上节freeradius已经安装好了,并与openldap连接认证,本节学习与mysql的连接
在centos7 环境,freeradius和maridb都已经安装好了
1. 建库建表
create database radius;
grant all on radius.* to root@localhost identified by "123";
mysql -u root radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql
2.建立用户组
insert into radgroupreply (groupname,attribute,op,value) values ('group1','Auth-Type',':=','Local');
insert into radgroupreply (groupname,attribute,op,value) values ('group1','Service-Type',':=','Framed-User');
insert into radgroupreply (groupname,attribute,op,value) values ('group1','Framed-IP-Address',':=','192.168.49.0');
insert into radgroupreply (groupname,attribute,op,value) values ('group1','Framed-IP-Netmask',':=','255.255.255.0');
3.建立测试用户
insert into radcheck (username,attribute,op,value) values ('test','Cleartext-Password',':=','test123');
4.将用户加入组
insert into radusergroup (username,groupname) values ('test','group1');
5.设置freeradius使用mysql数据库
vim /etc/raddb/mods-available/sql
sql {
driver = "rlm_sql_mysql"
dialect = "mysql"
server = "localhost"
port = 3306
login = "root"
password = "123"
radius_db = "radius"
...
}
建立软连接:ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/
6. vim /etc/raddb/mods-available/default
分别将authorize {}、accounting{}里面的sql去掉注释,并且将file注释掉。
7. 运行测试
radiusd -X
开另外一个shell窗口
[root@freeradius raddb]# radtest test1 test123 localhost 1812 testing123
Sent Access-Request Id 175 from 0.0.0.0:44677 to 127.0.0.1:1812 length 75
User-Name = "test1"
User-Password = "test123"
NAS-IP-Address = 192.168.49.142
NAS-Port = 1812
Message-Authenticator = 0x00
Cleartext-Password = "test123"
Received Access-Accept Id 175 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
数据库里的用户验证ok