Assuming you have already compiled and installed Dante using this guide, we now need to download and compile the PAM RADIUS module:
wget https://vpnextra.com/download/pam_radius-1.3.17.tar.gz
Decompress the package and move it to its directory:
tar xvzf pam_radius-1.3.17.tar.gz
cd pam_radius-1.3.17
Compile it:
make
Now you should have a file called ‘pam_radius_auth.so’ in this directory – you want to move this file to /lib64/security by using the command below:
mv pam_radius_auth.so /lib64/security/pam_radius_auth.so
Create a file called ‘sockd’ under the directory and enter these two lines into it:
auth sufficient /lib64/security/pam_radius_auth.so
account sufficient /lib64/security/pam_radius_auth.so
Now save it and move this file into the following directory:
/etc/pam.d/
Create a file called sockd.conf under /etc/ and enter the below configuration, be sure to backup any current config you have already setup:
logoutput: stderr
internal: eth0 port = 1080
internal: 127.0.0.1 port = 1080
external: eth0
method: pam
user.privileged : root
user.notprivileged : sockd
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: error # connect disconnect
}
pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
protocol: tcp udp
log: error # connect disconnect
}
Change eth0 to match your server interface name and save the config file.
Create a directory called raddb in /etc/
cd /etc/
mkdir raddb
You also want to create a file called server and place this into the folder you just created:
cd /etc/raddb/
touch server
Edit the file server and add the following:
your_radius_server_ip your_radius_secret 3
So it would look something like this:
123.123.123.123 myradiussecret 3
Save it.
We need to add an unprivileged user for Dante by the name of sockd by adding the user using the following commands:
adduser sockd
passwd sockd
After that, it’s time to start Dante by using the following command – this will also start Dante in debug so you can check for any issues:
sockd -f /etc/sockd.conf -d1
Now you should have Dante running on port 1080, authenticating off your FreeRADIUS database – please also note we disabled Dante logs in the config since they seem to grow very big very quickly when quite a few users are using it.