注意:freeradius装完非常大,有几百兆
软件准备
freeradius 安装
安装后的第一次运行radiusd -X
安装后可以不进行任何配置,直接起daemon,直接进行loopback测试。
因为radius缺省配置就是支持本地daemon,本地client(loopback client)
radius 启动的特征
[root@nm freeradius-server-2.1.1]# rpm -qa | grep openssl openssl-0.9.7a-43.10 openssl-devel-0.9.7a-43.10 xmlsec1-openssl-1.2.6-3 |
[root@vmmac fprobe-1.1]# rpm -qa | grep ldap openldap-2.2.13-6.4E openldap-devel-2.2.13-6.4E openldap-clients-2.2.13-6.4E nss_ldap-226-13 openldap-servers-2.2.13-6.4E |
freeradius-server-2.1.1.tar.gz |
freeradius 安装
[root@nm freeradius-server-2.1.1]# ./configure configure: creating ./config.status config.status: creating Makefile config.status: creating config.h 会装很长时间,接近1小时 |
[root@nm freeradius-server-2.1.1]# make Making all in rfc... gmake[4]: Entering directory`/usr/local/src/freeradius-server-2.1.1/doc/rfc' gmake[4]: Nothing to be done for `all'. gmake[4]: Leaving directory`/usr/local/src/freeradius-server-2.1.1/doc/rfc' gmake[3]: Leaving directory`/usr/local/src/freeradius-server-2.1.1/doc' gmake[2]: Leaving directory`/usr/local/src/freeradius-server-2.1.1/doc' gmake[1]: Leaving directory`/usr/local/src/freeradius-server-2.1.1' |
[root@nm freeradius-server-2.1.1]# make install done gmake[4]: Leaving directory`/usr/local/src/freeradius-server-2.1.1/doc/rfc' gmake[3]: Leaving directory`/usr/local/src/freeradius-server-2.1.1/doc' gmake[2]: Leaving directory`/usr/local/src/freeradius-server-2.1.1/doc' gmake[1]: Leaving directory`/usr/local/src/freeradius-server-2.1.1' Installing dictionary files in /usr/local/share/freeradius /usr/local/src/freeradius-server-2.1.1/libtool --finish/usr/local/lib PATH="$PATH:/sbin" ldconfig -n /usr/local/lib |
安装后的第一次运行radiusd -X
安装后可以不进行任何配置,直接起daemon,直接进行loopback测试。
因为radius缺省配置就是支持本地daemon,本地client(loopback client)
The first time after installation, you should run the serveras "root". Thiswill cause the server to create the certificatesit needs for EAP. 第一次启动,应该在root下运行radiusd-X这将使server建立EAP所需的 certificates $ radiusd –X 注意是大写X |
Once that is done, the server can be run from an unpriviledgeduser account. 这个步骤做完后,server就能从非特权用户启动了 |
[root@nm local]# radiusd -X FreeRADIUS Version 2.1.1, for host i686-pc-linux-gnu, built on Oct29 2008 at 10:27:47 Copyright (C) 1999-2008 The FreeRADIUS server project andcontributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FORA PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms ofthe GNU General Public License v2. Starting - reading configuration files ... including configuration file/usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file/usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ 。。。 Listening on authenticationaddress * port 1812 Listening on accounting address *port 1813 Listening on proxy address * port1814 Ready to processrequests. |
从另一个窗口 看log [root@nm ~]# cat /usr/local/var/log/radius/radius.log Wed Oct 29 11:23:25 2008 : Error: rlm_eap: SSL errorerror:02001002:system library:fopen:No such file or directory Wed Oct 29 11:23:25 2008 : Error: rlm_eap_tls: Error readingcertificate file /usr/local/etc/raddb/certs/server.pem Wed Oct 29 11:23:25 2008 : Error: rlm_eap: Failed to initializetype tls Wed Oct 29 11:23:25 2008 : Error:/usr/local/etc/raddb/eap.conf[17]: Instantiation failed for module"eap" Wed Oct 29 11:23:25 2008 : Error:/usr/local/etc/raddb/sites-enabled/inner-tunnel[223]: Failed tofind module "eap". Wed Oct 29 11:23:25 2008 : Error:/usr/local/etc/raddb/sites-enabled/inner-tunnel[176]: Errorsparsing authenticate section. Wed Oct 29 11:23:25 2008 : Error: Errors initializing modules 初次起动会出eap error |
随后再重起一次radiusd,不加-X [root@nm local]# radiusd & [1] 2419 |
从另一个窗口看log [root@nm ~]# cat /usr/local/var/log/radius/radius.log 再次启动就只有一条新log,没有error了 Wed Oct 29 13:09:48 2008 : Info: Ready to process requests. |
radius 启动的特征
[root@nm ~]# ps -ef | grep radiusd root 2420 1 0 13:10? 00:00:00 radiusd |
[root@nm ~]# netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q LocalAddress ForeignAddress State tcp 0 00.0.0.0:21 0.0.0.0:* LISTEN tcp 0 00.0.0.0:23 0.0.0.0:* LISTEN tcp 0 010.4.3.117:23 10.4.3.119:1058 ESTABLISHED tcp 0 14610.4.3.117:23 10.4.3.119:4471 ESTABLISHED tcp 0 0:::80 |
来源:CSDN
作者:permike
链接:https://blog.csdn.net/permike/article/details/50468860