freeradius安装和配置

混江龙づ霸主 提交于 2019-12-08 20:56:45
注意:freeradius装完非常大,有几百兆

 
   软件准备
[root@nm freeradius-server-2.1.1]# rpm -qa | grep openssl
openssl-0.9.7a-43.10
openssl-devel-0.9.7a-43.10
xmlsec1-openssl-1.2.6-3
[root@vmmac fprobe-1.1]# rpm -qa | grep ldap
openldap-2.2.13-6.4E
openldap-devel-2.2.13-6.4E
openldap-clients-2.2.13-6.4E
nss_ldap-226-13
openldap-servers-2.2.13-6.4E
freeradius-server-2.1.1.tar.gz



   freeradius 安装
[root@nm freeradius-server-2.1.1]# ./configure
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h
会装很长时间,接近1小时
[root@nm freeradius-server-2.1.1]# make
Making all in rfc...
gmake[4]: Entering directory`/usr/local/src/freeradius-server-2.1.1/doc/rfc'
gmake[4]: Nothing to be done for `all'.
gmake[4]: Leaving directory`/usr/local/src/freeradius-server-2.1.1/doc/rfc'
gmake[3]: Leaving directory`/usr/local/src/freeradius-server-2.1.1/doc'
gmake[2]: Leaving directory`/usr/local/src/freeradius-server-2.1.1/doc'
gmake[1]: Leaving directory`/usr/local/src/freeradius-server-2.1.1'
[root@nm freeradius-server-2.1.1]# make install
done
gmake[4]: Leaving directory`/usr/local/src/freeradius-server-2.1.1/doc/rfc'
gmake[3]: Leaving directory`/usr/local/src/freeradius-server-2.1.1/doc'
gmake[2]: Leaving directory`/usr/local/src/freeradius-server-2.1.1/doc'
gmake[1]: Leaving directory`/usr/local/src/freeradius-server-2.1.1'
Installing dictionary files in /usr/local/share/freeradius
/usr/local/src/freeradius-server-2.1.1/libtool --finish/usr/local/lib
PATH="$PATH:/sbin" ldconfig -n /usr/local/lib



   安装后的第一次运行radiusd -X
安装后可以不进行任何配置,直接起daemon,直接进行loopback测试。
因为radius缺省配置就是支持本地daemon,本地client(loopback client)
The first time after installation, you should run the serveras
"root". Thiswill cause the server to create the certificatesit
needs for EAP.
 第一次启动,应该在root下运行radiusd-X这将使server建立EAP所需的 certificates
$ radiusd –X  注意是大写X
Once that is done, the server can be run from an unpriviledgeduser
account.
  这个步骤做完后,server就能从非特权用户启动了

[root@nm local]# radiusd -X
FreeRADIUS Version 2.1.1, for host i686-pc-linux-gnu, built on Oct29 2008 at 10:27:47
Copyright (C) 1999-2008 The FreeRADIUS server project andcontributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FORA
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms ofthe
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file/usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file/usr/local/etc/raddb/clients.conf
including files in directory /usr/local/etc/raddb/modules/
。。。
Listening on authenticationaddress * port 1812
Listening on accounting address *port 1813
Listening on proxy address * port1814
Ready to processrequests.
从另一个窗口 看log
[root@nm ~]# cat /usr/local/var/log/radius/radius.log
Wed Oct 29 11:23:25 2008 : Error: rlm_eap: SSL errorerror:02001002:system library:fopen:No such file or directory
Wed Oct 29 11:23:25 2008 : Error: rlm_eap_tls: Error readingcertificate file /usr/local/etc/raddb/certs/server.pem
Wed Oct 29 11:23:25 2008 : Error: rlm_eap: Failed to initializetype tls
Wed Oct 29 11:23:25 2008 : Error:/usr/local/etc/raddb/eap.conf[17]: Instantiation failed for module"eap"
Wed Oct 29 11:23:25 2008 : Error:/usr/local/etc/raddb/sites-enabled/inner-tunnel[223]: Failed tofind module "eap".
Wed Oct 29 11:23:25 2008 : Error:/usr/local/etc/raddb/sites-enabled/inner-tunnel[176]: Errorsparsing authenticate section.
Wed Oct 29 11:23:25 2008 : Error: Errors initializing modules
初次起动会出eap error
随后再重起一次radiusd,不加-X
[root@nm local]# radiusd &
[1] 2419
从另一个窗口看log
[root@nm ~]# cat /usr/local/var/log/radius/radius.log

再次启动就只有一条新log,没有error了
Wed Oct 29 13:09:48 2008 : Info: Ready to process requests.


    radius 启动的特征
[root@nm ~]# ps -ef | grep radiusd
root     2420    1  0 13:10?       00:00:00 radiusd
[root@nm ~]# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q LocalAddress              ForeignAddress            State     
tcp       0     00.0.0.0:21                 0.0.0.0:*                  LISTEN     
tcp       0     00.0.0.0:23                 0.0.0.0:*                  LISTEN     
tcp       0     010.4.3.117:23              10.4.3.119:1058            ESTABLISHED
tcp       0    14610.4.3.117:23              10.4.3.119:4471            ESTABLISHED
tcp       0     0:::80                  
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!