To successfully install Radius Manager on your host, You have to complete the following steps:
1. Install ionCube runtime libraries
2. Build and configure FreeRadius server
3. Configure MySQL database and credentials
4. Install Radius Manager WEB components
5. Install Radius Manager binaries
6. Complete the post installation steps and fine tuning
INSTALLATION Prerequisites:
To successfully install and run Radius Manager, You need the following components installed on the Linux host, If they are not installed already, don't worry we will install them in next step
Software Requirements:
FreeRadius 2.1.8 DMA mod 2 (downloadable from http://www.dmasoftlab.com)
• PHP 5 or better
• MySQL 5 or better
• MySQL development libraries
• php-mysql
• php-mcrypt
• curl, php-curl
• glibc 2.4 or better
• GNU C/C++ compiler IonCube runtime libraries. They are downloadable freely from http://www.ioncube.com and http://www.dmasoftlab.com
• Javascript enabled browser on running on client machines
Preparing the Linux system Fedora 10
Install the necessary components on your Linux host before You begin the installation of Radius Manager.
1. Disable SeLinux in /etc/sysconfig/selinux and reboot your host:
2. On Fedora Core 10 install the required packages in one step:
1
|
yum install make php php-mysql php-mcrypt mysql-devel mysql-server gcc libtool-ltdl
|
[ Note: This will download and install about 60-70 mb of packages depends on you FED installation. Be patience if you have slow internet connection ]
*To install php-mrcypt in centos 6
2.yum update
3.yum install php-mcrypt
Installation procedure of ionCube runtime system
Radius Manager requires ionCube runtime libraries. You can download them from: http://www.dmasoftlab.com/downloads
Before installing ionCube, You have to know the following:
1. The architecture of your Linux system (32 or 64 bit) (usually 32bit pc is used in most cases, I will use 32bit only as example)2. Which PHP version are You using (use php -v to view version info, hopefully you will get v5.2.9)
3. Where is your php.ini file located (On fedora its usually /etc/php.ini)
Example ionCube installationcd //
1. First create a temp folder in root
Now download ionCube by issuing following commandwget http://www.dmasoftlab.com/cont/download/ioncube_loaders_lin_x86.tar.gz
UNTAR the ionCube runtime libraries to /usr/ local/ioncube by using following command
1
|
tar zxvf ioncube_loaders_lin_x86.tar.gz
|
Now copy the ioncube foler to to /usr/ local/ioncube by using following command(note –make dir /usr/local/ioncube)
1
|
cp /temp/ioncube/* /usr/local/ioncube/
|
2. Add the appropriate ionCube loader to your php.ini. You have to add the following line in /etc/php.ini
1
|
zend_extension=/usr/local/ioncube/ioncube_loader_lin_5.3.so
|
3. Test the ionCube loader from shell:
1
|
[root@localhost]# php -v
|
|
2
|
|
|
3
|
You have to see the ionCube PHP Loader version displayed correctly.
|
|
4
|
|
|
5
|
PHP 5.2.9 (cli) (built: Apr 17 2009 03:29:12)
|
|
6
|
Copyright (c) 1997-2009 The PHP Group
|
|
7
|
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies
|
|
8
|
with the ionCube PHP Loader v3.3.14, Copyright (c) 2002-2010, by ionCube Ltd.
|
4. Restart the web server by following command:
sevice httpd restart
5. Run ifconfig command from shell to determine the MAC address of the network interface card (NIC):
1
|
[root@localhost]# ifconfig
|
eth0 Link encap:Ethernet HWaddr 08:00:27:88:0E:68
6. Now it’s time to request a license for your server. If this is first time, Ask support@dmasoftlab.com to grant you id passwrod for customer portal. after getting Id, Log on to DMA Softlab customer’s portal (https://customers.dmasoftlab.com) and request a trial license for the hardware address (MAC address) of your network interface card.
Radius Manager will run only on the specified host and the license is binding to the MAC address of the network interface card. You can migrate Radius Manager to another host if You also move the same network interface card with it.
It is strongly recommended to request a license for a removable networking interface to allow migration to new host without loosing the license.
7. When a license file is issued (You will get a notification about it in email), download and copy the lic.txt and mod.txt to radiusmanager web directory (read the “Installation procedure of Radius Manager” chapter of this manual) to enable licensing of your Radius Manager installation.
Troubleshooting the ionCube loader system
If encoded files fail to run, you can test ionCube runtime by using the helper PHP script ioncubeloader-helper.php, which is included in the loader download archive.
1. Copy the ioncube-encoded-file.php PHP script to your http root (on Redhat-based system it is /var/www/html).
2. Try to access the ioncube-encoded-file.php script using your favorite web browser:
3. If You can see the message “This file has been successfully decoded. ionCube Loaders are correctly installed”, it means You have successfully installed ionCube runtime on your host and it is ready to use. If You can’t decode the file via a HTTP call, check the php.ini and be sure SeLinux is disabled.
Installation procedure of FreeRadius
Follow the installation steps to successfully build, install and configure FreeRadius RADIUS server on your host. Use only FreeRadius 2.1.8 DMA mod 2 source archive (downloadable from our site). It is prepared and tested by our team and it is 100% compatible with Radius Manager.
Other versions and builds will not function properly with Radius Manager. If your host already has a different FreeRadius version installed, remove it completely including it’s configuration files (/etc/raddb or /usr/local/etc/raddb).
Execute the following actions as super user (root user):
1. Download FreeRadius archive in /temp folder from the following URL: http://www.dmasoftlab.com/downloads by issuing following command
wget http://www.dmasoftlab.com/cont/download/freeradius-server-2.1.8-dmamod-2.tar.gz
2. Build FreeRadius server from sources. Do it in the following way. Ungzip and untar the FreeRadius archive:
1
|
gzip -d freeradius-server-2.1.8-dmamod-2.tar.gz
|
2
|
tar xvf freeradius-server-2.1.8-dmamod-2.tar
|
|
1
|
cd freeradius-server-2.1.8
|
2
|
./configure
|
|
3
|
make
|
|
4
|
make install
|
By default, FreeRadius will be installed in /usr/local directory.
3. Now You can test FreeRadius in debug mode. Start it with parameter -X
1
|
radiusd -X
|
|
2
|
|
|
3
|
Listening on authentication address * port 1812 Listening on accounting address * port 1813
|
|
4
|
Listening on command file /usr/local/var/run/radiusd/radiusd.sock Listening on proxy address * port 1814
|
5
|
|
|
6
|
Ready to process requests.
|
|
|
|
|
|
|
|
It must answer with “Ready to process requests”.
If radiusd cannot find the required libraries, issue ldconfig from shell to refresh the ld linker’s cache.
4. Set the correct permissions on FreeRadius configuration files (Fedora):
1
|
chown apache /usr/local/etc/raddb
|
|
2
|
chown apache /usr/local/etc/raddb/clients.conf
|
Radius Manager updates the clients.conf automatically, so it is necessary to set the correct permission on it. Do not modify the clients.conf by hand. Don’t forget to define allNASes in ACP with the correct secret and restart FreeRadius (from ACP or from shell) after modifying the NASes in the system.
5. Review and modify (if needed) the MySQL credentials in /usr/local/etc/raddb/sql.conf: by issuing following command
1
|
nano /usr/local/etc/raddb/sql.conf
|
|
2
|
|
|
3
|
# Connection info:
|
|
4
|
server = “localhost” #port = 3306
|
5
|
login = “radius”
|
|
6
|
password = “radius123”
|
|
|
|
|
|
|
|
|
Creating MySQL databases with MySQL command line tool
Now, Log on to MySQL server as root:
1
|
mysql -u root -ppassword
|
1
|
CREATE DATABASE radius;
|
|
2
|
CREATE DATABASE conntrack;
|
|
3
|
CREATE USER 'radius'@'localhost’ IDENTIFIED BY 'radius123';
|
|
4
|
CREATE USER 'conntrack'@'localhost' IDENTIFIED BY 'conn123'; GRANT ALL ON radius.* TO radius@localhost;
|
5
|
GRANT ALL ON conntrack.* TO conntrack@localhost;
|
|
6
|
exit
|
Completing this step the databases are ready to use.
Installation procedure of Radius Manager
There are two methods of installation available:
1. Interactive, using the included installer script. (We will focus on this as its easier for newbie)
2. Manual installation, using Unix commands. (We will not discuss it as its already briefly described in RM Manual)
Interactive installation
The easiest way to install Radius Manager is to use the included install.sh script. It is located in Radius Manager tar archive and can be used on Redhat, Debian and (with slight modification of the environment) on other systems. Before You begin, be sure You have prepared the MySQL database tables and credentials. Radius Manager requires two databases:
1. RADIUS – for storing all system data, including users and accounting information.2. CONNTRACK – for storing connection tracking system (CTS) data.
Create both databases even on a non-CTS enabled system.
Now download RM (radiusmanager-3.9.0.tgz) from dma customer portal in /temp folder. Now decompress the Radius Manager tarball using following command.
1
|
tar xf radiusmanager-3.9.0.tgz
|
|
2
|
cd radiusmanager-3.9.0-rel-allpatches-1-5/
|
Now invoke the installer script, but first change its permission to 755. In the examples below we will use the installer script on Redhat / Fedora system.
01
|
chmod 755 install.sh
|
|
02
|
|
|
03
|
./install.sh
|
|
04
|
|
|
05
|
Radius Manager installer
|
|
06
|
Copyright 2004-2011, DMA Softlab LLC All right reserved.
|
07
|
(Use CTRL+C to abort any time)
|
|
08
|
|
|
09
|
Select the type of your operating system:
|
|
10
|
1. Redhat (Fedora, CentOS etc.)
|
|
11
|
2. Debian (Ubuntu etc.)
|
|
12
|
Choose an option: [1]
|
|
|
|
|
|
|
|
|
|
|
|
|
Select the operating system You have. For Redhat, RHEL, CentOS, Fedora select option 1.
Now select the installation method:
1
|
Select installation type:
|
2
|
|
|
3
|
1. New installation
|
|
4
|
2. Upgrade old system
|
|
5
|
Choose an option: [1]
|
|
|
|
|
|
|
|
For new installation, use option 1. You can see the default options after every question, so You can just press enter in most cases.
1
|
Choose an option: [1]
|
|
2
|
Selected installation method: NEW INSTALLATION
|
3
|
WWW root path: [/var/www/html]
|
|
|
|
|
|
Now define the HTTP root folder. The installer will create radiusmanager subfolder in it automatically. On Redhat You can simply press enter.
Now define the MySQL database credentials:
1
|
RADIUS database host: [localhost]
|
|
2
|
RADIUS database username: [radius]
|
|
3
|
RADIUS database password: [radius123]
|
4
|
CTS database host: [localhost]
|
|
5
|
CTS database username: [conntrack]
|
|
6
|
CTS database password: [conn123]
|
|
|
|
|
|
|
|
For the default setup simply press enter and use MySQL user “radius” with password “radius123” for RADIUS database, and conntrack / conn123 for CONNTRACK database.
The host is “localhost” by default. If You have different setup, specify proper values. If You are planning to use the system with hundreds of online users, it is recommended to use separate database host for CONNTRACK database.
In the next step You have to define the FreeRadius user. It must be the correct user to set the permission properly on /etc/radiusmanager.cfg. If there are permission problems on/etc/radiusmanager.cfg, Radius Manager binaries will not function at all.
Freeradius UNIX user: [root]
On Fedora it is root, so simply press enter.
Now define the HTTP user (the user name under Apache is running). It is required to set the permission on files in radiusmanager/config directory. On Fedora it is the apache user.
Httpd UNIX user: [apache]
You can now decide to create rmpoller service or not? It is a standard Fedora / Debian compatible service script which invokes rmpoller helper. You can also start rmpoller using alternative ways.
Create rmpoller service: [y]
In most cases simply press enter. When a service has been created, You can use the command (on Fedora)
service rmpoller [start | stop]
to control rmpoller service activity. Also make this service auto starting at boot time together with FreeRadius. Use command chkconfig -add rmpoller on or use Webmin to activate the service at boot time.
In the next step select yes if You want to create the rmconntrack service. It is a standard Linux service, like rmpoller. It is required for Radius Manager CTS only.
Create rmconntrack service: [y]
When a service has been created, You can use the command
service rmconntrack [start | stop]
to control rmconntrack service activity. Also make this service auto starting at boot time.
It is strongly recommended to create a full database backup before You continue. Answer ‘yes’ to the following question:
Back up RADIUS database: [y]
Now the system warns You it will overwrite the existing databases if You continue. Press ‘y’ to continue or ‘n’ to abort the installation process.
01
|
WARNING! If You continue You will overwrite the existing RADIUS database!
|
|
02
|
Are You sure to start the installation? [n]
|
|
03
|
You can press Ctrl+C any time to abort the installation process.
|
|
04
|
|
|
05
|
Starting installation process...
|
|
06
|
Backing up radiusmanager.cfg Backing up system_cfg.php Backing up netcash_cfg.php Backing up paypal_cfg.php Backing up authorizenet_cfg.php Backing up dps_cfg.php Backing up 2co_cfg.php
|
07
|
Copying web content to /var/www/html/radiusmanager Copying binaries to /usr/local/bin
|
|
08
|
Copying rootexec to /usr/local/sbin Copying radiusmanager.cfg to /etc
|
|
09
|
Backing up RADIUS database... Creating mysql tables
|
|
10
|
Creating rmpoller service
|
|
11
|
Creating rmconntrack service
|
|
12
|
Copying logrotate script
|
|
13
|
Setting permission on raddb files
|
|
14
|
Copying radiusd init script to /etc/init.d
|
|
15
|
|
|
16
|
Installation finished!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
the installation process is finished, You can begin configuring the system with /etc/radiusmanager.cfg and radiusmanager/config files.
Add the following line to /etc/crontab to execute rmscheduler.php every day after midnight by issuing following command:
Now press i and add the the following entry.
1
|
02 0 * * * root /usr/bin/php /var/www/html/radiusmanager/rmscheduler.php 12345
|
Now press ESC button, now press SHIFT+: , now press wq
it will save the crontab and exit.
12345 is the default password, as it is defined in system_cfg.php. Always specify the full path of the PHP interpreter. If You are not sure, check it’s location before You add the crontab record. The password has to match the predefined one in system_cfg.php.
Now download the the license files (lic.txt and mod.txt) and copy them in in radiusmanager web folder
1
|
cp lic.txt /var/www/html/radiusmanager
|
|
2
|
cp mod.txt /var/www/html/radiusmanager
|
Now Try to access the ACP (Administration Control Panel) by pointing your browser to http://localhost/radiusmanager/admin.php. usename admin password 1111 (By Default)
Also test the functionality of the User Control Panel (UCP):
1
|
username user password 1111 by default
|