This guide installs FreeRADIUS on a Linux host. FreeRADIUS 3.2.x is the currently recommended stable release for production environments.
Install required runtime packages for the service:
sudo apt update
sudo apt install -y freeradius freeradius-utils freeradius-common
# For RHEL/CentOS 8+ or Rocky Linux
sudo dnf install -y freeradius freeradius-utils
# For older RHEL/CentOS 7
sudo yum install -y freeradius freeradius-utils
sudo zypper install freeradius-server freeradius-server-utils
Check that FreeRADIUS is properly installed:
radiusd -v
This should display version information for FreeRADIUS 3.2.x.
Before making changes, verify the default configuration:
radiusd -XC
This command performs a complete configuration check and should report “Configuration appears to be OK”.
Edit the clients configuration file to define which devices can connect to your RADIUS server:
sudo nano /etc/freeradius/3.0/clients.conf
sudo nano /etc/raddb/clients.conf
Add a client entry for your network device:
client example_client {
ipaddr = 192.168.1.100
secret = your_strong_shared_secret_here
shortname = example-nas
}
Enable FreeRADIUS to start automatically at boot and start the service:
sudo systemctl enable freeradius
sudo systemctl start freeradius
sudo systemctl status freeradius
Test the RADIUS server with a simple authentication request:
radtest username password localhost 0 testing123
This should return an “Access-Accept” response if the server is working correctly.
FreeRADIUS supports multiple authentication backends. The most common configurations include:
Located in /etc/freeradius/3.0/users (Debian/Ubuntu) or /etc/raddb/users (RHEL)
Configure in /etc/freeradius/3.0/mods-available/ldap or /etc/raddb/mods-available/ldap
Configure in /etc/freeradius/3.0/mods-available/sql or /etc/raddb/mods-available/sql
clients.confchmod 600 on sensitive files)For debugging issues, run FreeRADIUS in debug mode:
sudo radiusd -X
This provides verbose output that helps diagnose configuration problems.
See FreeRADIUS Configuration for configuration guidance.
See FreeRADIUS Security for hardening guidance.
Setting up identity management systems can be complex. We offer consulting services for:
Contact us at office@linux-server-admin.com or visit our contact page.