Showing posts with label ubuntu. Show all posts
Showing posts with label ubuntu. Show all posts

Tuesday, 1 September 2015

Ubuntu 14.04 LTS/ FreeRadius / Postgresql Step-by-step

16:27 Posted by Jurgens Krause , , , , No comments

Step by step instructions for installing
FreeRadius with Postgresql on
Ubuntu 14.04 LTS

Why 14.04, well it is the current LTS release, and for production environments, I tend to stick to the latest LTS.

I am not going to be going into detail into how to install Ubuntu 14.04 Server, there are enough tutorials on that elsewhere. I need you to get to the point where you have a clean server, with SSH access, and a root prompt.

Installing software

First, let us update the apt-get info:
apt-get update

Now we need to install the basic components, these include:
Freeradius, Postgresql and it's utilities as well as the postgresql module for freeradius:
apt-get install freeradius freeradius-postgresql postgresql postgresql-contrib

This will install all the necessary components, it is normal for the DH Parameter generation to take a couple of minutes.

Configure Postgres

The Postgres installation automatically creates a user called postgres, in order to configure Postgres, you need to log into that account.

sudo -i -u postgres

Now we create the radius user and database, when creating the user, you will be prompted to create a password, make it nice and secure, and make a note for later use:

createuser radius --no-superuser --no-createdb --no-createrole -P
createdb radius --owner=radius exit

Change the database authentication from peer to md5 to allow login from the console:

vim /etc/postgresql/9.3/main/pg_hba.conf

Find the line that matches:
local    all    postgres    peer

and change it to:
local    all    postgres    md5

also find:
local    all          peer

and change it to:
local    all          md5

Reload postgresql
service postgresql restart

Import the database schema using the command below:
cd /etc/freeradius/sql/postgresql
psql -U radius radius < schema.sql

Configure FreeRadius to use Postgres

Change the sql configuration as follows:
cd /etc/freeradius
vim sql.conf

change the following lines to suit your setup:
database = "postgresql"
password = "yourpassword"


You will also need to change the login name to leave out the realm when logging in:

Change the sql configuration as follows:
vim radiusd.conf

change the following line:
sql_user_name = "%{User-Name}"
To:
sql_user_name = "%{Stripped-User-Name}"
Also uncomment the line that reads:
$INCLUDE sql.conf

Now uncomment the line that reads "sql" under the authorize{} section, on my default config it is line 177,
also uncomment the "sql" line under the accounting{} section,
also uncomment the "sql" line under the post-auth{} section
cd /etc/freeradius/sites-available vim default

Also uncomment the line that reads "sql" under the authorize{} section of /etc/freeradius/sites-available/inner-tunnel, on my default config it is line 131
vim inner-tunnel


Restart the FreeRadius server to load the new config, and you should be good to go.
service freeradius restart

Friday, 20 December 2013

Headless Ubuntu 12.04 Server

13:48 Posted by Jurgens Krause , No comments
I deploy headless Ubuntu 12.04 server configurations on a regular basis. One of the things that I often forget to do is modifying Grub to try to boot every time regardless of whether or not previous boots were successful.
If you forget to do this, the server might get stuck at the Grub boot screen, forcing you to connect a keyboard and screen to get it going again.

Thankfully Grub 2 has made this a bit easier:

Log in to your server as root or use sudo,

$vim /etc/default/grub

Add the line:
GRUB_RECORDFAIL_TIMEOUT=10

Update the grub configuration:

$update-grub2

The timeout value is in seconds, I use 10 seconds since that gives me ample time to enter recovery mode should it be necessary.