View Source

Instruction was written for Ubuntu 20.04.3 LTS (Focal Fossa) and older

Installation according to this instruction on Ubuntu 20+ you need to install percona mysql 5.7

Install the required software for Percona Mysql 
sudo apt install curl gnupg2 -y
cd /tmp
Then download the file with the repository
wget https://repo.percona.com/apt/percona-release_latest.$(lsb_release -sc)_all.deb
Install sudo dpkg -i percona-release_latest.$(lsb_release -sc)_all.deb sudo apt update

The only options selected during installation are:

standart system utilities
OpenSSH Server

Work in the console, switch to root:

sudo su

Update the system and packages

Reboot and install packages MySQL, apache2 and perl libraries

apt-get install -yq percona-server-server-5.7 percona-server-client-5.7 libmysqlclient-dev apache2 apache2-utils libexpat1 ssl-cert

Download ABillS

At the time of writing, the latest version 0.92.05 (Check)

cd /usr
wget https://sourceforge.net/projects/abills/files/abills/0.92/abills-0.92.05.tgz 
tar zxvf abills-0.92.05.tgz  
cp /usr/abills/libexec/config.pl.default /usr/abills/libexec/config.pl

Change the configuration file /usr/abills/libexec/config.pl

#DB configuration 
$conf{dbhost}='localhost';
$conf{dbname}='abills'; 
$conf{dbuser}='abills';
$conf{dbpasswd}='sqlpassword'; #change to your password
$conf{ADMIN_MAIL}='info@your.domain'; 
$conf{USERS_MAIL_DOMAIN}="your.domain";
# used to encrypt administrator and user passwords.
$conf{secretkey}="test12345678901234567890";

The value of $conf{secretkey} is recommended to be changed from "test12345678901234567890" to a random long string. If you change the value in $conf{secretkey}, change it in the /usr/abills/db/abills.sql file as well

Create missing directories and change permissions:

mkdir /var/log/httpd/
mkdir -p /usr/abills/var/log
touch /usr/abills/var/log/abills.log
chown -Rf www-data:www-data /usr/abills/cgi-bin
chown -Rf www-data:www-data /usr/abills/Abills/templates
chown -Rf www-data:www-data /usr/abills/backup
touch /usr/abills/var/log/sql_errors
chown nobody /usr/abills/var/log/sql_errors
chmod 666 /usr/abills/var/log/sql_errors

Setup Apache

cp /usr/abills/misc/apache/abills_httpd.conf /etc/apache2/sites-enabled/

Create a certificate

/usr/abills/misc/certs_create.sh apache

Run the installed modules for apache:

a2enmod ssl
a2enmod rewrite
a2enmod suexec
a2enmod include
a2enmod cgi

Restart apache:

/etc/init.d/apache2 restart

Setup MySQL

mysql --default-character-set=utf8 -u root -p

GRANT ALL ON abills.* TO `abills`@localhost IDENTIFIED BY "sqlpassword"; -- instead of sqlpassword we substitute our value from $conf{dbpasswd}
CREATE DATABASE abills DEFAULT CHARACTER SET utf8 COLLATE  utf8_general_ci;
quit;

mysql --default-character-set=utf8 -u root -p -D abills < /usr/abills/db/abills.sql

Perl modules

Modules are required for the system work.

cd /usr/abills/misc/ && perl perldeps.pl apt-get -batch

For a better life in the future:

apt-get install -yq cpanminus
apt-get install -yq aptitude

If some modules are not installed, you can install them

cpanm <ModuleName>

For example not installed Digest::SHA1, run:

cpanm Digest::SHA1

Install RADIUS

install the necessary libraries to build freeradius

aptitude install libmysqlclient-dev libgdbm-dev make gcc libtalloc-dev libperl-dev libhiredis-dev

find /usr/lib/ | grep libperl.so 
/usr/lib/x86_64-linux-gnu/libperl.so.5.30
/usr/lib/x86_64-linux-gnu/libperl.so.5.30.0

Make a symlink so that the library is loaded at compile time

 ln -s /usr/lib/x86_64-linux-gnu/libperl.so.5.30 /usr/lib/x86_64-linux-gnu/libperl.so

cd /tmp
wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-3.0.25.tar.gz
tar zxvf freeradius-server-3.0.25.tar.gz
cd freeradius-server-3.0.25
./configure --prefix=/usr/local/freeradius --with-rlm-perl-lib-dir=/usr/lib/x86_64-linux-gnu/ \
 --with-dhcp=yes --with-openssl=no > /dev/null
make && make install

ln -s /usr/local/freeradius/bin/* /usr/bin/
ln -s /usr/local/freeradius/sbin/* /usr/sbin/

mkdir -p /usr/local/freeradius/var/run/radiusd/
chown freerad:freerad /usr/local/freeradius/var/run/radiusd/

In case of build problems, you can use aptitude to resolve all problems

And then choosing n downgrade or fix the package versions !

Working example

sudo aptitude install build-essential
The following NEW packages will be installed:
build-essential g++{a} g++-9{a} libc-dev-bin{a} libc6-dev{ab} libcrypt-dev{a} libstdc++-9-dev{a} linux-libc-dev{a}
0 packages upgraded, 8 newly installed, 0 to remove and 0 not upgraded.
Need to get 13,9 MB of archives. After unpacking 73,2 MB will be used.
The following packages have unmet dependencies:
libc6-dev : Depends: libc6 (= 2.31-0ubuntu9) but 2.31-0ubuntu9.2 is installed
The following actions will resolve these dependencies:

Keep the following packages at their current version:
1) build-essential [Not Installed]
2) g++ [Not Installed]
3) g++-9 [Not Installed]
4) libc6-dev [Not Installed]
5) libstdc++-9-dev [Not Installed]

Accept this solution? [Y/n/q/?] n
The following actions will resolve these dependencies:

Downgrade the following packages:
1) libc6 [2.31-0ubuntu9.2 (now) -> 2.31-0ubuntu9 (focal)]
2) libc6-dbg [2.31-0ubuntu9.2 (now) -> 2.31-0ubuntu9 (focal)]

Accept this solution? [Y/n/q/?] Y
The following packages will be DOWNGRADED:
libc6 libc6-dbg
The following NEW packages will be installed:
build-essential g++{a} g++-9{a} libc-dev-bin{a} libc6-dev{a} libcrypt-dev{a} libstdc++-9-dev{a} linux-libc-dev{a}
0 packages upgraded, 8 newly installed, 2 downgraded, 0 to remove and 0 not upgraded.
Need to get 22,3 MB of archives. After unpacking 42,0 MB will be used.
Do you want to continue? [Y/n/?] Y

File for autorun - create and paste the following text into it

nano /etc/init.d/radiusd

#!/bin/sh
#
# radiusd  Start the radius daemon.
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program; if not, write to the Free Software
#    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
#
#    Copyright (C) 2001-2008 The FreeRADIUS Project http://www.freeradius.org
#   chkconfig: - 58 74
#   description: radiusd is service access provider Daemon.
### BEGIN INIT INFO
# Provides: radiusd
# Required-Start: $remote_fs $network $syslog
# Should-Start: mysql radiusd
# Required-Stop: $remote_fs $syslog
# Should-Stop: radiusd
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start and stop radiusd
# Description: radiusd is access provider service Daemon.
### END INIT INFO

prefix=/usr/local/freeradius
exec_prefix=${prefix}
sbindir=${exec_prefix}/sbin
localstatedir=/var
logdir=${localstatedir}/log/radius
rundir=/usr/local/freeradius/var/run/radiusd/
sysconfdir=${prefix}/etc
#
#  If you have issues with OpenSSL, uncomment these next lines.
#
#  Something similar may work for MySQL, and you may also
#  have to LD_PRELOAD libz.so
#
#LD_LIBRARY_PATH=
#LD_RUN_PATH=:
#LD_PRELOAD=libcrypto.so
export LD_LIBRARY_PATH LD_RUN_PATH LD_PRELOAD

RADIUSD=$sbindir/radiusd
RADDBDIR=${sysconfdir}/raddb
RADIUS_USER='freerad'
DESC="FreeRADIUS"

#
#  See 'man radiusd' for details on command-line options.
#
ARGS=""

test -f $RADIUSD || exit 0
test -f $RADDBDIR/radiusd.conf || exit 0

if [ ! -d $rundir ] ; then
    mkdir $rundir
    chown ${RADIUS_USER}:${RADIUS_USER} $rundir
    chmod 775 $rundir
fi

if [ ! -d $logdir ] ; then
    mkdir $logdir
    chown ${RADIUS_USER}:${RADIUS_USER} $logdir
    chmod 770 $logdir
    chmod g+s $logdir
fi

if [ ! -f $logdir/radius.log ]; then
        touch $logdir/radius.log
fi

chown ${RADIUS_USER}:${RADIUS_USER} $logdir/radius.log
chown -R ${RADIUS_USER}:${RADIUS_USER} /usr/local/freeradius/etc/raddb
chown -R ${RADIUS_USER}:${RADIUS_USER} ${rundir}/..
chmod 660 $logdir/radius.log

case "$1" in
  start)
  echo -n "Starting $DESC:"
  $RADIUSD $ARGS
  echo "radiusd"
  ;;
  stop)
  [ -z "$2" ] && echo -n "Stopping $DESC: "
        [ -f $rundir/radiusd.pid ] && kill -TERM `cat $rundir/radiusd.pid`
  [ -z "$2" ] && echo "radiusd."
  ;;
  reload|force-reload)
  echo "Reloading $DESC configuration files."
  [ -f $rundir/radiusd.pid ] && kill -HUP `cat $rundir/radiusd.pid`
  ;;
  restart)
  sh $0 stop quiet
  sleep 3
  sh $0 start
  ;;
  check)
  $RADIUSD -CX $ARGS
  exit $?
  ;;
  *)
        echo "Usage: /etc/init.d/$RADIUS {start|stop|reload|restart|check}"
        exit 1
        stop
        ;;
  status)
        status \$prog
        ;;
  restart|force-reload)
        stop
        start
        ;;
  try-restart|condrestart)
        if status \$prog > /dev/null; then
            stop
            start
        fi
        ;;
  reload)
        exit 3
        ;;
  *)
        echo \$"Usage: \$0 {start|stop|status|restart|try-restart|force-reload}"
        exit 2
esac

chmod +x /etc/init.d/radiusd
update-rc.d radiusd defaults
update-rc.d radiusd enable

rm /usr/local/freeradius/etc/raddb/sites-enabled/*
cp /usr/abills/misc/freeradius/v3/mods-enabled/perl /usr/local/freeradius/etc/raddb/mods-enabled/perl
cp /usr/abills/misc/freeradius/v3/mods-enabled/sql /usr/local/freeradius/etc/raddb/mods-enabled/sql
cp /usr/abills/misc/freeradius/v3/sites-enabled/abills_default /usr/local/freeradius/etc/raddb/sites-enabled/abills_default
cp /usr/abills/misc/freeradius/v3/sites-enabled/control-socket /usr/local/freeradius/etc/raddb/sites-enabled/control-socket
cp /usr/abills/misc/freeradius/v3/users /usr/local/freeradius/etc/raddb/users

Change in radius config

nano /usr/local/freeradius/etc/raddb/radiusd.conf

  prefix = /usr/local/freeradius
  
  user = freerad
  group = freerad

Thanks to the sql module, you can store access servers in the database (you still need to restart the radius after adding/changing servers, but you don't need to edit clients.conf).
We clear the list of access servers from /usr/local/freeradius/etc/raddb/clients.conf (so that there are no duplicates due to entries in the database)

echo '' > /usr/local/freeradius/etc/raddb/clients.conf
cp /usr/abills/misc/freeradius/v3/mods-enabled/sql /usr/local/freeradius/etc/raddb/mods-enabled/

Fill the database connection parameters we need

nano  /usr/local/freeradius/etc/raddb/mods-enabled/sql

sql {
        database = "mysql"
        driver = "rlm_sql_${database}"
        server = "localhost"
        port = 3306
        login = "abills"
        password = "sqlpassword"  #instead of sqlpassword we substitute our value from $conf{dbpasswd}
        radius_db = "abills"    
      
At the end of the file
         '%secretkey%' меняем на ваше значение, которое записано в $conf{secretkey}

Create user and group (if freeradius has not been installed before, it won't start without it)

groupadd freerad
useradd -g freerad -s /bash/bash freerad

chown -R freerad:freerad /usr/local/freeradius/etc/raddb
mkdir /var/run/radiusd/
chown -R freerad:freerad /var/run/radiusd/

start in debug mode

radiusd -X

If it starts without errors, run

service radiusd start

After install Abills

Wite periodic processes

*/5  *      *    *     *   root   /usr/abills/libexec/billd -all
1     0     *    *     *   root    /usr/abills/libexec/periodic daily
1     1     *    *     *   root    /usr/abills/libexec/periodic monthly

touch /usr/abills/var/log/sql_errors && chmod 666 /usr/abills/var/log/sql_errors

Add links to gzip and mysqldump to create database backups:

ln -s /bin/gzip /usr/bin/gzip
ln -s /usr/bin/mysqldump /usr/local/bin/mysqldump

Web admin interface: (IP address can be found using ip a)

https://your.host:9443/admin/

Default administrator login abills password abills

Web interface for users:

https://your.host:9443/

Check

To check if the service is configured correctly, you need to run the radtest utility by specifying the login and password of an existing user.

apt-get install freeradius-utils

Login: test Password: 123456

radtest test 123456 127.0.0.1:1812 0 secretpass 0 127.0.0.1

If everything is configured correctly, in the error log Report>Internet>Last connection, the line should appear

2014-12-23 12:55:55 LOG_INFO: AUTH [test] NAS: 1 (xxx.xxx.xxx.xxx) GT: 0.03799

If the error log is empty, then communication with the RADIUS server is not properly configured (go through the FreeRadius section again).