Differences

This shows you the differences between two versions of the page.

--- deployment:network:freeradius:install-debian13-sql [2026/04/03 19:41] – [Install MariaDB dan konfigurasi database untuk FreeRadius] ilyasa
+++ deployment:network:freeradius:install-debian13-sql [2026/04/05 17:21] (current) – ilyasa
@@ Line 2: / Line 2: @@
 ===== Install FreeRadius =====
-Install FreeRadius Packages dan depedensi yang dibutuhkan.
+  * Install FreeRadius Packages dan depedensi yang dibutuhkan.
 <code>
 sudo apt -y install freeradius freeradius-mysql freeradius-utils -y
 </code>
-Test service FreeRadius dapat berjalan
+  * Test service FreeRadius dapat berjalan
 <code>
 root@radiusdev:~# systemctl status freeradius
@@ Line 29: / Line 29: @@
 ==== Install MariaDB dan konfigurasi database untuk FreeRadius ====
   * Install MariaDB Sever
-<code>
+<code bash>
 sudo apt -y install mariadb-server
 </code>
+  * Secure MariaDB database dengan mariadb Wizards
+<code bash>
+mariadb-secure-installation
+</code>
+<hidden Jika Bingung sesuaikan dengna berikut>
+<code bash>
+root@radiusdev:~# mariadb-secure-installation
+NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
+      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
+In order to log into MariaDB to secure it, we'll need the current
+password for the root user. If you've just installed MariaDB, and
+haven't set the root password yet, you should just press enter here.
+Enter current password for root (enter for none):  [ENTER]
+OK, successfully used password, moving on...
+Setting the root password or using the unix_socket ensures that nobody
+can log into the MariaDB root user without the proper authorisation.
+You already have your root account protected, so you can safely answer 'n'.
+Switch to unix_socket authentication [Y/n] [n]
+ ... skipping.
+You already have your root account protected, so you can safely answer 'n'.
+Change the root password? [Y/n] [Y]
+New password:
+Re-enter new password:
+Password updated successfully!
+Reloading privilege tables..
+ ... Success!
+By default, a MariaDB installation has an anonymous user, allowing anyone
+to log into MariaDB without having to have a user account created for
+them.  This is intended only for testing, and to make the installation
+go a bit smoother.  You should remove them before moving into a
+production environment.
+Remove anonymous users? [Y/n] [Y]
+ ... Success!
+Normally, root should only be allowed to connect from 'localhost'.  This
+ensures that someone cannot guess at the root password from the network.
+Disallow root login remotely? [Y/n] [Y]
+ ... Success!
+By default, MariaDB comes with a database named 'test' that anyone can
+access.  This is also intended only for testing, and should be removed
+before moving into a production environment.
+Remove test database and access to it? [Y/n] [Y]
+ - Dropping test database...
+ ... Success!
+ - Removing privileges on test database...
+ ... Success!
+Reloading the privilege tables will ensure that all changes made so far
+will take effect immediately.
+Reload privilege tables now? [Y/n] [Y]
+ ... Success!
+Cleaning up...
+All done!  If you've completed all of the above steps, your MariaDB
+installation should now be secure.
+Thanks for using MariaDB!
+</code>
+</hidden>
+  * Buat Database Dan User Untuk FreeRadius
+<code bash>
+sudo mysql -u root
+</code>
+<code sql>
+CREATE DATABASE radius;
+CREATE USER 'radius'@'localhost' IDENTIFIED by 'PasswordYangKuat123';
+GRANT ALL PRIVILEGES ON radius.* TO 'radius'@'localhost';
+FLUSH PRIVILEGES;
+quit;
+</code>
+  * import SQL schema file ke Database yang kita buat sebelumnya.
+<code bash>
+sudo mysql -u root -p radius < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql
+</code>
+  *  Enable SQL module pada FreeRADIUS.
+<code bash>
+sudo ln -s /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-enabled/
+</code>
+  * Edit Module SQL Untuk Dapat terhubung dengan Database yang telah kita buat
+<code bash>
+sudo nano /etc/freeradius/3.0/mods-enabled/sql
+</code>
+  * Ubah opsi database dari sqlite (default) ke mysql(mariadb)
+<code bash>
+# Rubah
+        dialect = "sqlite"
+# Ke
+        dialect = "mysql"
+</code>
+  * coment ''driver = "rlm_sql_null"''
+<code bash>
+        driver = "rlm_sql_null"
+#       driver = "rlm_sql_${dialect}"
+</code>
+  * uncoment ''driver = "rlm_sql_${dialect}"''
+<code bash>
+        driver = "rlm_sql_null"
+#       driver = "rlm_sql_${dialect}"
+</code>
+  * Sebab koneksi database bersifat local configurasi tls dapat di comment
+{{ :deployment:network:freeradius:mysql-no-tls-freeradius.png?nolink |}}
+  * Uncomment connection info dan ganti sesuai dbname dan passwrod yang telah dibuat
+{{ :deployment:network:freeradius:connection_info-sql-freeradius.png?nolink&1000 |}}
+==== Running Test ====
+=== Menambahkan RADIUS User ke Database ===
+<code bash>
+mysql -u root -p
+</code>
+<code sql>
+USE radius;
+-- Add user with plain-text password (Cleartext-Password)
+INSERT INTO radcheck (username, attribute, op, value)
+VALUES ('ilyasa', 'Cleartext-Password', ':=', 'pass123');
+-- Optional: add user to a group
+INSERT INTO radusergroup (username, groupname, priority)
+VALUES ('testuser', 'users', 1);
+</code>
+==== Run FreeRadius dengan Debug Mode ====
+<code>
+# Stop and start clean
+sudo systemctl restart freeradius
+# Or run in debug mode (recommended for first test)
+sudo systemctl stop freeradius
+sudo radiusd -X
+</code>