Configuring Free Radius on Linux
The IMG 2020 runs a RADIUS client that is configured to send CDR start & stop events to a RADIUS server. The RADIUS Server is configured on a separate server and can be running any type of operating system RADIUS is supported on. The procedure below describes how to configure the Free RADIUS application on a Linux Server running Red Hat Enterprise Linux and CentOS Linux. It is intended to be used as a sample or reference only. If configuring RADIUS on a different operating system, it is up to the user to configure their own RADIUS server.
Requirements:
Server running Red Hat Enterprise Linux with FreeRadius installed.
When RADIUS authentication is configured, the username and password specified in the Web GUI for the Radius server authentication either needs to be in the /etc/raddb/users configuration -or- if using the Linux server for authentication should be added as a Linux user.
Procedure
If adding a RADIUS user by editing the users file, start with Step 1.
If using a Linux username for authentication, skip to Step 2.
If using RADIUS authentication (accounting only) skip to Step 3.
In the FreeRADIUS users file /etc/raddb/users, replace <your_username> and <your_password> with a RADIUS username and password.
<your_username> Auth-Type:=Local, User-Password==<"your_password">
Fall-Through = No
Verify the DEFAULT Authorization Type is Reject. Edit the FreeRadius users file /etc/raddb/users. Add the following line at the end of the file, if missing
# IF NOTHING ELSE MATCHES, REJECT USER
DEFAULT Auth-Type:= Reject
For Free Radius 2.x Series, modify the Detail File Rollover Interval /etc/raddb/radiusd.conf file. This is required for users with high call rates as the details file could reach the max file size in < 24 hours. This can cause incoming calls to be blocked and additional CDR records to not be logged.
Look for the following line around line 1030 (~ half way through file):
# Write a detailed log of all accounting records receivedLook for the following line around line 1056:
detailfile =”,
At the end of this line add the %H to have the log files roll over every hour.
For Free Radius 3.0.x Series, Modify the /etc/raddb/mods-enabled/detail file, look for "filename" and add :%H, This will create a new detail file for every hour.
filename = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d:%H
Add access for each IMG 2020 by editing the clients.conf file located in the /etc/raddb directory. If there are multiple IMG 2020s, the username should be different for each
shortname = The username configured in the RADIUS users file and Web GUI. A unique username is recommended for each IMG 2020.username
secret = A password that you choose for each IMG 2020 that is used in the Web GUI Radius Server Authentication & Accounting configuration. Key used to encrypt sensitive account information transmitted between the IMG 2020 and the RADIUS server.
Password = The RADIUS password configured in the RADIUS users file and Web GUI:Example:
client 10.129.44.240 {
secret = server_secret
shortname = your_username
password = your_password }
Copy the dictionary.dialogic file to the /usr/share/freeradius directory. In the /usr/share/freeradius/ folder, edit the dictionary file and add the following include line. If required, the dictionary.dialogic file can be downloaded from Sangoma BBS (Bulletin Board System) http://excelbbs.sangoma.com. The dictionary.dialogic file is zipped up in a file labeled bdn2020_ver230_supplement_files.zip. Refer to the RADIUS Overview topic for further information on downloading the dictionary.dialogic file.
$INCLUDE dictionary.dialogic
Start the Radius service by entering the following command:
For Red Hat Linux:
$service radiusd restartFor CentOs Linux:
$systemctl restart radiusd.service
Set the Radius service to restart when the system restarts:
For RedHat Linux:
$chkconfig radiusd onFor CentOS Linux:
$systemctl enable radiusd.service
In the WeGUI, Configure a RADIUS Client and RADIUS Server on the IMG 2020.
See Configure RADIUSVerify CDRs are being generated.
By default the files will roll over once a day.
Follow the instructions in step 3 to roll the log files over once an hour.
CDRs stored at: /var/log/radius/radacct/<IMG_IP>.
The file names are: detail-YYYYMMDDHH and detail-2005081801
Archive & delete CDR detail files.
In the /var/log/radius/radacct folder create a script to archive files. Name the file CDR.
#!/bin/sh
# CDR
# Sample script to archive CDR's.
# Files are archived if more than 1 days old
# Files are deleted if more than 31 days old
find /var/log/radius/radacct/*/detail* -mtime +1 -exec gzip {} \;
find /var/log/radius/radacct/*/detail* -mtime +31 -exec rm -f {} \;Create a cron task to run this script. This cron task can be run hourly or daily. The example below will run it hourly.
#!/bin/bash
crontab<<EOF
#cron.dat-cdr - cron file for CDR's
#
# This script restarts the CDR log files each hour.
0 * * * * /var/log/radius/radacct/CDR
#
EOFAfter creating this script, either restart the cron service or restart the server.
In the /etc/cron.hourly folder, create a file to run the script created in the previous step.