How To Install Daloradius On Centos Firewall

Updated by Edward Angert Written by Linode

Install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7. FreeRADIUS is an high performance,open source RADIUS server developed under the GNU General Public License. FreeRADIUS is the most used RADIUS server in the world. FreeRADIUS comes with web based user administration tool and is modular, very scalable and rich sets of features. Checking for Open Ports with nmap. First check the IP address of your CentOS 7 server with the following command: You can check for all the open ports with nmap utility from another computer as follows: As you can see, right now, only the port 22 is open.

Use promo code DOCS10 for $10 credit on a new account.
Contribute on GitHub

Report an Issue | View File | Edit File

Apache is an open-source web server that can be configured to serve a single or multiple websites using the same Linode. This guide explains how to install and configure the Apache web server on CentOS 7.

Note

How To Install Daloradius

This guide is written for a non-root user. Commands that require elevated privileges are prefixed with sudo. If you’re not familiar with the sudo command, you can check our Users and Groups guide.

Replace each instance of example.com in this guide with your site’s domain name.

Before You Begin

  1. Ensure that you have followed the Getting Started and Securing Your Server guides, and the Linode’s hostname is set.

    To check your hostname run:

    The first command should show your short hostname, and the second should show your Fully Qualified Domain Name (FQDN).

  2. Update your system:

Apache

Install and Configure Apache

  1. Install Apache 2.4:

  2. Modify httpd.conf with your document root directory to point Apache to your site’s files. Add the <IfModule prefork.c> section below to adjust the resource use settings. The settings shown below are a good starting point for a Linode 2GB:

    Note

    Before changing any configuration files, we recommend that you make a backup of the file. To make a backup:

    cp /etc/httpd/conf/httpd.conf ~/httpd.conf.backup

    /etc/httpd/conf/httpd.conf

    These settings can also be added to a separate file. The file must be located in the conf.module.d or conf directories, and must end in .conf, since this is the format of files included in the resulting configuration.

Configure Name-based Virtual Hosts

You can choose many ways to set up a virtual host. In this section we recommend and explain one of the easier methods.

  1. Within the conf.d directory create vhost.conf to store your virtual host configurations. The example below is a template for website example.com; change the necessary values for your domain:

    /etc/httpd/conf.d/vhost.conf

    Additional domains can be added to the vhost.conf file as needed. To add domains, copy the VirtualHost block above and modify its values for each additional virtual host. When new requests come in from the internet, Apache checks which VirtualHost block matches the requested url, and serves the appropriate content:

    Note
    ErrorLog and CustomLog entries are suggested for more specific logging, but are not required. If they are defined (as shown above), the logs directories must be created before you restart Apache.
  2. Create the directories referenced above:

  3. Enable Apache to start at boot, and restart the service for the above changes to take effect:

    You can now visit your domain to test the Apache server. A default Apache page will be visible if no index page is found in your Document Root as declared in /etc/httpd/conf/httpd.conf:

Configure firewalld to Allow Web Traffic

CentOS 7’s built-in firewall is set to block web traffic by default. Run the following commands to allow web traffic:

Next Steps: Add SSL for Security and Install GlusterFS for High Availability

Congratulations! You’ve set up Apache and you’re now ready to host websites. If you’re wondering what additional configuration changes are available to get the most out of your server, some optional steps can be found below.

Secure Your Site with SSL

To add additional security to your site, consider enabling a Secure Sockets Layer (SSL) certificate.

Install and Configure GlusterFS, Galera, and XtraDB for High Availability

Consult our Host a Website with High Availability guide to mitigate downtime through redundancy, monitoring, and failover.

More Information

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

Join our Community

Please enable JavaScript to view the comments powered by Disqus.comments powered by Disqus

This guide is published under a CC BY-ND 4.0 license.

On this page

  1. WifiAuthentication/Accounting With FreeRadius On CentOS 5
    1. Step 3 ( ***********OpenSSL Certificate Generation ***********)

WifiAuthentication/Accounting With FreeRadius On CentOS 5

(Date:2-June-2008)

This tutorial explains how you can set up a FreeRadius server with Wifi authentication and accounting on CentOS 5. This howto should work for a newbie.Production deployment is also possible with minor tweaking. But asusual I do not guarantee anything & take no responsibilities ifsomething goes wrong.

(Note: For the faint-hearted you can use this turn-key solution. http://www.howtoforge.com/how-to-set-up-an-aaa-server-with-ciitix-wifi )

This configuration has been tested onfollowing:

OS: CentOS 5.x (patched)

Certificates: Openssl 0.98b

Radius Sever: Freeradius version1.1.7 (built from fc6 src.rpms)

(Note: This document also assumesthat you have a dhcp server already configured & running on thesame subnet.)

Protocols configuredfor:

  • WPA1/2 enterprise
  • EAP/PEAP/TTLS

Following processes areinvolved:

1- Install OS

2- Install openssl

3- Generate digital certificates

4- Install / Configure freeradius

5- Configure Access points

6- Configure end wifi clients

Step 1

How To Install Daloradius On Centos Firewall Windows 7

1- Install the OS in the minimal mode(refer to some howto).

Step 2

2- Install openssl (if not alreadyinstalled)

Step 3 ( ***********OpenSSL Certificate Generation ***********)

There are numerous ways of generatingssl based certificates. You can create your certificates at anothercomputer or on this server.

Following is a manual way of creatingcertificates which I adopted. But you are suggested to use somescript to create them(skip this step if you . Freeradius 1.1.7 &2.x version comes with nice certificate generating scripts, use themif you are new to certificates. (In 2.X the scripts are usually in/etc/radd/certs/, in 1.X it is in the scripts/ directory of un-tgz'edfreeradius).

Note: Following process alsocreates client certificates which you would not be needing withEAP/PEAP.

3.1 Create a new self-signedcertificate authority (if not already created) in /etc/ssl:

Edit /etc/pki/tls/openssl.cnf &change

to

openssl req -new -x509-extensions v3_ca -keyout private/cakey.pem -out cacert.pem -days3650

Passphrase: 'letmein' was thepasswd I chose.

Following is the output:

[[email protected] ssl]# openssl req -new-x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem-days 3650

writing new private key to'private/cakey.pem'

You are about to be asked to enterinformation that will be incorporated

What you are about to enter is what iscalled a Distinguished Name or a DN.

There are quite a few fields but youcan leave some blank

For some fields there will be a defaultvalue,

If you enter '.', the field will beleft blank.

State or Province Name (full name)[Berkshire]:pakhtoonkhwa

Locality Name (eg, city)[abbottabad]:abbottabad

Organization Name (eg, company)[ciit]:ciit

Organizational Unit Name (eg, section)[]:

Common Name (eg, your name or yourserver's hostname) []:ciitwifi

Email Address[]:[email protected]@ciit.net.pk

3.2 Create server certificate requestin /etc/ssl: (note the passwd 'lettheserverin')

openssl req -new -nodes -keyoutserver_key.pem -out server_req.pem -days 730

Output:

[[email protected] ssl]# openssl req -new-nodes -keyout server_key.pem -out server_req.pem -days 730

writing new private key to'server_key.pem'

You are about to be asked to enterinformation that will be incorporated

What you are about to enter is what iscalled a Distinguished Name or a DN.

There are quite a few fields but youcan leave some blank

For some fields there will be a defaultvalue,

If you enter '.', the field will beleft blank.

State or Province Name (full name)[Berkshire]:pakhtoonkhwa

Locality Name (eg, city)[abbottabad]:abbottabad

Organization Name (eg, company)[ciit]:ciit

Organizational Unit Name (eg, section)[]:

Common Name (eg, your name or yourserver's hostname) []:ciitwifi

Please enter the following 'extra'attributes

to be sent with your certificaterequest

[[email protected] ssl]#

3.3 Sign server certificate using thecertificate authority created earlier (with XP extensions):

Create an xpextensions file at /etc/ssl location with the following content.


openssl ca -policypolicy_anything -out server_cert.pem -extensions xpserver_ext-extfile /etc/ssl/xpextensions -infiles /etc/ssl/server_req.pem

(Note: passphrase was letmein in step3.)

[[email protected] ssl]# openssl ca -policypolicy_anything -out server_cert.pem -extensions xpserver_ext-extfile /etc/ssl/xpextensions -infiles /etc/ssl/server_req.pem

Using configuration from/etc/pki/tls/openssl.cnf

Enter pass phrase for/etc/ssl/private/cakey.pem:

Check that the request matches thesignature

X509v3 Extended Key Usage:

Certificate is to be certified untilJun 10 03:22:22 2009 GMT (365 days)

1 out of 1 certificate requestscertified, commit? [y/n]y

[[email protected] ssl]#

3.4 Create a server file with both theserver key and the server certificate:

cat server_key.pemserver_cert.pem > server_keycert.pem

3.5 Create a client certificaterequest in /etc/ssl:

openssl req -new -keyoutclient_key.pem -out client_req.pem -days 730

'ciitwificlient' is the PEMpassphrase I used.

Output:

[[email protected] ssl]# openssl req -new-keyout client_key.pem -out client_req.pem -days 730

writing new private key to'client_key.pem'

You are about to be asked to enterinformation that will be incorporated

What you are about to enter is what iscalled a Distinguished Name or a DN.

There are quite a few fields but youcan leave some blank

For some fields there will be a defaultvalue,

If you enter '.', the field will beleft blank.

State or Province Name (full name)[Berkshire]:pakhtoonkhwa

Locality Name (eg, city)[abbottabad]:abbottabad

Organization Name (eg, company)[ciit]:ciit

Organizational Unit Name (eg, section)[]:

Common Name (eg, your name or yourserver's hostname) []:ciitwifi

Please enter the following 'extra'attributes

to be sent with your certificaterequest

[[email protected] ssl]#

3.6 Sign client certificate using thecertificate authority created earlier (with XP extensions):

openssl ca -policypolicy_anything -out client_cert.pem -extensions xpclient_ext-extfile /etc/ssl/xpextensions -infiles /etc/ssl/client_req.pem

'letmein' is the passphrase Iused.

[[email protected] ssl]# openssl ca -policypolicy_anything -out client_cert.pem -extensions xpclient_ext-extfile /etc/ssl/xpextensions -infiles /etc/ssl/client_req.pem

Using configuration from/etc/pki/tls/openssl.cnf

How to install daloradius

How To Install Daloradius On Centos Firewall Windows 10

Enter pass phrase for/etc/ssl/private/cakey.pem:

Check that the request matches thesignature

X509v3 Extended Key Usage:

Certificate is to be certified untilJun 10 03:49:46 2009 GMT (365 days)



1 out of 1 certificate requestscertified, commit? [y/n]y

How To Install Daloradius On Centos Firewall Mac

[[email protected] ssl]#


3.7 Export the client certificate inthe appropriate format (P12) for an XP client:

openssl pkcs12 -export -inclient_cert.pem -inkey client_key.pem -out client_cert.p12 -clcerts

'ciitwificlient' is thepassphrase.

'Idontknow' is the exportpassword. This is the password that the you will be giving thewindows XP clients, who will be using this while installing theclient_cert.

Output:

[[email protected] ssl]# openssl pkcs12-export -in client_cert.pem -inkey client_key.pem -outclient_cert.p12 -clcerts

[[email protected] ssl]#

3.8 Export the root certificate ofthe server in the appropriate format (DER) for an XP client:

openssl x509 -setalias'[email protected]' -outform DER -in cacert.pem -out cacert.der

3.9The files 'client_cert.p12' and 'cacert.der' can now be safely movedto a folder for import onto the XP clients.

Comments are closed.