Chinaunix首页 | 论坛 | 博客

梦想的天空uranusllj.blog.chinaunix.net

首页 |  博文目录 |  关于我

uranusllj

  • 博客访问: 348378
  • 博文数量: 79
  • 博客积分: 3053
  • 博客等级: 中校
  • 技术积分: 861
  • 用 户 组: 普通用户
  • 注册时间: 2006-02-27 20:43
文章分类

全部博文(79)

文章存档

2012年(3)

2011年(21)

2010年(15)

2009年(40)

我的朋友
最近访客
推荐博文
相关博文
freeradius安装配置

分类: LINUX

2010-03-03 16:48:05

1、安装
用rpm 安装
freeradius
freeradius-mysql
lm_sensors
mysql
perl-DBI
mysqlclient10
net-snmp
net-snmp-utils

也可以用源码编译
./configure
make
make install


安装后启动mysql,并初始化数据库
rpm安装后的sql文件在/usr/share/doc/freeradius-1.0.1目录
源码安装后的sql文件在./raddb/sql下
源码包的数据库结构跟rpm的可能不一样,不能混用

freeradius支持mysql/oracle/postgres三种数据库,可以选择相应的sql文件

这次我安装的是rpm,用源码中的sql初始化

2、配置
编辑 radius.conf 使其支持mysql认证
# vi /etc/raddb/radiusd.conf
authorize {
preprocess
chap
mschap
suffix
sql 将前面#号去掉
...
}
accounting {
...
sql 将前面#号去掉
...
}
编辑 sql.conf ,使radius可以访问mysql
# vi /usr/local/etc/raddb/sqlconf
sql {
driver = "rlm_sql_mysql"
server = "localhost"
login = "root"
password = "mysql的密码" ;mysql的root用户的密码
radius_db = "radius" ;刚才创建的数据库名
}
更改client.conf
 client 222.64.163.43 {//你的vpn server或者其他需要radius验证的server的ip地址
#       # secret and password are mapped through the "secrets" file.
        secret      = nsfocus//这个需要设置你的NAS server的密码与这个一样
        shortname   = localhost
#       # the following three fields are optional, but may be used by
#       # checkrad.pl for simultaneous usage checks
        nastype     = other//根据你的方式 windows就这个
#       login       = !root
#       password    = someadminpas
}

3、添加测试数据
添加几个用户
insert into radgroupreply (GroupName,Attribute,op,Value) values ('user','Auth-Type',':=','Local');
insert into radgroupreply (GroupName,Attribute,op,value) values ('user','Service-Type',':=','Framed-User');
insert into radgroupreply (GroupName,Attribute,op,value) values ('user','Framed-IP-Address',':=','255.255.255.254');
insert into radgroupreply (GroupName
加入测试账号 
  insert into radcheck (username,attribute,op,value) values (‘test’,’User-Password’,’:=’,’test’) 
  测试账号加入组 
  insert into usergroup (username,groupname) values (‘test’,’user’);
4、测试连接
启动服务 radiusd -X
另一边开radtest test test localhost 0 testing123
看到类似如下内容表示测试通过
Sending Access-Request of id 93 to 127.0.0.1 port 1812
        User-Name = "test"
        User-Password = "test"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=93, length=38
        Service-Type = Framed-User
        Framed-IP-Address = 255.255.255.255
        Framed-IP-Netmask = 255.255.255.0


初始数据
insert into radusergroup (UserName,GroupName) values ('fredf','dynamic');
insert into radusergroup (UserName,GroupName) values ('barney','static');
insert into radusergroup (UserName,GroupName) values ('dialrouter','netdial');

insert into radcheck (UserName,Attribute,Value,Op) values ('fredf','Password','wilma','==');
insert into radcheck (UserName,Attribute,Value,Op) values ('barney','Password','betty','==');
insert into radcheck (UserName,Attribute,Value,Op) values ('dialrouter','Password','dialup','==');



insert into radgroupcheck (GroupName,Attribute,Value,Op) values ('dynamic','Auth-Type','Local',':=');
insert into radgroupcheck (GroupName,Attribute,Value,Op) values ('static','Auth-Type','Local',':=');
insert into radgroupcheck (GroupName,Attribute,Value,Op) values ('netdial','Auth-Type','Local',':=');

insert into radreply (UserName,Attribute,Value,Op) values ('barney','Framed-IP-Address','192.168.103.13',':=');
insert into radreply (UserName,Attribute,Value,Op) values ('dialrouter','Framed-IP-Address','192.168.103.13',':=');
insert into radreply (UserName,Attribute,Value,Op) values ('dialrouter','Framed-IP-Netmask','255.255.255.255',':=');
insert into radreply (UserName,Attribute,Value,Op) values ('dialrouter','Framed-Routing','Broadcast-Listen',':=');
insert into radreply (UserName,Attribute,Value,Op) values ('dialrouter','Framed-Routing','192.168.103.0 255.255.255.248',':=');
insert into radreply (UserName,Attribute,Value,Op) values ('dialrouter','Idle-Timeout','900',':=');




insert into radgroupreply (GroupName,Attribute,Value,Op) values ('dynamic','Framed-Compression','Van-Jacobsen-TCP-IP',':=');
insert into radgroupreply (GroupName,Attribute,Value,Op) values ('dynamic','Framed-Protocol','PPP',':=');
insert into radgroupreply (GroupName,Attribute,Value,Op) values ('dynamic','Service-Type','Framed-User',':=');
insert into radgroupreply (GroupName,Attribute,Value,Op) values ('dynamic','Framed-MTU','1500',':=');
insert into radgroupreply (GroupName,Attribute,Value,Op) values ('static','Framed-Protocol','PPP',':=');
insert into radgroupreply (GroupName,Attribute,Value,Op) values ('static','Service-Type','Framed-User',':=');
insert into radgroupreply (GroupName,Attribute,Value,Op) values ('static','Framed-Compression','Van-Jacobsen-TCP-IP',':=');
insert into radgroupreply (GroupName,Attribute,Value,Op) values ('netdial','Framed-Protocol','PPP',':=');
insert into radgroupreply (GroupName,Attribute,Value,Op) values ('netdial','Service-Type','Framed-User',':=');


测试
radtest barney betty localhost 1812 testing123

在实际配置当中,要检查clients.conf,需要把客户端的地址加到配置文件当中,要不radius服务器会拒绝
,另外,usergroup表实际应该是radusergroup组,要不也不能成功
初始化最主要的是radcheck、radgroupcheck、radusergroup三张表,radgroupreply表中记录是在收到认证信息后的回包的返回信息
阅读(2383) | 评论(0) | 转发(0) |
0

上一篇:svn的安装

下一篇:本地连接无法结束的处理方法

给主人留下些什么吧!~~
关于我们 | 关于IT168 | 联系方式 | 广告合作 | 法律声明 | 免费注册

Copyright 2001-2010 ChinaUnix.net All Rights Reserved 北京皓辰网域网络信息技术有限公司. 版权所有

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6