Professional Documents
Culture Documents
Installation RadMan
Installation RadMan
Installation RadMan
TABLE OF CONTENTS
TABLE OF CONTENTS .......................................................................................................................... 1
RADIUS MANAGER 2.5.1....................................................................................................................... 2
PREREQUISITS .................................................................................................................................. 2
INSTALLATION OF ZEND OPTIMIZER.............................................................................................. 3
INSTALLATION OF RADIUS MANAGER ........................................................................................... 4
Follow these installation steps. Execute every action as a superuser (root user): .......................... 4
CONFIGURING MIKROTIK ROUTER................................................................................................. 9
Setting up Radius authentication and accounting................................................................................ 9
Setting up Radius MAC authentication .............................................................................................. 11
CONFIGURING RADIUS MANAGER ............................................................................................... 12
UPGRADING INSTRUCTIONS ......................................................................................................... 13
Upgrading from 1.1.5 to 2.0.0 ........................................................................................................ 13
Upgrading from 2.0.0 to 2.0.1 ........................................................................................................ 13
Upgrading from 2.0.1 to 2.0.2 ........................................................................................................ 13
Upgrading from 2.5.0 to 2.5.1 ........................................................................................................ 13
LEGAL NOTE..................................................................................................................................... 14
This document describes the installation and configuration procedure of Radius Manager with
FreeRadius RADIUS server on a Linux machine. It will work without any modifications on Redhat 8, 9,
Fedora Core 1 – 6. On other Linuxes You have to modify some things, because the paths may vary.
PREREQUISITS
To successfully install Radius Manager, You need the following components installed on your
Linux host:
Required components:
Optional components:
1. Webmin (http://www.webmin.com)
2. phpMyAdmin (http://www.dmasoftlab.com/downloads)
Zend Optimizer is used to run Radius Manager PHP components. The system is compiled
with Zend to achieve the fastest speed and best performance. You can download Zend Optimizer for
your Linux system at the following URL’s:
http://www.zend.com
http://www.dmasoftlab.com/downloads
Try to use the newest version for your architecture. On some Linuxes, the newest version
won’t work. In this case try the older versions.
...
[Zend]
zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-3.0.1
zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-3.0.1
zend_optimizer.version=3.0.1
zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so
zend_extension_ts=/usr/local/Zend/lib/ZendExtensionManager_TS.so
zend_optimizer.license_path=/usr/local/Zend/licenses
In the license directory You will put the license file. To get the license file, issue the zendid
command:
Send us the output and we will create a personal license file for You.
When the license file arrives, copy it into the license directory, and restart httpd.
Follow these installation steps. Execute every action as a superuser (root user):
http://www.dmasoftlab.com/downloads
Be sure You have mysql-devel package is installed. In default, FreeRadius will be installed in
/usr/local directory.
It must answer with Ready to process requests. If not, consult your FreeRadius manual.
client 192.168.0.0/16 {
secret = testing123
shortname = private-network
}
# Connect info
server = "localhost"
login = "radius"
password = "radius123"
#
# See "Simultaneous Use Checking Querie" in sql.conf
sql
Uncommenting these lines You enable the use of the MySql database server for accounting
and authorization requests.
DEFAULT Auth-Type=Local
Exec-Program-Wait="/usr/local/bin/mtauth.pl %{User-Name} %{Calling-Station-Id}"
Be sure that these lines are the first DEFAULT lines (around line 70 in the users file). The first
character MUST BE A TAB character before „Exec-Program-Wait” tag!
11. Create the database for FreeRadius. Use some MySql manipulation tool. Webmin is
preferred; it’s easy to use and has graphical interface. Create a database named RADIUS.
12. Create MySql user for FreeRadius. You can do it with mysql command or with WebMin.
Webmin is preferred; it’s simplier to use than a command line client. For testing purposes use
password radius123 for radius account.
13. Also, don’t forget to define the host permissions. Select all permissions.
14. Create the accounting tables for FreeRadius and tables for Radius Manager. Execute the
following sql script from your familiar MySql administration tool:
radius-2.5.1.sql
It will create the necessary tables for Radius server and for Radius Manager (mt_datas).
For manipulating the sql tables, use PHPMyAdmin web interface.
/usr/local/sbin
17. This is the password file for rootexec. Edit the password to fit your needs. This password
have to be the same which is used in definitions.php:
define(rootexec_psw, "test123");
Only one password line is accepted for rootexec.rc. Protect rootexec.rc to only superuser can
view/edit it:
Rootexec is used to manipulate with unix accounts from php scripts. For security purposes it
uses a password, so it can’t be executed by anyone who has php scripts on the accounting server.
/usr/local/bin
Edit the dastabase host, database name, database username and database password in
mtauth.pl and mtacnt.pl scripts. These scripts are using Perl-MySql extension to communicate
with MySql, so install Perl DBI if it is not installed yet.
19. Copy the whole radiusmanager directory into your http root directory.
// database
// system definitions
22. Go into webbrowser, and check the functionality of the administrative interface:
http://yourhost/radiusmanager
admin/1234
Log in and try to create new users and managers. The default manager is admin. The default
profile is default.
http://yourhost/radiusmanager/userinfo.php
If You have problems logging in, close all browser windows and reopen a new one. Type the
correct username and password combination.
To send authentication and accounting requests to Radius server, You have to configure the
following things in the Mikrotik system. Use Winbox to view and edit the configuration. Follow these
steps:
• Service:
o Hotspot: enable hotpsot authentication (username, password, mac)
o Wireless: enable wireless connection authentication from Radius (turn off Default
authenticate for Hotspot wireless interface, and turn on Radius MAC
authentication for that interface)
o PPP: for PPP connection authentication
o Login: Winbox (telnet, ssh) authentication from Radius
o Telephony: telephony authentication from Radius
• Adress is your Radius servers address (Linux/Unix host)
• Secret is from /usr/local/etc/raddb/clients.conf
• Authentication and Accounting ports are the standard Radius ports
• Timeout definies how much time may elapse while Radius answer arrives from the
Radius server; if You use wireless or slower connection to Radius server or the
accounting tables are large, set this timeout higher (2000 ms).
6. Enable incoming Radius requests. It is needed to logoff users directly from Radius Manager
web interface:
Don’t forget to open the UDP port 1700 in firewall on Mikrotik and Linux servers!
By default, all client cards can connect to the Mikrotik AP. If You need to filter them, and allow
only for the registered cards to connect to the SSID, You have to set up Radius MAC authentication in
Mikrotik AP.
In this case when a clients tries to connect to the SSID, Mikrotik verifies the clients MAC
address against the stored one in the user profile in Radius Manager. If the MAC can be found there,
Mikrotik allows the connections.
// database
// system definitions
UPGRADING INSTRUCTIONS
Reinstall all the new components. Follow steps 1 – 10. and 15 – 21. from this Radius
Manager installation guide.
Upgrade the tables using the update-1.1.5_2.0.sql file. Execute it from PhpMyAdmin or from
any other MySql client.
When it is done, check your userbase. Create profiles and assign them to users. Enjoy!
Upgrade the tables using the update-2.0.1_2.0.2.sql file. Execute it from PhpMyAdmin or from
any other MySql client.
Upgrade the tables using the update-2.5.0_2.5.1.sql file. Execute it from phpMyAdmin or from
any other MySql client.
WARNING!
To upgrade from older version to the newest, You have to execute all the sql update scripts
in the correct sequence. For example if You upgrade Radius Manager from 1.1.5 to 2.5.0, You have to
execute the scripts in the following order:
1. update-1.1.5_2.0.0.sql
2. update-2.0.1_2.0.2.sql
3. update-2.0.2_2.5.0.sql
4. update-2.5.0_2.5.1.sql
Check and update the old profile settings after the system upgrade.
LEGAL NOTE