RadMan is a FreeRadius Management GUI. It does not manage FreeRadius itself (it does not touch the FreeRadius config files). It offers is an easy way to manage a FreeRadius DB in a web interface. It aims to be simple to use, super fast to deploy and easy to maintain.
Update and Upgrade your Ubuntu
# apt update ; apt -y upgrade
Install wget and unzip which we will need it later
# apt install wget unzip
Install freeRadius
# apt install freeradius freeradius-mysql
Install MariaDB
# apt install mariadb-server
# systemctl start mariadb
# systemctl enable mariadb
Configure Database
# mysql_secure_installation
Login to Mysql and create a database for freeRadius (Internal DB) and RadMan DB (External DB)
# mysql -u root -p
create database radius;
create database radman;
grant all on radius.* to radius@localhost identified by 'Test+123';
grant all on radius.* to radman@localhost identified by 'Test+123';
flush privileges;
Make sure that both DB has been created
show databses;
exit
By default, freeRADIUS uses flat-files to store data. Therefore, we have to configure it to use MariaDB database as its repository.
# mysql -u root -p radius < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql
Radman urges to have an extra table which is radhuntgroup which basically creates NAS Groups, this is necessary or else RadMan will fail.
# mysql -u root -p radius
CREATE TABLE radhuntgroup (
id int(11) unsigned NOT NULL auto_increment,
groupname varchar(64) NOT NULL default '',
nasipaddress varchar(15) NOT NULL default '',
nasportid varchar(15) default NULL,
PRIMARY KEY (id),
KEY nasipaddress (nasipaddress)
) ;
We need to create a symbolic link of SQL in mods-available to mods-enabled.
# ln -s /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-enabled/
Search and edit SQL file according to what's shown below
# vim /etc/freeradius/3.0/mods-enabled/sql
sql {
driver = "rlm_sql_mysql"
dialect = "mysql"
# Connection info:
server = "localhost"
port = 3306
login = "radius"
password = "Test+123"
# Database table configuration for everything except Oracle
radius_db = "radius"
}
# Set to "yes" to read radius clients from the database ("nas" table)
# Clients will ONLY be read on server startup.
read_clients = yes
# Table to keep radius client info
client_table = "nas"
Now comment out following lines shown below because we won't be using any TLS encryption at the moment.
mysql {
# If any of the files below are set, TLS encryption is enabled
#tls {
# ca_file = "/etc/ssl/certs/my_ca.crt"
# ca_path = "/etc/ssl/certs/"
# certificate_file = "/etc/ssl/certs/private/client.crt"
# private_key_file = "/etc/ssl/certs/private/client.key"
# cipher = "DHE-RSA-AES256-SHA:AES128-SHA"
#
# tls_required = yes
# tls_check_cert = no
# tls_check_cert_cn = no
#}
# chown root:freerad /etc/freeradius/3.0/mods-enabled/sql
# systemctl restart freeradius.service
Install Tomcat Server
# apt install tomcat9 tomcat9-admin
# systemctl enable tomcat9
# systemctl start tomcat
Enabled Firewall
# ufw allow to any port 8089 proto tcp
# ufw allow to any port 3306 proto tcp# ufw allow to any port 1812 proto udp
# ufw allow to any port 1813 proto udp
# ufw status
Install Java
# apt install default-jre
Make sure Java is installed
# java -version
Download and Install Radman
# wget https://github.com/netcore-jsa/radman/releases/download/Release-1.0.2/radman-1.0.2.zip
# mkdir /opt/radman
# mkdir /etc/radman
# unzip radman-1.0.2.zip
# mv RadMan.jar /opt/radman/RadMan.jar
# mv -i radman.properties.example /etc/radman/radman.properties
# mv -i radman.default /etc/default/radman
# mv -i radman.service /etc/systemd/system/radman.service
# systemctl daemon-reload
Edit radman.properties - edit internal and external database
# vim /etc/radman/radman.properties
We must keep in mind that RadMan has 2 database Internal and External.
Internal DB meaning freeRadius DB whereas, External Radius meaning RadMan DB
# systemctl status radman.service
# systemctl start radman.services
# systemctl enable radman
Check if port 8089 is running
# netstat -tnlp
you should see something like this
tcp6 0 0 :::8089 :::* LISTEN 689/java
Hi. Just a small note - Tomcat is NOT required for RadMan. RadMan uses an embedded webserver - no need for Tomcat (it's NOT deployed as a .war application into Tomcat).
ReplyDeletehow username or password default web ?
ReplyDelete