继上一篇的openvpn账号密码验证,由于账号密码保存在服务器文件中的是明文,存在一定的风险,现在通过freeradius进行账号认证
同样参考相关网络资料
http://www.beijinghuayu.com.cn/centos7%e9%85%8d%e7%bd%aedaloradius/
freeradius 2.2.5版本限制用户并发登录_norhtlander的专栏-CSDN博客
FreeRADIUS 3.0安装配置_cluniquecui的专栏-CSDN博客
等
软件版本
freeradius-3.0.13-15.el7.x86_64
mariadb-server-5.5.68-1.el7.x86_64
php-5.4.16-48.el7.x86_64
服务器:阿里云
1.安装
yum安装简便快捷
安装依赖
yum install wget telnet net-tools httpd mariadb-server php php-mysql php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-soap curl curl-devel epel-release -y
安装freeradius
yum install freeradius freeradius-mysql freeradius-utils -y
2.关闭selinux
[root@openvpn ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
[root@openvpn ~]# setenforce 0
setenforce: SELinux is disabled
[root@openvpn ~]# geten
getenforce getent
[root@openvpn ~]# getenforce
Disabled
3.启动数据库、httpd,关闭防火墙
[root@openvpn ~]# systemctl restart mariadb
[root@openvpn ~]# systemctl restart httpd
[root@openvpn ~]# systemctl stop firewalld
[root@openvpn ~]# systemctl disable firewalld
4.登录数据库,创建radius数据库
[root@openvpn ~]# mysql #默认初次启动的mariadb没有密码,直接登录
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 5.5.68-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
#设置mariadb的root登录密码
MariaDB [(none)]> set password=password('password');
Query OK, 0 rows affected (0.00 sec)
#创建radius数据库
MariaDB [(none)]> create database radius;
Query OK, 1 row affected (0.00 sec)
#给radius库建用户密码
MariaDB [(none)]> grant all on radius.* to radius@localhost identified by 'radius';
Query OK, 0 rows affected (0.00 sec)
#刷新
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.01 sec)
#退出
MariaDB [(none)]> quit
Bye
5.初始化freeradius数据库
[root@openvpn ~]# cd /etc/raddb/
[root@openvpn raddb]# ls
certs hints mods-config policy.d README.rst templates.conf
clients.conf huntgroups mods-enabled proxy.conf sites-available trigger.conf
dictionary mods-available panic.gdb radiusd.conf sites-enabled users
yum安装的freeradius配置文件默认在/etc/raddb
#初始化数据库
[root@openvpn mysql]# mysql -uradius -p radius < schema.sql
Enter password:
[root@openvpn mysql]# mysql -uradius -p radius
Enter password:
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 6
Server version: 5.5.68-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [radius]> use radius
Database changed
MariaDB [radius]> show tables;
+------------------+
| Tables_in_radius |
+------------------+
| nas |
| radacct |
| radcheck