只写操作的过程,其它没有相应的说明!!
CentOS 5.4下配置pptpd服务器已经在其它篇章中有描述,这里为文章的链接入口<< CentOS release 5.4 (Final) 配置PPTP VPN服务器(初步)>>
!!本文也是在此基础上做的改变,请先参照上述文章,完成PPTP VPN服务器的构建,再做如下步骤!!
一、安装相关配置包
1、安装httpd、mysql及php相关包
[root@localhost ~]# yum -y install httpd httpd-devel mysql mysql-server mysql-devel
[root@localhost ~]# yum -y install php php-devel php-mysql php-common php-gd php-mbstring php-mcry
2、配置httpd服务:
[root@localhost ~]# netstat -ant |grep 80
[root@localhost ~]# /etc/init.d/httpd start
Starting httpd: [ OK ]
[root@localhost ~]# vi /etc/sysconfig/iptables
[root@localhost ~]# grep 80 /etc/sysconfig/iptables
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT #增加此行
[root@localhost ~]# /etc/init.d/iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter nat [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_n[ OK ]
[root@localhost ~]# chkconfig httpd --list
httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@localhost ~]# chkconfig httpd on #设置httpd自动启动
[root@localhost ~]# chkconfig httpd --list
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@localhost ~]# netstat -ant |grep 80
tcp 0 0 :::80 :::* LISTEN
3、启动mysql数据库:
[root@localhost ~]# /etc/init.d/mysqld start
Initializing MySQL database: Installing MySQL system tables...
OK
Filling help tables...
OK
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h localhost.localdomain password 'new-password'
Alternatively you can run:
/usr/bin/mysql_secure_installation
See the manual for more instructions.
You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &
You can test the MySQL daemon with mysql-test-run.pl
cd mysql-test ; perl mysql-test-run.pl
Please report any problems with the /usr/bin/mysqlbug script!
The latest information about MySQL is available on the web at
http://www.mysql.com
Support MySQL by buying support/licenses at http://shop.mysql.com
[ OK ]
Starting mysqld: [ OK ]
4、设置数据库密码;
[root@localhost ~]# mysqladmin -u root password 'leekwen'
5、安装Freeradius2相关包
[root@localhost ~]# yum install -y freeradius2 freeradius2-mysql freeradius2-utils
6、启动radius进程,调试模式:
[root@localhost ~]# radiusd -X
FreeRADIUS Version 2.1.12, for host i386-redhat-linux-gnu, built on Jan 9 2013 at 05:02:57
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
... adding new socket proxy address * port 51738
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
7、开启另外一个终端进行测试,如图:
8、如果结果与上图不同,请临时关闭防火墙后,临时关闭防火墙命令如下:
[root@localhost ~]# iptables -F
重新运行测试命令:
[root@localhost ~]# radtest steve testing localhost 1812 testing123
##############
# !!error !! #
##############
Failed binding to authentication address * port 1812: Address already in use
/etc/raddb/radiusd.conf[240]: Error binding to port for 0.0.0.0 port 1812
请先用 lsof 命令查看,再用 killall -9 radiusd命令结束后,重新开启服务后,在进行测试!
二、下载ppp源码文件,集成ppp client:
1、下载源码:
[root@localhost ~]# wget ftp://ftp.samba.org/pub/ppp/ppp-2.4.4.tar.gz
--2013-07-01 18:33:36-- ftp://ftp.samba.org/pub/ppp/ppp-2.4.4.tar.gz
=> `ppp-2.4.4.tar.gz'
Resolving ftp.samba.org... 216.83.154.106, 2001:470:1f05:1a07::1
Connecting to ftp.samba.org|216.83.154.106|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD /pub/ppp ... done.
==> SIZE ppp-2.4.4.tar.gz ... 688763
==> PASV ... done. ==> RETR ppp-2.4.4.tar.gz ... done.
Length: 688763 (673K)
100%[===========================================>] 688,763 135K/s in 5.3s
2013-07-01 18:33:45 (127 KB/s) - `ppp-2.4.4.tar.gz' saved [688763]
2、解压并做相关配置
[root@localhost ~]# tar zxf ppp-2.4.4.tar.gz
[root@localhost ~]# cp -R ppp-2.4.4/pppd/plugins/radius/etc/ /etc/radiusclient
[root@localhost ~]# cp /etc/radiusclient/radiusclient.conf /etc/radiusclient/radiusclient.conf.bak
[root@localhost ~]# vi /etc/radiusclient/radiusclient.conf
行号 修改前的配置文件 修改后的配置文件
25 issue /usr/local/etc/radiusclient/issue 修改为:issue /etc/radiusclient/issue
46 servers /usr/local/etc/radiusclient/servers 修改为:servers /etc/radiusclient/servers
50 dictionary /usr/local/etc/radiusclient/dictionary 修改为:dictionary /etc/radiusclient/dictionary
61 mapfile /usr/local/etc/radiusclient/port-id-map 修改为:mapfile /etc/radiusclient/port-id-map
说明:
修改相关配置文件的路径,确保radiusclient.conf这个文件中radiusclient相关的路径都是“/etc/radiusclient”开头的.
3、配置字典文件:
[root@localhost ~]# ls -l /etc/radiusclient/dictionary*
-rw-r--r-- 1 root root 7656 Jul 1 18:34 /etc/radiusclient/dictionary
-rw-r--r-- 1 root root 12295 Jul 1 18:34 /etc/radiusclient/dictionary.ascend
-rw-r--r-- 1 root root 1395 Jul 1 18:34 /etc/radiusclient/dictionary.compat
-rw-r--r-- 1 root root 599 Jul 1 18:34 /etc/radiusclient/dictionary.merit
-rw-r--r-- 1 root root 2649 Jul 1 18:34 /etc/radiusclient/dictionary.microsoft
[root@localhost ~]# vi /etc/radiusclient/dictionary
行号 文件内容
253 INCLUDE /etc/radiusclient/dictionary.microsoft
254 INCLUDE /etc/radiusclient/dictionary.merit #增加此行
255 INCLUDE /etc/radiusclient/dictionary.ascend #增加此行
256 INCLUDE /etc/radiusclient/dictionary.compat #增加此行
4、在pptpd服务中添加freeradius插件:
[root@localhost ~]# vi /etc/ppp/options.pptpd
行号 文件内容
128 # put plugins here
129 # (putting them higher up may cause them to sent messages to the pty)
130 plugin /usr/lib/pppd/2.4.4/radius.so #增加此行
131 plugin /usr/lib/pppd/2.4.4/radattr.so #增加此行
132 radius-config-file /etc/radiusclient/radiusclient.conf #增加此行
[root@localhost ~]# tail -n 3 /etc/ppp/options.pptpd
plugin /usr/lib/pppd/2.4.4/radius.so
plugin /usr/lib/pppd/2.4.4/radattr.so
radius-config-file /etc/radiusclient/radiusclient.conf
三、建立radius数据库及导入相应的数据库表:
可采用命令或使用Navicat for MySQL工具来完成:
1、radius中提供了mysql的导入文件:
[root@localhost ~]# ls /etc/raddb/sql/mysql/*.sql -l
-rw-r----- 1 root radiusd 661 Jan 9 02:04 /etc/raddb/sql/mysql/admin.sql
-rw-r----- 1 root radiusd 452 Jan 9 02:04 /etc/raddb/sql/mysql/cui.sql
-rw-r----- 1 root radiusd 761 Jan 9 02:04 /etc/raddb/sql/mysql/ippool.sql
-rw-r----- 1 root radiusd 399 Jan 9 02:04 /etc/raddb/sql/mysql/nas.sql
-rw-r----- 1 root radiusd 4318 Jan 9 02:04 /etc/raddb/sql/mysql/schema.sql
-rw-r----- 1 root radiusd 407 Jan 9 02:04 /etc/raddb/sql/mysql/wimax.sql
2、这里采用了命令方式,首先建立radius数据库:
为了方便以后使用Navicat for MySQL工具管理Mysql数据库,所以做了权限等方便的修改:
3、具体操作可复制代码:
[root@localhost ~]# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.0.95 Source distribution
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| test |
+--------------------+
3 rows in set (0.00 sec)
mysql> CREATE DATABASE radius DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
Query OK, 1 row affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'leekwen' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)
mysql> flush PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
mysql> \q;
Bye
[root@localhost ~]# mysql -uroot -p radius < /etc/raddb/sql/mysql/admin.sql
Enter password:
[root@localhost ~]# mysql -uroot -p radius < /etc/raddb/sql/mysql/cui.sql
Enter password:
[root@localhost ~]# mysql -uroot -p radius < /etc/raddb/sql/mysql/ippool.sql
Enter password:
[root@localhost ~]# mysql -uroot -p radius < /etc/raddb/sql/mysql/nas.sql
Enter password:
[root@localhost ~]# mysql -uroot -p radius < /etc/raddb/sql/mysql/schema.sql
Enter password:
[root@localhost ~]# mysql -uroot -p radius < /etc/raddb/sql/mysql/wimax.sql
Enter password:
4 、防火墙中关于数据库相关的设置:
[root@localhost ~]# grep 3306 /etc/sysconfig/iptables
[root@localhost ~]# vi /etc/sysconfig/iptables
[root@localhost ~]# /etc/init.d/iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter nat [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_n[ OK ]
[root@localhost ~]# grep 3306 /etc/sysconfig/iptables
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
四、修改radius的相关配置文件:
[root@localhost ~]# cp /etc/raddb/radiusd.conf /etc/raddb/radiusd.conf.bak
[root@localhost ~]# vi /etc/raddb/radiusd.conf
行号 | 修改后配置 | 未修改的配置
700 | $INCLUDE sql.conf | # $INCLUDE sql.conf <------去掉注释#
712 | $INCLUDE sql/mysql/counter.conf| # $INCLUDE sql/mysql/counter.conf <------去掉注释#
[root@localhost ~]# cp /etc/raddb/sql.conf /etc/raddb/sql.conf.bak
[root@localhost ~]# vi /etc/raddb/sql.conf
行号 | 修改后配置 | 未修改的配置
38 | login = "root" | login = "radius" <------修改连接mysql的用户名
39 | password = "leekwen" | password = "radpass"<------修改连接mysql的密码
100 | readclients = yes | #readclients = yes <------去掉注释#
说明:如果在运行radiusd -X 时会加载配置文件;
如果看到加载的配置文件时,出现下面的错误:
!!! Error !!!
Duplicate virtual server "inner-tunnel" in file /etc/raddb/sites-enabled/inner-tunnel:11
and file /etc/raddb/sites-enabled/inner-tunnel.bak:11
请将/etc/raddb/sites-enabled/inner-tunnel.bak 与 /etc/raddb/sites-enabled/default.bak全部删除,
这也是为什么下面在编辑前没有备份这两个文件的原因:
[root@localhost ~]# vi /etc/raddb/sites-enabled/default
行号 | 修改后配置 | 未修改的配置
170 # files | files <------增加注释#
177 sql | # sql <------去掉注释#
372 # files | files <------增加注释#
406 sql | # sql <------去掉注释#
454 sql | # sql <------去掉注释#
475 sql | # sql <------去掉注释#
[root@localhost ~]# vi /etc/raddb/sites-enabled/inner-tunnel
行号 | 修改后配置 | 未修改的配置
124 # files | files <------增加注释#
131 sql | # sql <------去掉注释#
255 sql | # sql <------去掉注释#
277 sql | # sql <------去掉注释#
2、
启动radiusd服务,并
在数据库总插入测试账号,并查看测试结果!
3、测试通过后,修改默认密钥密码:
[root@localhost ~]# cp /etc/raddb/clients.conf /etc/raddb/clients.conf.bak
[root@localhost ~]# vi /etc/raddb/clients.conf
行号 | 修改后配置 | 未修改的配置
101 secret = leekwen | secret = testing123
4、重新启动相关服务后,进行数据库用户测试!
5、此测试通过后,进行客户端的拨号连接,并在服务端查看客户端的拨号日志:
6、到此,已经完成了,pptpd + freeradius2 + mysql 三者之间的整合,后续章节中将增加前台配置页面daloradius,用它提供一个友好的配置界面!!