centos6.5下安装freeradius2.2.9+mysql

南笙酒味 提交于 2019-12-07 02:12:49

平台centos6.5 x86_64

1,安装源并更新
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum update -y


2,安装相关库
yum -y install wget expat-devel gcc make gmp-devel gmp pkgconfig perl libpcap gcc-c++ logrotate tar cpio gawk flex bison bison-devel lsof libpcap-devel patch openssl openssl-devel libgcrypt* crypt* autoconf automake libtasn1-devel zlib zlib-devel trousers trousers-devel texinfo libnl-devel libnl dbus dbus-devel ncurses-devel readline-devel libtool-ltdl libtalloc* hiredis* redhat-lsb python


3,安装Mysql

rpm -Uvh http://dev.mysql.com/get/mysql-community-release-el6-5.noarch.rpm
yum install -y mysql-community-server mysql-devel
chkconfig mysqld on
service mysqld start
mysql_secure_installation设置root密码、移除test数据库

4,编译安装freeradius

wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.2.9.tar.gz

tar zxvf freeradius-server-2.2.9.tar.gz 

cd freeradius-server-2.2.9

./configure

make && make install

5,测试

vi /usr/local/etc/raddb/users

找到这一行
#steve Cleartext-Password:="testing" 

将前面的#去掉
steve   Cleartext-Password := "testing"
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 172.16.3.33,
        Framed-IP-Netmask = 255.255.255.0,
        Framed-Routing = Broadcast-Listen,
        Framed-Filter-Id = "std.ppp",
        Framed-MTU = 1500,
        Framed-Compression = Van-Jacobsen-TCP-IP
 
调试模式命令:
radiusd -X

提示Refusing to start with libssl version OpenSSL 1.0.1e-fips

vi /usr/local/etc/raddb/radiusd.conf

找到allow_vulnerable_openssl = no,修改成allow_vulnerable_openssl = yes

再次启动radiusd -X 最后显示Ready to process requests.说明服务成功启动

新打开一个终端
终端输入命令:radtest steve testing localhost 0 testing123

获得结果:

Sent Access-Request Id 50 from 0.0.0.0:34461 to 127.0.0.1:1812 length 75
        User-Name = "steve"
        User-Password = "testing"
        NAS-IP-Address = 106.186.116.69
        NAS-Port = 0
        Message-Authenticator = 0x00
        Cleartext-Password = "testing"
Received Access-Accept Id 50 from 127.0.0.1:1812 to 0.0.0.0:0 length 71
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-IP-Address = 172.16.3.33
        Framed-IP-Netmask = 255.255.255.0
        Framed-Routing = Broadcast-Listen
        Filter-Id = "std.ppp"
        Framed-MTU = 1500
        Framed-Compression = Van-Jacobson-TCP-IP

accept!貌似成了

6,让radius和mysql融合

vi /usr/local/etc/raddb/radiusd.conf 
$INCLUDE  sql.conf 去掉该行注释

vi /usr/local/etc/raddb/sql.conf 定义连接数据库用户名和密码
database = "mysql"
login = "radius"
password = "radpass"

vi /usr/local/etc/raddb/sites-available/default
将authorize,accounting,session,post_auth段的sql关键字前的注释去掉,如:

post-auth {
  ....
  sql
  .... 
  Post-Auth-Type REJECT {
      # Login failed: log to SQL database.
      sql
  }
}

输入mysql -u root -p,输入密码
1)建立数据库并导入radius数据结构
mysql>create database radius;
mysql>grant all on radius.* to 'radius'@'localhost' identified by 'radpass';
mysql>flush privileges;

# mysql -u root -p radius < /usr/local/etc/raddb/sql/mysql/schema.sql
# mysql -u root -p radius < /usr/local/etc/raddb/sql/mysql/nas.sql
# mysql -u root -p radius < /usr/local/etc/raddb/sql/mysql/ippool.sql
# mysql -u root -p radius < /usr/local/etc/raddb/sql/mysql/wimax.sql

2)建立组(在此新建组名称为user)
mysql>use radius;
mysql>insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local'); 
mysql>insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type',':=','Framed-User'); 
mysql>insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Address',':=','255.255.255.255'); 
mysql>insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask',':=','255.255.255.0');

3)建立用户(在此新建用户名为test,密码为testpwd)
mysql>insert into radcheck (username,attribute,op,value) values ('test','Cleartext-Password',':=','testpwd');

4)将用户加入组中:
mysql>insert into radusergroup (username,groupname) values ('test','user');
mysql>exit

测试:radiusd -X,在另一终端执行radtest test testpwd localhost 1812 testing123
获得结果
Sending Access-Request of id 247 to 127.0.0.1 port 1812
        User-Name = "test"
        User-Password = "testpwd"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 1812
        Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=247, length=38
        Service-Type = Framed-User
        Framed-IP-Address = 255.255.255.255
        Framed-IP-Netmask = 255.255.255.0
Accept!说明成了。

接下来加需要认证的服务器,比如
vi /usr/local/etc/raddb/clients.conf
[root@localhost raddb]# vi clients.conf
追加
client 192.168.10.8{
    secret          = testing123(认证的密钥)
    shortname       = jp01
}
认证去吧。。。^_^

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!