支持IPv6的Radius服务器的配置过程
摘要:
本文描述了Linux中支持IPv6的Radius服务器的配置过程,由于没有相关的客户端设备去验证,最
后的环境有待确认。
关键字:
Radiusv6 Linux
正文:
一、 系统环境准备
1、 所用软件:freeradius-server-2.1.7,系统为Centos5.1 2、 FreeRadius需要openssl支持,需安装openssl,采用如下命令检查是否安装openssl
# rpm -qa | grep openssl
openssl-0.9.8b-8.3.el5_0.2
openssl-devel-0.9.8b-8.3.el5_0.2
openssl097a-0.9.7a-9.el5_2.1
如果缺少则在光盘中到相关的安装包进行安装
二、 FreeRadius安装
下载freeradius-server-2.1.7.tar.bz2,进入安装包所在目录,依次执行如下命令:
# tar xvf freeradius-server-2.1.7.tar.bz2
# cd freeradius-server-2.1.7
# ./configure
# make
# make install
三、 FreeRadius配置
对于FreeRadius的配置,主要是启用其IPv6的支持,FreeRadius目前做的很奇怪,它IPv4和IPv6不
能同时启用,要么启用IPv4,要么启用Ipv6。
编辑/usr/local/etc/f文件,将listen里面的IPv4配置禁用,将IPv6启用
# vi /usr/local/etc/f
listen {
# Type of packets to listen for.
# Allowed values are:
# auth listen for authentication packets
# acct listen for accounting packets
第1页 共7页
# proxy IP to use for sending proxied packets
radius软件
# detail Read from the detail file. For examples, see
# raddb/sites-available/copy-acct-to-home-server
# status listen for Status-Server packets. For examples,
# see raddb/sites-available/status
# coa listen for CoA-Request and Disconnect-Request
# packets. For examples, see the file
# raddb/sites-available/coa-server
#
type = auth
# Note: "type = proxy" lets you control the source IP used for
# proxying packets, with some limitations:
#
# * A proxy listener CANNOT be used in a virtual server section.
# * You should probably set "port = 0".
# * Any "clients" configuration will be ignored.
#
# See f, and the "src_ipaddr" configuration entry
# in the sample "home_server" section. When you specify the
# source IP address for packets sent to a home server, the
# proxy listeners are automatically created.
# IP address on which to listen.
# Allowed values are:
# dotted quad (1.2.3.4)
# hostname (ample)
# wildcard (*)
# ipaddr = * //此处将其注释掉
# OR, you can use an IPv6 address, but not both
# at the same time.
ipv6addr = :: # any. ::1 == localhost //此处将其启用
# Port on which to listen.
# Allowed values are:
# integer port number (1812)
# 0 means "use /etc/services for the proper port"
port = 0
# Some systems support binding to an interface, in addition
# to the IP address. This feature isn't strictly necessary,
# but for sites with many IP addresses on one interface,
# it's useful to say "listen on all addresses for eth0".
#
第2页 共7页
# If your system does not support this feature, you will
# get an error if you try to use it.
#
# interface = eth0
# Per-socket lists of clients. This is a very useful feature.
#
# The name here is a reference to a section elsewhere in
# f, f. Having the name as
# a reference allows multiple sockets to use the same
# set of clients.
#
# If this configuration is used, then the global list of clients
# is IGNORED for this "listen" section. Take care configuring
# this feature, to ensure you don't accidentally disable a
# client you need.
#
# f for the configuration of "per_socket_clients".
#
# clients = per_socket_clients
}
# This second "listen" section is for listening on the accounting # port, too.
#
listen {
# ipaddr = * //此处将其注释掉
ipv6addr = :: //此处将其启用
port = 0
type = acct
# interface = eth0
# clients = per_socket_clients

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。