Fear Not Working with FreeRADIUS

FreeRADIUS is one of the most popular RADIUS servers on the market, providing authentication, authorization and accounting (AAA) for networks both small and large. Best of all, it is open source and completely free.

Though its default configuration requires little or no changes for most situations, you can run into issues at times. Here we’ll share some tips you might want to utilize during the installation, maintenance or troubleshooting phases of working with FreeRADIUS.

Check Date of Documentation

If you search the web for FreeRADIUS installation or troubleshooting tips, you’ll likely find many sources of help. But be careful in following outdated tutorials, documentation and advice. See if the article or discussion mentions the specific FreeRADIUS version covered and then try to find the most current information possible.

Try to Use Packages

You can install or build FreeRADIUS yourself via the source files, but to make the installation quicker and easier, consider installing the binary package if available in your operating system’s repository.

The only downside is that you might not find packages for the very latest FreeRADIUS version. Once you see the version offered in the packages you can check the FreeRADIUS news for the release notes so you can make a determination on which version is desired or required based on the bug fixes and feature improvements.

Don’t Make Unnecessary Changes

Don’t change or delete any settings unless you fully understand what you’re doing. A very simple mistake can “break” the server and result in much troubleshooting to find the underlying issue.

If changes are required, first back up a copy of the configuration files you’re changing. Also, try to make just one or a few setting changes at a time and then restart the server to check if it still operates correctly.

Add Comments for Any Changes Made

If you make any changes to the default configuration files, it’s highly recommended to add comments. Describe the change and why it was needed. As a result, in the future you or anyone else that looks through the configuration files will quickly understand any previous changes made as well as any potential new changes that might be needed.

Restart After Changes

Remember, if you make configuration changes while FreeRADIUS is running, the changes won’t take effect until you restart the server.

If running FreeRADIUS in debug mode you can stop the server by hitting Ctrl + C. Otherwise you should stop it via command, the specific syntax of which will vary depending upon your OS. Try the following to stop:

/etc/init.d/freeradius stop

And then to start:

/etc/init.d/freeradius start

If you’re using Red Hat Enterprise Linux RHEL (or similar distros), try these commands to restart FreeRADIUS:

service radiusd stop

service radiusd start

Run in Debug Mode

Although you can check logs for errors, when initially setting up FreeRADIUS or when making configuration changes, consider running the server in debug mode. That way you can see a live output of the server to ensure it is running properly.

To run FreeRADIUS in debug mode, add the X attribute:

freeradius -X

Once you’re comfortable with the server running properly you can stop the debug mode by hitting Ctrl + C.

Recheck Basic Configuration

If you run into issues with users not being able to authenticate, check and re-check the basics. Ensure your NAS clients are listed in the clients.conf file with a valid IP address and shared secret, and ensure they match what’s set on your NAS client. Ensure usernames and passwords are correctly defined in the users file.

Help Others Help You

FreeRADIUS has an active mailing list where you can receive great help; however, before asking questions you should double-check your logs and debug output for errors and warnings for any hints. Make sure to first search the mailing list archive, Frequently Asked Questions, Wiki, and the web for an answer, as many times you can figure out issues on your own.

If you still need to post to the mailing list, be sure to include the entire debugging output, especially the output showing the server receiving and processing test packets. But don’t forget to remove any private information (shared secrets, passwords, etc).

Also include any related configuration files as text, and don’t forget to include the FreeRADIUS version you’re using. Plus send e-mails in plain-text format, not HTML.

Eric Geier is a freelance tech writer — keep up with his writings on Facebook. He’s also the founder of NoWiresSecurity, a cloud-based Wi-Fi security service, and On Spot Techs, an on-site computer services company.

Follow ServerWatch on Twitter and on Facebook