FreeRADIUS服务端安装
1.1、下载、编译、安装
wget -c ftp:///pub/freeradius/freeradius-server-2.1.
# tar zxf freeradius-server-2.1.
# cd freeradius-server-2.1.11
# ./configure
# make && make install
# tar zxf freeradius-server-2.1.
# cd freeradius-server-2.1.11
# ./configure
# make && make install
1.2、基本文件的测试
测试是否安装成功,如果不需要与mysql集成,那么就已安装完成。
# vim /usr/local/etc/raddb/users
查 steveCleartext-Password := "testing", 取消该段内容的注释。# 大写X,意思是以debug模式运行。
/usr/local/sbin/radiusd -X
# vim /usr/local/etc/raddb/users
查 steveCleartext-Password := "testing", 取消该段内容的注释。# 大写X,意思是以debug模式运行。
/usr/local/sbin/radiusd -X
#新开一个窗口执行,看到 "Access-Accept packet" 表示成功了,"Access-Reject" 表示失败了。
/usr/local/bin/radteststeve testing localhost 0 testing123
/usr/local/bin/radteststeve testing localhost 0 testing123
Define a User and Password
Edit /etc/raddb/users and create an example user account as the first entry. i.e. at the top of the file, such as:
testingCleartext-Password := "password"
二.配置模块支持
2.1、启用MySQL模块支持
# 查"f”(683行),去掉#号
vim /usr/local/etc/f
vim /usr/local/etc/f
Oracle支持
回到之前解压的freeradius-server-2.1.12目录里
# cd ~/freeradius-server-2.1.12/src/modules/rlm_sql/drivers/rlm_sql_oracle
# ./configure --with-oracle-include-dir=${ORACLE_HOME}/rdbms/public --with-oracle-lib-dir=${ORACLE_HOME}/lib
# cd ~/freeradius-server-2.1.12/src/modules/rlm_sql/drivers/rlm_sql_oracle
# ./configure --with-oracle-include-dir=${ORACLE_HOME}/rdbms/public --with-oracle-lib-dir=${ORACLE_HOME}/lib
2.2、创建 radius 数据库及表
# 123456是你mysql的root密码
mysqladmin -uroot -p123456 create radius;
mysqladmin -uroot -p123456 create radius;
#修改radius帐号的密码
cd /usr/local/etc/raddb/sql/mysql
sed -i 's/radpass/123456/g' admin.sql
sed -i 's/radpass/123456/g' /usr/local/etc/f
cd /usr/local/etc/raddb/sql/mysql
sed -i 's/radpass/123456/g' admin.sql
sed -i 's/radpass/123456/g' /usr/local/etc/f
mysql -uroot -p123456 <admin.sql
mysql -uroot -p123456 radius <ippool.sql
mysql -uroot -p123456 radius <ippool.sql
mysql -uroot -p123456 radius <schema.sql
mysql -uroot -p123456 radius <wimax.sql
mysql -uroot -p123456 radius <cui.sql
mysql -uroot -p123456 radius <nas.sql
mysql -uroot -p123456 radius <wimax.sql
mysql -uroot -p123456 radius <cui.sql
mysql -uroot -p123456 radius <nas.sql
插入一些测试数据:
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type','=','Framed-User');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask','=','255.255.255.255');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask',':=','255.255.255.0');
然后加入用户信息:
mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('geng', 'Password', 'peng');
然后把用户加到组里:
mysql> insert into radusergroup(username,groupname) values('geng','user');
mysql> select * from radcheck where UserName='geng';
1.编辑/etc/f
mysql用户名,密码根据自己的情况填写
第88行取消readclients = yes 前的注释
2.编辑/etc/raddb/sites-enabled/default
第145 行files前加注释
第152 行取消sql前的注释
第342 行取消sql前的注释
mysql用户名,密码根据自己的情况填写
第88行取消readclients = yes 前的注释
2.编辑/etc/raddb/sites-enabled/default
第145 行files前加注释
第152 行取消sql前的注释
第342 行取消sql前的注释
3.编辑/etc/raddb/sites-enabled/inner-tunnel
第111 行files前加注释
第118行取消sql前的注释
4.编辑/etc/f
第30行default_eap_type = md5改为default_eap_type = peap
5.编辑/etc/f,加入
第111 行files前加注释
第118行取消sql前的注释
4.编辑/etc/f
第30行default_eap_type = md5改为default_eap_type = peap
5.编辑/etc/f,加入
de>client 192.168.4.3 {
secret = tp-link
shortname = test
}de>
secret = tp-link
shortname = test
}de>
注意:
如果出现以下报错
Mon Mar 17 11:09:08 2014 : Error: /usr/local/freeradius/etc/f[22]: Instantiation failed for module "sql"
Mon Mar 17 11:09:08 2014 : Error: /usr/local/freeradius/etc/raddb/sites-enabled/default[177]: Failed to find "sql" in the "modules" section.
Mon Mar 17 11:09:08 2014 : Error: /usr/local/freeradius/etc/raddb/sites-enabled/default[69]: Errors parsing authorize section.
Mon Mar 17 11:09:08 2014 : Error: Failed to load virtual server <default>
修改vi /etc/f加入mysql的lib路径 /usr/local/mysql/lib 。然后执行:
[root@centos6 mysql]# ldconfig
2.3、打开从数据库查询nas支持
默认从 "/usr/local/etc/f" 文件读取,开启后可从数据库nas表读取。
sed -i 's/\#readclients/readclients/g' /usr/local/etc/f
2.4、打开在线人数查询支持
# 查simul_count_query将279-282行注释去掉
vim /usr/local/etc/raddb/sql/f
vim /usr/local/etc/raddb/sql/f
2.5、Oracle数据库支持
配置oracle数据
#su - oracle
-- 创建用户
create user radius identified by radpass;
GRANT CONNECT,RESOURCE,DBA to radius;
--创建表
#mkdir /home/oracle/sqls
将 /usr/local/etc/raddb/sql/oracle/schema.sql 拷贝到 /home/oracle/sql
--修改权限
#chownoracle:oinstall /home/oracle/sqls/schema.sql
#chmod 744 /home/oracle/sqls/schema.sql
#su - oracle
-- 创建用户
create user radius identified by radpass;
GRANT CONNECT,RESOURCE,DBA to radius;
--创建表
#mkdir /home/oracle/sqls
将 /usr/local/etc/raddb/sql/oracle/schema.sql 拷贝到 /home/oracle/sql
--修改权限
#chownoracle:oinstall /home/oracle/sqls/schema.sql
#chmod 744 /home/oracle/sqls/schema.sql
切换到oracle
#su - oracle
$sqlplus radius/radpass@<yoursid>
SQL>start /home/oracle/sqls/schema.sql
SQL>alter table radacct modify groupname null; --非必须,如果报错,不用理会
SQL>CREATE TABLE nas (
id INT PRIMARY KEY,
nasname VARCHAR(128),
shortname VARCHAR(32),
type VARCHAR(30),
ports INT,
secret VARCHAR(60),
server VARCHAR(64),
community VARCHAR(50),
description VARCHAR(200)
)
#su - oracle
$sqlplus radius/radpass@<yoursid>
SQL>start /home/oracle/sqls/schema.sql
SQL>alter table radacct modify groupname null; --非必须,如果报错,不用理会
SQL>CREATE TABLE nas (
id INT PRIMARY KEY,
nasname VARCHAR(128),
shortname VARCHAR(32),
type VARCHAR(30),
ports INT,
secret VARCHAR(60),
server VARCHAR(64),
community VARCHAR(50),
description VARCHAR(200)
)
;
SQL>CREATE SEQUENCE nas_seq START WITH 1 INCREMENT BY 1;
SQL>INSERT INTO radgroupreply VALUES (val, 'user','Service-Type','=','Framed-User');
SQL>INSERT INTO radgroupcheck VALUES (val, 'user','Auth-Type','=','Local');
SQL>INSERT INTO radcheck VALUES (val, 'ora_usr','User-Password','==','ora_pwd');
SQL>INSERT INTO radusergroup VALUES (val, 'ora_usr','user');
SQL>commit;
SQL>exit;
接下来对freeradius进行配置
编辑/usr/local/freeradius/etc/f
SQL>CREATE SEQUENCE nas_seq START WITH 1 INCREMENT BY 1;
SQL>INSERT INTO radgroupreply VALUES (val, 'user','Service-Type','=','Framed-User');
SQL>INSERT INTO radgroupcheck VALUES (val, 'user','Auth-Type','=','Local');
SQL>INSERT INTO radcheck VALUES (val, 'ora_usr','User-Password','==','ora_pwd');
SQL>INSERT INTO radusergroup VALUES (val, 'ora_usr','user');
SQL>commit;
SQL>exit;
接下来对freeradius进行配置
编辑/usr/local/freeradius/etc/f
# vim /usr/local/freeradius/etc/f
修改配置文件中mysql的帐号及密码
#database = "mysql"
database = "oracle"
# Connection info:
server = “localhost”
port = 1521
login = "radius"
password = "radpass"
#radius_db = "radius"
radius_db = "(DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.18.57.161)
(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = portaldb)))"
编辑/usr/local/etc/raddb/sites-enabled/default
# vim /usr/local/freeradius/etc/raddb/sites-enabled/default
(行数仅供参考,版本不同行数也不同)
170行 files 前加 # 注释
177行 去掉 sql 前 # 注释
406行 去掉 sql 前 # 注释
编辑/usr/local/freeradius/etc/raddb/sites-enabled/inner-tunnel
# vim /usr/local/freeradius/etc/raddb/sites-enabled/inner-tunnel
124行 files 前加 # 注释
131行 去掉 sql 前 # 注释
编辑/usr/local/etc/raddb/sites-enabled/default
# vim /usr/local/freeradius/etc/raddb/sites-enabled/default
(行数仅供参考,版本不同行数也不同)
170行 files 前加 # 注释
177行 去掉 sql 前 # 注释
406行 去掉 sql 前 # 注释
编辑/usr/local/freeradius/etc/raddb/sites-enabled/inner-tunnel
# vim /usr/local/freeradius/etc/raddb/sites-enabled/inner-tunnel
124行 files 前加 # 注释
131行 去掉 sql 前 # 注释
编辑/usr/local/freeradius/etc/f
# vim /usr/local/freeradius/etc/f
去掉700行 $f 前的#注释
三、FreeRADIUS客户端安装与配置
安装mysql时start service失败3.1、编译与安装
安装mysql时start service失败3.1、编译与安装
wget -c ftp:///pub/freeradius/freeradius-client-1.1.
tar -zxf freeradius-client-1.1.
cd freeradius-client-1.1.6
./configure
make && make install
tar -zxf freeradius-client-1.1.
cd freeradius-client-1.1.6
./configure
make && make install
3.2、设置通信密码
cat>>/usr/local/etc/radiusclient/servers<<EOF
localhost testing123
EOF
EOF
其中localhost可以写成服务器IP地址,testing123是认证服务器的连接密码。
注:如果使用的是IP地址,记得同时修改下面设置。
注:如果使用的是IP地址,记得同时修改下面设置。
1
sed -i 's/localhost/192.168.8.129/g' /usr/local/etc/f
sed -i 's/localhost/192.168.8.129/g' /usr/local/etc/f
3.3、增加字典
这一步很重要!否则windows客户端无法连接服务器。
wget -c lecode/files/dictionary.microsoft
mv ./dictionary.microsoft /usr/local/etc/radiusclient/
cat >>/usr/local/etc/radiusclient/dictionary<<EOF
INCLUDE /usr/local/etc/radiusclient/dictionary.sip
INCLUDE /usr/local/etc/radiusclient/dictionary.ascend
mv ./dictionary.microsoft /usr/local/etc/radiusclient/
cat >>/usr/local/etc/radiusclient/dictionary<<EOF
INCLUDE /usr/local/etc/radiusclient/dictionary.sip
INCLUDE /usr/local/etc/radiusclient/dictionary.ascend
INCLUDE /usr/local/etc/it
INCLUDE /usr/local/etc/radiusclient/dictionarypat
INCLUDE /usr/local/etc/radiusclient/dictionary.microsoft
EOF
INCLUDE /usr/local/etc/radiusclient/dictionarypat
INCLUDE /usr/local/etc/radiusclient/dictionary.microsoft
EOF
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论