Linux、Python爱好者,推广者。
分类: LINUX
2009-05-09 17:28:04
参考网站:http://www.ibm.com/developerworks/cn/linux/l-radius/
http://blog.chinaunix.net/u/2830/showart_402921.html
正常安装radis。
tar zxvf freeradius-server-
./configure
make
make install - run this command as root
radiusd or - start RADIUS server
radiusd -X - start RADIUS server in debug mode
修改/usr/local/etc/raddb/sites-available/default:
authorize {
files
}
其他不修改。
修改/usr/local/etc/raddb/clients.conf如下:
client 127.0.0.1 {
secret = testing123
shortname = localhost
nastype = other
}
client 192.168.0.153 {
secret = testing123
shortname = cisco //交接机的主机名
nastype = other
}
修改/usr/local/etc/raddb/users:
test User-Password := "123456"
Reply-Message = "Hello test",
cisco-avpair ="shell:priv-lvl=15"
本机测试:radtest
Usage: radtest user passwd radius-server[:port] nas-port-number secret [ppphint] [nasname]
[root@pdc ~]# radtest test 123456 localhost:1812 50022 testing123
Sending Access-Request of id 244 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "123456"
NAS-IP-Address = 192.168.0.145
NAS-Port = 50022
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=244, length=71
Reply-Message = "This is cisco switch 2950"
Cisco-AVPair = "shell:priv-lvl=1"
交换机的设置:
AAA
interface Vlan1
ip address 192.168.0.153 255.255.255.0
aaa new-model
aaa authentication login default group radius local
aaa authorization exec default group radius if-authenticated
radius-server host 192.168.0.145 auth-port 1812 acct-port 1813 //192.168.0.145radius的ip
radius-server key testing123
line vty 0 4
login authentication default
测试:
telnet 192.168.0.153
Username: test
Password:123456
Hello test
cisco#
