ARA基于PHP5

1.安装php5:

# tar jxvf php-5.2.6.tar.bz2

# cd php-5.2.6

# rpm -ivh /mnt/cdrom/CentOS/libxml2-2.6.26-2.1.2.1.i386.rpm

# rpm -ivh /mnt/cdrom/CentOS/libxml2-python-2.6.26-2.1.2.1.i386.rpm

# rpm -ivh --nodeps /mnt/cdrom/CentOS/pkgconfig-0.21-2.el5.i386.rpm

# rpm -ivh --nodeps /mnt/cdrom/CentOS/zlib-devel-1.2.3-3.i386.rpm

# rpm -ivh /mnt/cdrom/CentOS/libxml2-devel-2.6.26-2.1.2.1.i386.rpm

 

#./configure  --prefix=/usr/local/php  --with-apxs2=/usr/local/apache/bin/apxs   --with-config-file-path=/usr/local/php/etc  --with-mysql=/usr/local/mysql  --with-ldap=/usr/local/openldap/    --without-sqlite --without-pdo-sqlite --with-gettext=/home/openldap/gettext-0.17 --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --disable-cgi --disable-cli

#make

#make install

We can see that there’s so many parematers of configure php5.

These parematers make sure supporting mysql ,openldap,gettext……..

If you don’t want mysql debug information appearing on the web interface,change as follows:

$config["sql_debug"] = FALSE;

 

The file /usr/local/ara/config/config.php:

$config["sql_driver"]      = "mysql";

$config["sql_server_host"] = "localhost";

$config["sql_server_port"] = "3306";

$config["sql_username"]    = "root";

$config["sql_passwd"]      = "mysql123";

$config["sql_db"]          = "radius";

$config["sql_encoding"]    = "utf8";

/* this probably needs no modification */

$config["sql_table_usergroup"]     = "usergroup";

$config["sql_table_radacct"]       = "radacct";

$config["sql_table_radreply"]      = "radreply";

$config["sql_table_radcheck"]      = "radcheck";

$config["sql_table_radgroupreply"] = "radgroupreply";

$config["sql_table_radgroupcheck"] = "radgroupcheck";

$config["sql_table_nas"]           = "nas";

$config["sql_debug"]               = FALSE;

 

 

 

The file /usr/local/php/lib/php.ini:

mysql.default_port = 3306

mysql.default_socket = /tmp/mysql.sock

; Default host for mysql_connect() (doesn't apply in safe mode).

mysql.default_host = localhost

; Default user for mysql_connect() (doesn't apply in safe mode).

mysql.default_user = root

; Default password for mysql_connect() (doesn't apply in safe mode).

; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password")

mysql.default_password = mysql123

mysql.connect_timeout = 60

mysql.trace_mode = Off

mysqli.max_links = -1

 

 

# rpm -ivh /mnt/cdrom/CentOS/php-pear-1.4.9-4.el5.1.noarch.rpm

If it promopt independs ,following it will resove the problem.

Then :

# pear channel-update pear.php.net

# pear install HTML_Template_Sigma

# cd /var/

# svn co  ara-svn

# cd /var/ara-svn/src

# ls

config  htdocs  lang  lib  modules  template.html

# cd /var/www/htdocs

# ln -s /var/ara-svn/src/htdocs ara

# cd ara

# ls

img  index.php  style.css

Then :

Edit index.php and search for this line:

define("ARA_PATH", "../");

Then:

# cd /var/ara-svn/src/config

# cp config.php.dist config.php

采用phpldapadmin管理ldap，发现添加radius.schema，无法调用相应的objectcalss，修改文件/usr/local/phpldapadmin/config/config.php

将language=“en”即可。

目前ara还不支持ldap，只支持mysql，所以我们也只做MySQL。

 

 

管理NAS:

1.       # vi /etc/ppp/radius/radiusclient.conf

authserver  192.168.1.251:1812
acctserver  192.168.1.251:1813

2.       #vi /etc/ppp/radius/servers

#Server Name or Client/Server pair              Key

#----------------                               ---------------

#portmaster.elemental.net                       hardlyasecret

#portmaster2.elemental.net                      donttellanyone

localhost                                      testing123

192.168.1.251                                 testing123

3.  连接信息：

 

Listening on authentication address * port 1812

Listening on accounting address * port 1813

Listening on proxy address * port 1814

Ready to process requests.

rad_recv: Access-Request packet from host 192.168.1.251 port 32812, id=52, length=111

        Service-Type = Framed-User

        Framed-Protocol = PPP

        User-Name = "test3"

        CHAP-Challenge = 0xb9a94f97d024cd6f73528f44cbd1f27bb7569b82

        CHAP-Password = 0x5aea13713d0432c5192b9532bf08208fca

        Calling-Station-Id = "00:1C:C4:CD:68:06"

        NAS-IP-Address = 127.0.0.1

        NAS-Port = 0

+- entering group authorize {...}

++[preprocess] returns ok

[chap] Setting 'Auth-Type := CHAP'

++[chap] returns ok

[sql]   expand: %{User-Name} -> test3

[sql] sql_set_user escaped user --> 'test3'

rlm_sql (sql): Reserving sql socket id: 4

[sql]   expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'test3'           ORDER BY id

WARNING: Found User-Password == "...".

WARNING: Are you sure you don't mean Cleartext-Password?

WARNING: See "man rlm_pap" for more information.

[sql] User found in radcheck table

[sql]   expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = 'test3'           ORDER BY id

[sql]   expand: SELECT groupname           FROM usergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM usergroup           WHERE username = 'test3'           ORDER BY priority

[sql]   expand: SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = 'user'           ORDER BY id

[sql] User found in group user

[sql]   expand: SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = 'user'           ORDER BY id

rlm_sql (sql): Released sql socket id: 4

++[sql] returns ok

++[expiration] returns noop

++[logintime] returns noop

Found Auth-Type = Local

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!    Replacing User-Password in config items with Cleartext-Password.     !!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!! Please update your configuration so that the "known good"               !!!

!!! clear text password is in Cleartext-Password, and not in User-Password. !!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

WARNING: Please update your configuration, and remove 'Auth-Type = Local'

WARNING: Use the PAP or CHAP modules instead.

CHAP-Password is correct.

+- entering group post-auth {...}

++[exec] returns noop

Sending Access-Accept of id 52 to 192.168.1.251 port 32812

        Service-Type = Framed-User

        Framed-IP-Netmask = 255.255.255.255

Finished request 0.

Going to the next request

Waking up in 4.8 seconds.

rad_recv: Accounting-Request packet from host 192.168.1.251 port 32812, id=53, length=116

        Acct-Session-Id = "4948BC150D8900"

        User-Name = "test3"

        Acct-Status-Type = Start

        Service-Type = Framed-User

        Framed-Protocol = PPP

        Calling-Station-Id = "00:1C:C4:CD:68:06"

        Acct-Authentic = RADIUS

        NAS-Port-Type = Async

        Framed-IP-Address = 10.0.0.3

        NAS-IP-Address = 127.0.0.1

        NAS-Port = 0

        Acct-Delay-Time = 0

+- entering group preacct {...}

++[preprocess] returns ok

[acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 192.168.1.251,NAS-IP-Address = 127.0.0.1,Acct-Session-Id = "4948BC150D8900",User-Name = "test3"'

[acct_unique] Acct-Unique-Session-ID = "06bebe854dc36bcb".

++[acct_unique] returns ok

[suffix] No '@' in User-Name = "test3", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

++[files] returns noop

+- entering group accounting {...}

[detail]        expand: /usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /usr/local/freeradius/var/log/radius/radacct/192.168.1.251/detail-20081217

[detail] /usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/freeradius/var/log/radius/radacct/192.168.1.251/detail-20081217

[detail]        expand: %t -> Wed Dec 17 16:45:09 2008

++[detail] returns ok

++[unix] returns ok

[radutmp]       expand: /usr/local/freeradius/var/log/radius/radutmp -> /usr/local/freeradius/var/log/radius/radutmp

[radutmp]       expand: %{User-Name} -> test3

++[radutmp] returns ok

[sql]   expand: %{User-Name} -> test3

[sql] sql_set_user escaped user --> 'test3'

[sql]   expand: %{Acct-Delay-Time} -> 0

[sql]   expand:            INSERT INTO radacct             (acctsessionid,    acctuniqueid,     username,              realm,            nasipaddress,     nasportid,              nasporttype,      acctstarttime,    acctstoptime,              acctsessiontime,  acctauthentic,    connectinfo_start,              connectinfo_stop, acctinputoctets,  acctoutputoctets,              calledstationid,  callingstationid, acctterminatecause,              servicetype,      framedprotocol,   framedipaddress,              acctstartdelay,   acctstopdelay,    xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}', '%S', NULL,              '0', '%{Acct-Authentic}', '%{Connect-Info}',              '', '0', '0',              '%{Called-Station-Id}', '%{Calling-Station-Id}', '',              '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',     

rlm_sql (sql): Reserving sql socket id: 3

rlm_sql_mysql: MYSQL check_error: 1054 received

[sql] Couldn't insert SQL accounting START record - Unknown column 'xascendsessionsvrkey' in 'field list'

[sql]   expand: %{Acct-Delay-Time} -> 0

[sql]   expand:            UPDATE radacct SET              acctstarttime     = '%S',              acctstartdelay    = '%{%{Acct-Delay-Time}:-0}',              connectinfo_start = '%{Connect-Info}'           WHERE acctsessionid  = '%{Acct-Session-Id}'           AND username         = '%{SQL-User-Name}'           AND nasipaddress     = '%{NAS-IP-Address}' ->            UPDATE radacct SET              acctstarttime     = '2008-12-17 16:45:09',              acctstartdelay    = '0',              connectinfo_start = ''           WHERE acctsessionid  = '4948BC150D8900'           AND username         = 'test3'           AND nasipaddress     = '127.0.0.1'

rlm_sql (sql): Released sql socket id: 3

++[sql] returns ok

[attr_filter.accounting_response]       expand: %{User-Name} -> test3

 attr_filter: Matched entry DEFAULT at line 12

++[attr_filter.accounting_response] returns updated

Sending Accounting-Response of id 53 to 192.168.1.251 port 32812

Finished request 1.

Cleaning up request 1 ID 53 with timestamp +3

Going to the next request

Waking up in 4.7 seconds.

Cleaning up request 0 ID 52 with timestamp +2

Ready to process requests.

 

对于软件方式的NAS，不能够实现web管理，基于硬件架构NAS的web管理，有待进一步研究。