Configuring Free Radius on Linux

Owned by Kelli Higdon
Last updated: Apr 02, 2024
3 min read

 

The IMG 2020 runs a RADIUS client that is configured to send CDR start & stop events to a RADIUS server. The RADIUS Server is configured on a separate server and can be running any type of operating system RADIUS is supported on. The procedure below describes how to configure the Free RADIUS application on a Linux Server running Red Hat Enterprise Linux and CentOS Linux. It is intended to be used as a sample or reference only. If configuring RADIUS on a different operating system, it is up to the user to configure their own RADIUS server. 

Requirements:

  • Server running Red Hat Enterprise Linux with FreeRadius installed.

  • When RADIUS authentication is configured, the username and password specified in the Web GUI for the Radius server authentication either needs to be in the /etc/raddb/users configuration -or- if using the Linux server for authentication should be added as a Linux user.

Procedure

  • If adding a RADIUS user by editing the users file, start with Step 1.

  • If using a Linux username for authentication, skip to Step  2.

  • If using RADIUS authentication (accounting only) skip to Step 3.

  1. In the  FreeRADIUS users file /etc/raddb/users, replace <your_username> and <your_password> with a RADIUS username and password.

    1. <your_username> Auth-Type:=Local, User-Password==<"your_password">

    2. Fall-Through = No

  2. Verify the DEFAULT Authorization Type is Reject. Edit the FreeRadius users file /etc/raddb/users. Add the following line at the end of the file, if missing

    1. # IF NOTHING ELSE MATCHES, REJECT USER

    2. DEFAULT Auth-Type:= Reject

  3. For Free Radius 2.x Series, modify the Detail File Rollover Interval /etc/raddb/radiusd.conf file. This is required for users with high call rates as the details file could reach the max file size in < 24 hours. This can cause incoming calls to be blocked and additional CDR records to not be logged.

    1. Look for the following line around line 1030 (~ half way through file):
      # Write a detailed log of all accounting records received

    2. Look for the following line around line 1056:
      detailfile =”,
      At the end of this line add the %H to have the log files roll over every hour.

  4. For Free Radius 3.0.x Series, Modify the /etc/raddb/mods-enabled/detail file, look for "filename" and add :%H, This will create a new detail file for every hour.

    1. filename = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d:%H

  5. Add access for each IMG 2020 by editing the clients.conf file located in the /etc/raddb directory. If there are multiple IMG 2020s, the username should be different for each

    1. shortname = The username configured in the RADIUS users file and Web GUI. A unique username is recommended for each IMG 2020.username
      secret = A password that you choose for each IMG 2020 that is used in the Web GUI Radius Server Authentication & Accounting configuration. Key used to encrypt sensitive account information transmitted between the IMG 2020 and the RADIUS server.
      Password = The RADIUS password configured in the RADIUS users file and Web GUI:

    2. Example:
      client 10.129.44.240 {
      secret = server_secret
      shortname = your_username
      password = your_password }

  6. Copy the dictionary.dialogic file to the /usr/share/freeradius directory. In the /usr/share/freeradius/ folder, edit the dictionary file and add the following include line. If required, the dictionary.dialogic file can be downloaded from Sangoma BBS (Bulletin Board System) http://excelbbs.sangoma.com. The dictionary.dialogic file is zipped up in a file labeled bdn2020_ver230_supplement_files.zip. Refer to the RADIUS Overview topic for further information on downloading the dictionary.dialogic file.

    1. $INCLUDE dictionary.dialogic  

  7. Start the Radius service by entering the following command:

    1. For Red Hat Linux:
      $service radiusd restart

    2. For CentOs Linux:
      $systemctl restart radiusd.service

  8. Set the Radius service to restart when the system restarts:

    1. For RedHat Linux:
      $chkconfig radiusd on

    2. For CentOS Linux:
      $systemctl enable radiusd.service

  9. In the WeGUI, Configure a RADIUS Client and RADIUS Server on the IMG 2020.
    See Configure RADIUS

  10. Verify CDRs are being generated. 

    1. By default the files will roll over once a day. 

    2. Follow the instructions in step 3 to roll the log files over once an hour. 

    3. CDRs stored at: /var/log/radius/radacct/<IMG_IP>. 

    4. The file names are: detail-YYYYMMDDHH and detail-2005081801

  11. Archive & delete CDR detail files.

  12. In the /var/log/radius/radacct folder create a script to archive files. Name the file CDR.
    #!/bin/sh
    #  CDR
    #       Sample script to archive CDR's.
    #       Files are archived if more than 1 days old
    #       Files are deleted if more than 31 days old
    find /var/log/radius/radacct/*/detail* -mtime +1 -exec gzip {} \;
    find /var/log/radius/radacct/*/detail* -mtime +31 -exec rm -f {} \;

  13. Create a cron task to run this script. This cron task can be run hourly or daily. The example below will run it hourly.
    #!/bin/bash
    crontab<<EOF
    #cron.dat-cdr - cron file for CDR's
    #
    # This script restarts the CDR log files each hour.
    0 * * * * /var/log/radius/radacct/CDR
    #
    EOF

  14. After creating this script, either restart the cron service or restart the server. 

    1. In the /etc/cron.hourly folder, create a file to run the script created in the previous step.

 

Return to Documentation Home I Return to Sangoma Support