Step 1:安装需要的软件
apt-get install ppp pptpd radiusclient1
apt-get install build-essential
Step 2;修改配置文件
nano /etc/pptp.conf 修改下面选项, localip为服务器IP remoteip为分配给客户端的IP
localip 192.168.1.200
remoteip 192.168.0.234-238,192.168.0.245
Step 3:打开测试选项
nano /etc/ppp/pptpd-options
去掉debug和 dump注释
增加
plugin /usr/lib64/pppd/2.4.4/radius.so(radius.so版本不一样路径也不一样!)
Step 4:修改/etc/radiuschlient/server
加入 localhost testing123
Step 5:安装freeradius-server-2.1.8
将freeradius-server-2.1.8.tar.gz 放至/software/下
#cd /software
#tar -zxvf freeradius-server-2.1.8.tar.gz
#cd freeradius-server-2.1.8
#./configure --prefix=/usr/local/freeradius
#make
#make install
#radiusd -X
如果这里出现了error while loading shared libraries: libfreeradius-radius-2.1.8.so
其实在言下之意就是缺少一个叫做libfreeradius-radius-2.1.8.so的库文件,经查找发现这个库存在于/usr/local/lib目录下
采取的解决方式是将/usr/local/lib添加到/etc/ld.so.conf中
ld.so.conf文件内容如下:
include /etc/ld.so.conf.d/*.conf
添加一行 /usr/local/lib
完成后输入/sbin/ldconfig,再重新进行上面步骤。
出现以下信息说明安装成功。
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.
Ldconfig命令是将/etc/ld.so.conf列出的路径下的库文件缓存到/etc/ld.so.cache以供使用。
Step 6:配置mysql和freeradius
#mysql -uroot -p123456
mysql>create database radius
mysql>quit
#mysql -uroot -p123456 radius < radius.sql
接着:
更改/usr/local/etc/raddb/sites-available/default文件,使其支持sql
把 sql前的#去掉
authorize {
preprocess
chap
mschap
suffix
sql
}
accouting {
….
sql
…
}
更改/usr/local/etc/raddb/sql.Conf使其与mysql连接
server=”localhost”
login=”root”
password=”mysql的root的密码”
radius_db=”radius”
再更改/usr/local/etc/raddb/radiusd.conf
将$INCLUDE sql.conf前的#去掉
数据库加入测试账号
加入组:
mysql –uroot –p密码 radius
insert into radgroupreply (groupname,attribute,op,value) values (‘user’,‘Auth-Type’,’:=’,’Local’);
insert into radgroupreply (groupname,attribute,op,value) values (‘user’,‘Service-Type’,’:=’,’Framed-User’);
insert into radgroupreply (groupname,attribute,op,value) values (‘user’,‘Framed-IP-Address’,’:=’,’255.255.255.254’);
insert into radgroupreply (groupname,attribute,op,value) values (‘user’,‘Framed-IP-Netmask’,’:=’,’255.255.255.0’);
加入测试账号:
insert into radcheck (username,attribute,op,value) values (‘test’,’User-Password’,’:=’,’test’)
测试账号加入组:
insert into radusergroup (username,groupname) values (‘test’,’user’);
接着需要下载一个freeradius-mysql
#sudo apt-get install freeradius-mysql
然后到/usr/lib/freeradius将rlm_sql_mysql-2.1.0.so复制到/usr/lib下并改名为 rlm_sql_mysql.so
#cp /usr/lib/freeradius/rlm_sql_mysql_2.1.0.so /usr/lib
#mv rlm_sql_mysql_2.1.0.so rlm_sql_mysql.so
#radiusd -X
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.
Step 6 为了是windows 验证通过
vi /etc/radiusclient/dictionary
添加:
INCLUDE /etc/radiusclient/dictionary.microsoft 格式在ubuntu 论坛有
INCLUDE /etc/radiusclient/dictionary.ascend
INCLUDE /etc/radiusclient/dictionary.merit
INCLUDE /etc/radiusclient/dictionary.compat
否则拨号时后台日志会报错,无法拨入,客户端报691错误:
dictionary.microsoft 的内容为
--------------------------------------------
#
# Microsoft's VSA's, from RFC 2548
#
# $Id: poptop_ads_howto_a5.htm,v 1.1 2008/10/02 08:11:48 wskwok Exp $
#
VENDOR Microsoft 311 Microsoft
ATTRIBUTE MS-CHAP-Response 1 string Microsoft
ATTRIBUTE MS-CHAP-Error 2 string Microsoft
ATTRIBUTE MS-CHAP-CPW-1 3 string Microsoft
ATTRIBUTE MS-CHAP-CPW-2 4 string Microsoft
ATTRIBUTE MS-CHAP-LM-Enc-PW 5 string Microsoft
ATTRIBUTE MS-CHAP-NT-Enc-PW 6 string Microsoft
ATTRIBUTE MS-MPPE-Encryption-Policy 7 string Microsoft
# This is referred to as both singular and plural in the RFC.
# Plural seems to make more sense.
ATTRIBUTE MS-MPPE-Encryption-Type 8 string Microsoft
ATTRIBUTE MS-MPPE-Encryption-Types 8 string Microsoft
ATTRIBUTE MS-RAS-Vendor 9 integer Microsoft
ATTRIBUTE MS-CHAP-Domain 10 string Microsoft
ATTRIBUTE MS-CHAP-Challenge 11 string Microsoft
ATTRIBUTE MS-CHAP-MPPE-Keys 12 string Microsoft encrypt=1
ATTRIBUTE MS-BAP-Usage 13 integer Microsoft
ATTRIBUTE MS-Link-Utilization-Threshold 14 integer Microsoft
ATTRIBUTE MS-Link-Drop-Time-Limit 15 integer Microsoft
ATTRIBUTE MS-MPPE-Send-Key 16 string Microsoft
ATTRIBUTE MS-MPPE-Recv-Key 17 string Microsoft
ATTRIBUTE MS-RAS-Version 18 string Microsoft
ATTRIBUTE MS-Old-ARAP-Password 19 string Microsoft
ATTRIBUTE MS-New-ARAP-Password 20 string Microsoft
ATTRIBUTE MS-ARAP-PW-Change-Reason 21 integer Microsoft
ATTRIBUTE MS-Filter 22 string Microsoft
ATTRIBUTE MS-Acct-Auth-Type 23 integer Microsoft
ATTRIBUTE MS-Acct-EAP-Type 24 integer Microsoft
ATTRIBUTE MS-CHAP2-Response 25 string Microsoft
ATTRIBUTE MS-CHAP2-Success 26 string Microsoft
ATTRIBUTE MS-CHAP2-CPW 27 string Microsoft
ATTRIBUTE MS-Primary-DNS-Server 28 ipaddr
ATTRIBUTE MS-Secondary-DNS-Server 29 ipaddr
ATTRIBUTE MS-Primary-NBNS-Server 30 ipaddr
ATTRIBUTE MS-Secondary-NBNS-Server 31 ipaddr
#ATTRIBUTE MS-ARAP-Challenge 33 string Microsoft
#
# Integer Translations
#
# MS-BAP-Usage Values
VALUE MS-BAP-Usage Not-Allowed 0
VALUE MS-BAP-Usage Allowed 1
VALUE MS-BAP-Usage Required 2
# MS-ARAP-Password-Change-Reason Values
VALUE MS-ARAP-PW-Change-Reason Just-Change-Password 1
VALUE MS-ARAP-PW-Change-Reason Expired-Password 2
VALUE MS-ARAP-PW-Change-Reason Admin-Requires-Password-Change 3
VALUE MS-ARAP-PW-Change-Reason Password-Too-Short 4
# MS-Acct-Auth-Type Values
VALUE MS-Acct-Auth-Type PAP 1
VALUE MS-Acct-Auth-Type CHAP 2
VALUE MS-Acct-Auth-Type MS-CHAP-1 3
VALUE MS-Acct-Auth-Type MS-CHAP-2 4
VALUE MS-Acct-Auth-Type EAP 5
# MS-Acct-EAP-Type Values
VALUE MS-Acct-EAP-Type MD5 4
VALUE MS-Acct-EAP-Type OTP 5
VALUE MS-Acct-EAP-Type Generic-Token-Card 6
VALUE MS-Acct-EAP-Type TLS 13
END-VENDOR Microsoft
---------------------------------------------------------------------------------------------------------
apt-get install ppp pptpd radiusclient1
apt-get install build-essential
Step 2;修改配置文件
nano /etc/pptp.conf 修改下面选项, localip为服务器IP remoteip为分配给客户端的IP
localip 192.168.1.200
remoteip 192.168.0.234-238,192.168.0.245
Step 3:打开测试选项
nano /etc/ppp/pptpd-options
去掉debug和 dump注释
增加
plugin /usr/lib64/pppd/2.4.4/radius.so(radius.so版本不一样路径也不一样!)
Step 4:修改/etc/radiuschlient/server
加入 localhost testing123
Step 5:安装freeradius-server-2.1.8
将freeradius-server-2.1.8.tar.gz 放至/software/下
#cd /software
#tar -zxvf freeradius-server-2.1.8.tar.gz
#cd freeradius-server-2.1.8
#./configure --prefix=/usr/local/freeradius
#make
#make install
#radiusd -X
如果这里出现了error while loading shared libraries: libfreeradius-radius-2.1.8.so
其实在言下之意就是缺少一个叫做libfreeradius-radius-2.1.8.so的库文件,经查找发现这个库存在于/usr/local/lib目录下
采取的解决方式是将/usr/local/lib添加到/etc/ld.so.conf中
ld.so.conf文件内容如下:
include /etc/ld.so.conf.d/*.conf
添加一行 /usr/local/lib
完成后输入/sbin/ldconfig,再重新进行上面步骤。
出现以下信息说明安装成功。
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.
Ldconfig命令是将/etc/ld.so.conf列出的路径下的库文件缓存到/etc/ld.so.cache以供使用。
Step 6:配置mysql和freeradius
#mysql -uroot -p123456
mysql>create database radius
mysql>quit
#mysql -uroot -p123456 radius < radius.sql
接着:
更改/usr/local/etc/raddb/sites-available/default文件,使其支持sql
把 sql前的#去掉
authorize {
preprocess
chap
mschap
suffix
sql
}
accouting {
….
sql
…
}
更改/usr/local/etc/raddb/sql.Conf使其与mysql连接
server=”localhost”
login=”root”
password=”mysql的root的密码”
radius_db=”radius”
再更改/usr/local/etc/raddb/radiusd.conf
将$INCLUDE sql.conf前的#去掉
数据库加入测试账号
加入组:
mysql –uroot –p密码 radius
insert into radgroupreply (groupname,attribute,op,value) values (‘user’,‘Auth-Type’,’:=’,’Local’);
insert into radgroupreply (groupname,attribute,op,value) values (‘user’,‘Service-Type’,’:=’,’Framed-User’);
insert into radgroupreply (groupname,attribute,op,value) values (‘user’,‘Framed-IP-Address’,’:=’,’255.255.255.254’);
insert into radgroupreply (groupname,attribute,op,value) values (‘user’,‘Framed-IP-Netmask’,’:=’,’255.255.255.0’);
加入测试账号:
insert into radcheck (username,attribute,op,value) values (‘test’,’User-Password’,’:=’,’test’)
测试账号加入组:
insert into radusergroup (username,groupname) values (‘test’,’user’);
接着需要下载一个freeradius-mysql
#sudo apt-get install freeradius-mysql
然后到/usr/lib/freeradius将rlm_sql_mysql-2.1.0.so复制到/usr/lib下并改名为 rlm_sql_mysql.so
#cp /usr/lib/freeradius/rlm_sql_mysql_2.1.0.so /usr/lib
#mv rlm_sql_mysql_2.1.0.so rlm_sql_mysql.so
#radiusd -X
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.
Step 6 为了是windows 验证通过
vi /etc/radiusclient/dictionary
添加:
INCLUDE /etc/radiusclient/dictionary.microsoft 格式在ubuntu 论坛有
INCLUDE /etc/radiusclient/dictionary.ascend
INCLUDE /etc/radiusclient/dictionary.merit
INCLUDE /etc/radiusclient/dictionary.compat
否则拨号时后台日志会报错,无法拨入,客户端报691错误:
dictionary.microsoft 的内容为
--------------------------------------------
#
# Microsoft's VSA's, from RFC 2548
#
# $Id: poptop_ads_howto_a5.htm,v 1.1 2008/10/02 08:11:48 wskwok Exp $
#
VENDOR Microsoft 311 Microsoft
ATTRIBUTE MS-CHAP-Response 1 string Microsoft
ATTRIBUTE MS-CHAP-Error 2 string Microsoft
ATTRIBUTE MS-CHAP-CPW-1 3 string Microsoft
ATTRIBUTE MS-CHAP-CPW-2 4 string Microsoft
ATTRIBUTE MS-CHAP-LM-Enc-PW 5 string Microsoft
ATTRIBUTE MS-CHAP-NT-Enc-PW 6 string Microsoft
ATTRIBUTE MS-MPPE-Encryption-Policy 7 string Microsoft
# This is referred to as both singular and plural in the RFC.
# Plural seems to make more sense.
ATTRIBUTE MS-MPPE-Encryption-Type 8 string Microsoft
ATTRIBUTE MS-MPPE-Encryption-Types 8 string Microsoft
ATTRIBUTE MS-RAS-Vendor 9 integer Microsoft
ATTRIBUTE MS-CHAP-Domain 10 string Microsoft
ATTRIBUTE MS-CHAP-Challenge 11 string Microsoft
ATTRIBUTE MS-CHAP-MPPE-Keys 12 string Microsoft encrypt=1
ATTRIBUTE MS-BAP-Usage 13 integer Microsoft
ATTRIBUTE MS-Link-Utilization-Threshold 14 integer Microsoft
ATTRIBUTE MS-Link-Drop-Time-Limit 15 integer Microsoft
ATTRIBUTE MS-MPPE-Send-Key 16 string Microsoft
ATTRIBUTE MS-MPPE-Recv-Key 17 string Microsoft
ATTRIBUTE MS-RAS-Version 18 string Microsoft
ATTRIBUTE MS-Old-ARAP-Password 19 string Microsoft
ATTRIBUTE MS-New-ARAP-Password 20 string Microsoft
ATTRIBUTE MS-ARAP-PW-Change-Reason 21 integer Microsoft
ATTRIBUTE MS-Filter 22 string Microsoft
ATTRIBUTE MS-Acct-Auth-Type 23 integer Microsoft
ATTRIBUTE MS-Acct-EAP-Type 24 integer Microsoft
ATTRIBUTE MS-CHAP2-Response 25 string Microsoft
ATTRIBUTE MS-CHAP2-Success 26 string Microsoft
ATTRIBUTE MS-CHAP2-CPW 27 string Microsoft
ATTRIBUTE MS-Primary-DNS-Server 28 ipaddr
ATTRIBUTE MS-Secondary-DNS-Server 29 ipaddr
ATTRIBUTE MS-Primary-NBNS-Server 30 ipaddr
ATTRIBUTE MS-Secondary-NBNS-Server 31 ipaddr
#ATTRIBUTE MS-ARAP-Challenge 33 string Microsoft
#
# Integer Translations
#
# MS-BAP-Usage Values
VALUE MS-BAP-Usage Not-Allowed 0
VALUE MS-BAP-Usage Allowed 1
VALUE MS-BAP-Usage Required 2
# MS-ARAP-Password-Change-Reason Values
VALUE MS-ARAP-PW-Change-Reason Just-Change-Password 1
VALUE MS-ARAP-PW-Change-Reason Expired-Password 2
VALUE MS-ARAP-PW-Change-Reason Admin-Requires-Password-Change 3
VALUE MS-ARAP-PW-Change-Reason Password-Too-Short 4
# MS-Acct-Auth-Type Values
VALUE MS-Acct-Auth-Type PAP 1
VALUE MS-Acct-Auth-Type CHAP 2
VALUE MS-Acct-Auth-Type MS-CHAP-1 3
VALUE MS-Acct-Auth-Type MS-CHAP-2 4
VALUE MS-Acct-Auth-Type EAP 5
# MS-Acct-EAP-Type Values
VALUE MS-Acct-EAP-Type MD5 4
VALUE MS-Acct-EAP-Type OTP 5
VALUE MS-Acct-EAP-Type Generic-Token-Card 6
VALUE MS-Acct-EAP-Type TLS 13
END-VENDOR Microsoft
---------------------------------------------------------------------------------------------------------