In this tutorial, we'll learn how to install FreeRADIUS with PostgreSQL on Ubuntu 24.04.
FreeRADIUS is a powerful and widely used open-source RADIUS (Remote Authentication Dial-In User Service) server that provides centralized authentication, authorization, and accounting (AAA) for network devices. Combining FreeRADIUS with PostgreSQL as the backend database allows for efficient management and storage of user and authentication data. This guide will walk you through the process of installing and configuring FreeRADIUS with PostgreSQL, covering both basic and advanced topics to help you fully understand the system.
Prerequisites
Before you begin using the sftp command, ensure the following:
- A KVM VPS or dedicated server with Ubuntu 24.04 OS installed.
- SSH Access: You must have SSH access to the remote system.
- Basic Linux command knowledge.
- A root access or normal user with administrative privileges.
Install FreeRADIUS with PostgreSQL on Ubuntu
Step 1: Install FreeRADIUS and PostgreSQL
Update the system packages:
sudo apt update && sudo apt upgrade -y
Install FreeRADIUS and required modules:
sudo apt install freeradius freeradius-postgresql -y
Install PostgreSQL:
sudo apt install postgresql postgresql-contrib -y
Step 2: Configure PostgreSQL for FreeRADIUS
Switch to the PostgreSQL user:
sudo -i -u postgres
Create a new database and user for FreeRADIUS:
psql
CREATE DATABASE radius;
CREATE USER radius_user WITH PASSWORD 'securepassword';
GRANT ALL PRIVILEGES ON DATABASE radius TO radius_user;
GRANT ALL ON SCHEMA public TO radius_user;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO radius_user;
\q
exit
Modify the login password socket from peer to md5. Edit pg_hba.conf
nano /etc/postgresql/16/main/pg_hba.conf
Note: Replace 16 version with your PostgreSQL installed version.
Find this line:
local all all peer
Change peer to md5
local all all md5
Save and exit the file.
Load the FreeRADIUS schema into PostgreSQL:
cd /etc/freeradius/3.0/mods-config/sql/main/postgresql/
psql -U radius_user -d radius -f schema.sql
This step initializes the database with the required tables for FreeRADIUS.
Step 3: Configure FreeRADIUS to Use PostgreSQL
1. Enable the PostgreSQL module:
Edit the sql module configuration file:
sudo nano /etc/freeradius/3.0/mods-available/sql
Update the following lines:
driver = "rlm_sql_postgresql"
server = "localhost"
port = 5432
login = "radius_user"
password = "securepassword"
radius_db = "radius"
Link the sql module:
sudo ln -s /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-enabled/
2. Enable the SQL module in the FreeRADIUS default sites configuration:
Edit the default and inner-tunnel site files to add sql to the authorize, accounting, and session sections.
sudo nano /etc/freeradius/3.0/sites-available/default
sudo nano /etc/freeradius/3.0/sites-available/inner-tunnel
For example:
authorize {
sql
}
Step 4: Test the Configuration
For temporary stop freeradius service
sudo systemctl stop freeradius
Check the FreeRADIUS configuration for syntax errors:
sudo freeradius -X
If the output shows no errors, start the FreeRADIUS server in debug mode to ensure the SQL module is working correctly:
sudo freeradius -X
Now, stop it bu CTRL+C and start the freeradius service
sudo systemctl start freeradius
Add a test user to PostgreSQL:
sudo -i -u postgres
psql
\c radius
INSERT INTO radcheck (username, attribute, op, value) VALUES ('testuser', 'Cleartext-Password', ':=', 'testpassword');
Test the authentication using the radtest command:
radtest testuser testpassword 127.0.0.1 0 testing123
Replace testing123 with your RADIUS secret.
The output should indicate successful authentication.
Step 5: Advanced Configuration
Set Up Accounting:
Ensure the accounting section in the default and inner-tunnel site configurations includes the sql module:
accounting {
sql
}
1. Enable TLS for Secure Communication:
Configure the eap module for TLS:
sudo nano /etc/freeradius/3.0/mods-enabled/eap
Set the default_eap_type to tls and configure certificate paths.
2. Tune PostgreSQL for Performance:
Modify the PostgreSQL configuration file for optimized performance based on your server’s hardware:
sudo nano /etc/postgresql/16/main/postgresql.conf
Key settings to adjust:
shared_buffers = 256MB
work_mem = 4MB
maintenance_work_mem = 64MB
Restart PostgreSQL after making changes:
sudo systemctl restart postgresql
Step 6: Maintain and Monitor the System
1. Enable Logging:
Configure FreeRADIUS to log detailed information for troubleshooting by editing the radiusd.conf file.
sudo nano /etc/freeradius/3.0/radiusd.conf
1. Monitor PostgreSQL:
Use tools like pgAdmin or psql to monitor database performance and manage users.
2. Regular Updates:
Keep FreeRADIUS and PostgreSQL updated to the latest stable versions to ensure security and performance.
Conclusion
By following this tutorial, you have successfully installed and configured FreeRADIUS with PostgreSQL. This setup provides a robust, scalable, and secure foundation for managing network authentication and accounting. With proper monitoring and maintenance, this system can serve as a reliable backbone for your network access infrastructure.
