How to Set Up Dante Server with FreeRADIUS on CentOS 7

Assuming you have already compiled and installed Dante using this guide, we now need to download and compile the PAM RADIUS module:

wget https://vpnextra.com/download/pam_radius-1.3.17.tar.gz

Decompress the package and move it to its directory:

tar xvzf pam_radius-1.3.17.tar.gz

cd pam_radius-1.3.17

Compile it:

make

Now you should have a file called ‘pam_radius_auth.so’ in this directory – you want to move this file to /lib64/security by using the command below:

mv pam_radius_auth.so /lib64/security/pam_radius_auth.so

Create a file called ‘sockd’ under the directory and enter these two lines into it:

auth    sufficient      /lib64/security/pam_radius_auth.so
account sufficient      /lib64/security/pam_radius_auth.so

Now save it and move this file into the following directory:

/etc/pam.d/

Create a file called sockd.conf under /etc/ and enter the below configuration, be sure to backup any current config you have already setup:

logoutput: stderr

internal: eth0 port = 1080
internal: 127.0.0.1 port = 1080
external: eth0

method: pam
user.privileged    : root
user.notprivileged : sockd

client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: error # connect disconnect
}
pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
protocol: tcp udp
log: error # connect disconnect
}

Change eth0 to match your server interface name and save the config file.

Create a directory called raddb in /etc/

cd /etc/
mkdir raddb

You also want to create a file called server and place this into the folder you just created:

cd /etc/raddb/
touch server

Edit the file server and add the following:

your_radius_server_ip your_radius_secret 3

So it would look something like this:

123.123.123.123 myradiussecret 3

Save it.

We need to add an unprivileged user for Dante by the name of sockd by adding the user using the following commands:

adduser sockd
passwd sockd

After that, it’s time to start Dante by using the following command – this will also start Dante in debug so you can check for any issues:

sockd -f /etc/sockd.conf -d1

Now you should have Dante running on port 1080, authenticating off your FreeRADIUS database – please also note we disabled Dante logs in the config since they seem to grow very big very quickly when quite a few users are using it.

Leave a reply:

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.