Data only without structure, then use the option –no-create-info with the command. This command takes the database [rsyslog] Data  into a file rsyslog_data.sql.

# mysqldump -u root -ptecmint --no-create-db --no-create-info rsyslog > rsyslog_data.sql

How to Backup Single Table of Database?

With the below command you can take backup of single table or certain tables of your database. For example, the following command only take backup of wp_posts table from the database wordpress.

# mysqldump -u root -ptecmint wordpress wp_posts > wordpress_posts.sql

How to Backup Multiple Tables of Database?

If you want to take backup of multiple or certain tables from the database, then separate each table with space.

# mysqldump -u root -ptecmint wordpress wp_posts wp_comments > wordpress_posts_comments.sql

How to Backup Remote MySQL Database

The below command takes the backup of remote server [172.16.25.126] database [gallery] into a local server.

# mysqldump -h 172.16.25.126 -u root -ptecmint gallery > gallery.sql

How to Restore MySQL Database?

In the above tutorial we have seen the how to take the backup of databases, tables, structures and data only, now we will see how to restore them using following format.

# # mysql -u [username] –p[password] [database_name] < [dump_file.sql]

How to Restore Single MySQL Database

To restore a database, you must create an empty database on the target machine and restore the database using msyql command. For example the following command will restore the rsyslog.sql file to the rsyslogdatabase.

# mysql -u root -ptecmint rsyslog < rsyslog.sql

If you want to restore a database that already exist on targeted machine, then you will need to use the mysqlimport command.

# mysqlimport -u root -ptecmint rsyslog < rsyslog.sql

Solving the "Control D" error...Linux

Control D Error:-

Repair the file system By Using fsck command 

fsck /dev/sdb

Steps to Rectify it:-....

1) Enter the bootable Cd/DvD of Rhel.
(The version you are using)

2) Read the control D error carefully.

3) Give the root password.

4) You will go to single usermod.

5) Try to access /etc/fstab file.

6) Will not allow you as will be in read only mode.

7) Enter this command:-
mount -o remount,rw /
(Will give read/write permission to /)

8) Will give u read/write permission to all
the files in /

9)Then again enter into /etc/fstab & rectify ur error.(vim /etc/fstab)

10)Give command reboot or init 5(As per ur wish)


Rectify it & Enjoy the Control D Error.....

How to Download and Install RHEL8 Beta For Free (Red Hat Enterprise Linux)

RHEL (Red Hat Enterprise Linux) 8 beta was released on November 14, 2018, 4 years after the release of RHEL 7. This tutorial will be showing you how to download and install RHEL8 beta for free.Application Stream (AppStream) repositories allows delivering userspace packages more simply and with greater flexibility. Userspace components can now update more quickly than core operating system packages and without having to wait for the next major version of the operating system.

• Supports more efficient Linux networking in containers through IPVLAN.
• Includes a new TCP/IP stack with Bandwidth and Round-trip propagation time (BBR) congestion control.
• System-wide Cryptographic Policies are also included.
• Lightweight, open standards-based container toolkit (Buildah, Podman, Skopeo)
• Red Hat Enterprise Linux Web Console provides a simplified interface to more easily manage Red Hat Enterprise Linux servers locally and remotely, including virtual machines
  
• Yum 4, the next generation of the Yum package manager in Red Hat Enterprise Linux, delivers faster performance, fewer installed dependencies and more choices of package versions to meet specific workload requirements. Yum 4 is based on DNF technology.
• Support for LUKSv2 to encrypt on-disk data combined with Network-Bound Disk Encryption (NBDE) for more robust data security and more simplified access to encrypted data.

RHEL 8 beta is based on Fedora 28. It includes newer software packages such as

• Linux kernel 4.18,
• Python 3.6, PHP7.2, Apache 2.4.35, Nginx 1.4
• MariaDB 10.3, MySQL 8.0, PostgreSQL 10, PostgreSQL 9.6, and Redis 4.0
• OpenSSL 1.1.1 and TLS 1.3 are both supported.
• GNOME Shell has been rebased to version 3.28, using Wayland the default display server. X.org server is available as well.
• nftables replaces iptables. The firewalld daemon now uses nftables as its default backend.

You can check the complete RHEL 8 beta release notes here.

RHEL8 Beta ISO file Download Link:

• Intel/AMD 64-bit                https://red.ht/2ROrd80
• IBM Power little endian     https://red.ht/2FnoQb6
• IBM z Systems                    https://red.ht/2RUif9k
• ARM 64-bit                         https://red.ht/2DmPZbn

You can download ISO file in your browser or use wget to download in terminal like below. Use -Ooption to specify the filename to save as.

wget https://red.ht/2ROrd80 -O rhel8-beta-x64.iso

Once it’s downloaded, you can create a bootable USB with dd command like below on a Linux desktop OS. /dev/sdX is the device name of your USB drive, which can can be obtained by running command sudo parted -l.

sudo dd if=rhel8-beta-x64.iso of=/dev/sdX status=progress

On Windows, you can create a bootable USB with Rufus. If you like to install RHEL 8 beta in VirtualBox, there’s no need to create bootable USB drive.

Installing RHEL 8 Beta in VirtualBox

First, create a virtual machine in Virtualbox. I set the memory size to 2048MB.

The disk size is set to 15GB.

After the VM is created, go to Settings -> Storage. Select the empty optical drive in Controller: IDE. Then choose RHEL 8 beta ISO as the optical disk file. Click OK to save your settings. Now your VM can be booted from the ISO file.

Now start your VM. Choose the first option to install RHEL 8 beta.

After the installer is started, choose your language. (In Virtualbox, you can press to right Ctrl key to release the mouse cursor back to the host.)

We know this a beta release, so click I want to proceed.

On the next screen, you need to complete items marked with a yellow triangle icon. For example, I need to configure Installation Destination.

Since this is installed in Virtualbox, I don’t want to set up a custom partition table. So I just click Donewithout making any changes.

In software selection, I can choose Workstation as the base environment so that I will have a GUI.

In system purpose section, I can choose Development/Test for the usage. This is required if you want to use RHEL 8 beta for free. Leave other options untouched.

After saving the configurations, click Begin Installation button. While the OS is being installed, you need to set a root password and create a user account.

The installation is pretty fast. After 8 minutes, my RHEL 8 beta is installed. Before click the Reboot button, you need to go to Virtualbox Settings -> Storage and remove your ISO file from the virtual disk drive. Then click Reboot to enjoy the new OS.

On the first boot, you need to accept the license agreement.

After that, click finish configuration. And log into the desktop.

After you get through the welcome and get started screen, make sure your system has Internet connection. Then you can open up a terminal window and run

sudo yum update

It will tell you that

This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.

Register your system to Red Hat subscription management (For Free)

You probably have heard that Red Hat products cost money, but you can use RHEL 8 for free via the Red Hat Developer Program , which costs $0 to join. It allows individual developer-use of RHEL. Integration, test and production environments will require a paid subscription.

After you developer account is created, you need to go to https://www.redhat.com/wapps/sso/login.html to complete your profile.

After that, run the following command in terminal to register your system.

sudo subscription-manager register --username your--redhat-developer-username --password your-password

Then run the following command to attach your system to a subscription.

sudo subscription-manager attach --auto

If everything went well, you should see:

Installed Product Current Status:
Product Name: Red Hat Enterprise Linux for x86_64 Beta
Status: Subscribed

Now you can update your repository.

sudo yum update

And install some software.

sudo yum install nginx

Enjoy Red Hat Enterprise Linux 8 beta for free!

If you see the following error while running yum command,

This system is registered with an entitlement server, but is not receiving updates. You can use subscription-manager to assign subscriptions.
There are no enabled repos.

That means your system can’t be attached to a subscription. You need to go to Red Hat customer portal, click Learn more about the beta button, then click get started button to add the Red Hat entreprise Linux server beta subscription, which is free.

That’s it! I hope this tutorial helped you download and install Red Hat Enterprise Linux 8 beta. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks. Take care 🙂

Rate this tutoria