平台centos6.5 x86_64
1,安装源并更新
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum update -y
2,安装相关库
yum -y install wget expat-devel gcc make gmp-devel gmp pkgconfig perl libpcap gcc-c++ logrotate tar cpio gawk flex bison bison-devel lsof libpcap-devel patch openssl openssl-devel libgcrypt* crypt* autoconf automake libtasn1-devel zlib zlib-devel trousers trousers-devel texinfo libnl-devel libnl dbus dbus-devel ncurses-devel readline-devel libtool-ltdl libtalloc* hiredis* redhat-lsb python
3,安装Mysql
rpm -Uvh http://dev.mysql.com/get/mysql-community-release-el6-5.noarch.rpm
yum install -y mysql-community-server mysql-devel
chkconfig mysqld on
service mysqld start
mysql_secure_installation设置root密码、移除test数据库
4,编译安装freeradius
wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.2.9.tar.gz
tar zxvf freeradius-server-2.2.9.tar.gz
cd freeradius-server-2.2.9
./configure
make && make install
5,测试
vi /usr/local/etc/raddb/users
找到这一行
#steve Cleartext-Password:="testing"
将前面的#去掉
steve Cleartext-Password := "testing"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 172.16.3.33,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = "std.ppp",
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP
调试模式命令:
radiusd -X
提示Refusing to start with libssl version OpenSSL 1.0.1e-fips
vi /usr/local/etc/raddb/radiusd.conf
找到allow_vulnerable_openssl = no,修改成allow_vulnerable_openssl = yes
再次启动radiusd -X 最后显示Ready to process requests.说明服务成功启动
新打开一个终端
终端输入命令:radtest steve testing localhost 0 testing123
获得结果:
Sent Access-Request Id 50 from 0.0.0.0:34461 to 127.0.0.1:1812 length 75
User-Name = "steve"
User-Password = "testing"
NAS-IP-Address = 106.186.116.69
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "testing"
Received Access-Accept Id 50 from 127.0.0.1:1812 to 0.0.0.0:0 length 71
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 172.16.3.33
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = Broadcast-Listen
Filter-Id = "std.ppp"
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
accept!貌似成了
6,让radius和mysql融合
vi /usr/local/etc/raddb/radiusd.conf
$INCLUDE sql.conf 去掉该行注释
vi /usr/local/etc/raddb/sql.conf 定义连接数据库用户名和密码
database = "mysql"
login = "radius"
password = "radpass"
vi /usr/local/etc/raddb/sites-available/default
将authorize,accounting,session,post_auth段的sql关键字前的注释去掉,如:
post-auth {
....
sql
....
Post-Auth-Type REJECT {
# Login failed: log to SQL database.
sql
}
}
输入mysql -u root -p,输入密码
1)建立数据库并导入radius数据结构
mysql>create database radius;
mysql>grant all on radius.* to 'radius'@'localhost' identified by 'radpass';
mysql>flush privileges;
# mysql -u root -p radius < /usr/local/etc/raddb/sql/mysql/schema.sql
# mysql -u root -p radius < /usr/local/etc/raddb/sql/mysql/nas.sql
# mysql -u root -p radius < /usr/local/etc/raddb/sql/mysql/ippool.sql
# mysql -u root -p radius < /usr/local/etc/raddb/sql/mysql/wimax.sql
2)建立组(在此新建组名称为user)
mysql>use radius;
mysql>insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local');
mysql>insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type',':=','Framed-User');
mysql>insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Address',':=','255.255.255.255');
mysql>insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask',':=','255.255.255.0');
3)建立用户(在此新建用户名为test,密码为testpwd)
mysql>insert into radcheck (username,attribute,op,value) values ('test','Cleartext-Password',':=','testpwd');
4)将用户加入组中:
mysql>insert into radusergroup (username,groupname) values ('test','user');
mysql>exit
测试:radiusd -X,在另一终端执行radtest test testpwd localhost 1812 testing123
获得结果
Sending Access-Request of id 247 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "testpwd"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=247, length=38
Service-Type = Framed-User
Framed-IP-Address = 255.255.255.255
Framed-IP-Netmask = 255.255.255.0
Accept!说明成了。
接下来加需要认证的服务器,比如
vi /usr/local/etc/raddb/clients.conf
[root@localhost raddb]# vi clients.conf
追加
client 192.168.10.8{
secret = testing123(认证的密钥)
shortname = jp01
}
认证去吧。。。^_^
来源:oschina
链接:https://my.oschina.net/u/2404183/blog/758093