#tar -jxvf freeradius-server-3.0.12.tar.bz2
#cd freeradius-server-3.0.12/
#./configure
打印的信息显示有一个错误,信息如下
checking for perl... /usr/bin/perl checking for snmpget... no configure: WARNING: snmpget not found - Simultaneous-Use and checkrad may not work checking for snmpwalk... no configure: WARNING: snmpwalk not found - Simultaneous-Use and checkrad may not work checking for rusers... /usr/bin/rusers /opt/vsftp/he/freeradius-server-3.0.12/missing: Unknown `--is-lightweight' option Try `/opt/vsftp/he/freeradius-server-3.0.12/missing --help' for more information configure: WARNING: 'missing' script is too old or missing checking for locate... /usr/bin/locate checking for dirname... /usr/bin/dirname checking for grep... (cached) /usr/bin/grep checking for _talloc in -ltalloc... no checking for _talloc in -ltalloc in /usr/lib64... no checking for _talloc in -ltalloc in /usr/lib64/samba... no checking for _talloc in -ltalloc in /usr/local/lib... no checking for _talloc in -ltalloc in /opt/lib... no configure: WARNING: talloc library not found. Use --with-talloc-lib-dir=<path>. configure: error: FreeRADIUS requires libtalloc
信息显示没有安装libtalloc,但是执行yum安装显示是已安装的:
[root@fedora freeradius-server-3.0.12]# yum install libtalloc Redirecting to '/usr/bin/dnf install libtalloc' (see 'man yum2dnf') 上次元数据过期检查:2:39:30 前,执行于 Wed Dec 14 08:08:38 2016。 软件包 libtalloc-2.1.8-1.fc25.x86_64 已安装,跳过 依赖关系解决。 无需任何处理。 完毕! [root@fedora freeradius-server-3.0.12]#
解决办法,安装libtalloc-devel:
[root@fedora freeradius-server-3.0.12]# yum install libtalloc-devel -y Redirecting to '/usr/bin/dnf install libtalloc-devel -y' (see 'man yum2dnf') 上次元数据过期检查:2:41:21 前,执行于 Wed Dec 14 08:08:38 2016。 依赖关系解决。 ======================================= Package 架构 版本 仓库 大小 ======================================= 安装: libtalloc-devel x86_64 2.1.8-1.fc25 fedora 59 k 事务概要 ======================================= 安装 1 软件包 总下载:59 k 安装大小:92 k 下载软件包: libtalloc-devel-2.1.8-1.fc25.x86_64.rpm 22 kB/s | 59 kB 00:02 -------------------------------------------------------------- 总计 9.3 kB/s | 59 kB 00:06 运行事务检查 事务检查成功。 运行事务测试 事务测试成功。 运行事务 安装: libtalloc-devel-2.1.8-1.fc25.x86_64 1/1 验证: libtalloc-devel-2.1.8-1.fc25.x86_64 1/1 已安装: libtalloc-devel.x86_64 2.1.8-1.fc25 完毕! [root@fedora freeradius-server-3.0.12]#
问题解决,再次./configure,没有再打印这个错误信息, 说明这个问题解决,而是打印了下一个错误信息:
checking for utmpx.h... yes checking winsock.h usability... no checking winsock.h presence... no checking for winsock.h... no checking for net/if.h... yes checking for DH_new in -lcrypto... no checking for DH_new in -lcrypto in /usr/lib64... no checking for DH_new in -lcrypto in /usr/local/lib... no checking for DH_new in -lcrypto in /opt/lib... no configure: error: in `/opt/vsftp/he/freeradius-server-3.0.12': configure: error: failed linking to libcrypto. Use --with-openssl-lib-dir=<path>, or --with-openssl=no (builds without OpenSSL) See `config.log' for more details [root@fedora freeradius-server-3.0.12]#
信息显示链接不到libcrypto,执行
#rpm -qa |grep libcrypto
#
没有信息打印,说明没有安装libcrypto, libcrypto包含在openssl安装包里,OpenSSL 包含2个主要的库: libssl and libcrypto.
所以解决办法就是安装openssl:
#yum install openssl openssl-devel
运行./configure显示这个问题解决,并且没有报其它错误信息.
至此,./configure执行完全成功.
接下来要 执行make 命令.
#make
make命令被正确 执行
可以在./build/bin目录找到radiusd程序,这个就是radius server程序.
接下来安装这个 server:
----------------------------------------------------------------------------------------------------------------
[root@fedora freeradius-server-3.0.12]# make install
----------------------------------------------------------------------------------------------------------------
成功安装.
执行下面命令,以超级身份运行:
#radiusd -X
运行正常,显示:
#Ready to process requests
按照官方文档的测试方法,在文件 /usr/local/etc/raddb/users 的最前面添加:
testing Cleartext-Password := “password123”
testing 是用户名, password123 是明文格式的密码.
再次运行radiusd,在运行radiusd时会说是端口已经被使用,是因为系统服务已经自动运行。关闭之后再运行即可:
#sudo service freeradius stop
#sudo radiusd -X
正常运行.
接下来用radtest来测试服务器:
# radtest testing password123 127.0.0.1 0 testing123
返回结果:
[root@fedora ~]# radtest testing password123 127.0.0.1 0 testing123 (0) Error parsing "stdin": Failed resolving "fedora.hexiaowang" to IPv4 address: Name or service not known [root@fedora ~]#
fedora.hexiaowang 是我给我的Fedora 25取的计算机名称.
这个错误是程序无法把计算机名 fedora.hexiaowang 映射成IP.解决办法,把 fedora.hexiaowang 映射成 本机IP 127.0.0.1 添加到 /etc/hosts 文件.
这是添加之前的hosts文件:
[root@fedora etc]# cat hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 [root@fedora etc]#
这是添加之后的hosts文件:
[root@fedora etc]# cat hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 fedora.hexiaowang ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 [root@fedora etc]#
再次执行radtest测试服务器 # radtest testing password123 127.0.0.1 0 testing123 ,结果显示:
[root@fedora etc]# radtest testing password123 127.0.0.1 0 testing123 Sent Access-Request Id 171 from 0.0.0.0:33368 to 127.0.0.1:1812 length 77 User-Name = "testing" User-Password = "password123" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Message-Authenticator = 0x00 Cleartext-Password = "password123" Received Access-Reject Id 171 from 127.0.0.1:1812 to 0.0.0.0:0 length 35 Reply-Message = "Hello,testing" (0) -: Expected Access-Accept got Access-Reject [root@fedora etc]#
收到 Access-Reject 消息,表示请求失败,测试没通过.解决办法:把 radiusd.conf 文件里的禁止写log(no)改成允许(yes)
#vi /usr/local/etc/raddb/radiusd.conf
修改后的 radiusd.conf 文件片段如下:
# dynamic expansion macro: %{debug: 1}, where the debug level # for this request is set to '1' (or 2, 3, etc.). e.g. # # ... # update control { # Tmp-String-0 = "%{debug:1}" # } # ... # # The attribute that the value is assigned to is unimportant, # and should be a "throw-away" attribute with no side effects. # #requests = ${logdir}/radiusd-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d.log # # Which syslog facility to use, if ${destination} == "syslog" # # The exact values permitted here are OS-dependent. You probably # don't want to change this. # syslog_facility = daemon # Log the full User-Name attribute, as it was found in the request. # # allowed values: {no, yes} # stripped_names = yes # Log authentication requests to the log file. # # allowed values: {no, yes} # auth = yes # Log passwords with the authentication requests.
再次执行radtest测试服务器 # radtest testing password123 127.0.0.1 0 testing123 ,结果显示:
[root@fedora main]# ./radtest testing password123 127.0.0.1 0 testing123 Sent Access-Request Id 6 from 0.0.0.0:53539 to 127.0.0.1:1812 length 77 User-Name = "testing" User-Password = "password123" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Message-Authenticator = 0x00 Cleartext-Password = "password123" Received Access-Accept Id 6 from 127.0.0.1:1812 to 0.0.0.0:0 length 35 Reply-Message = "Hello,testing" [root@fedora main]#
收到 Access-Accept 即表示测试成功!
配置 radius server 端:
修改服务器端记录客户端的配置文件 /etc/raddb/clients.conf 文件,该文件默认值提供了本机测试的 local 配置,即:安装完后默认只允许本机的client客户端访问radius服务器。 # 只允许本机的客户端访问 client localhost { ipaddr = 127.0.0.1 secret = testing123 } # 添加一个子网 192.168.230.0/24 的网段可访问 client 192.168.230.0/24 { secret = alonesword shortname = lan-w3pc } 保存文件 /etc/raddb/clients.conf
重启radius服务.
常见问题:
【Q1】启动 radiusd 时可能会出现如下错误 error while loading shared libraries: libfreera.... 【A1】解决的方法是在/etc/ld.so.conf文件中添加一行/usr/local/lib,然后在root用户下运行命令ldconfig即可 【Q2】启动 radiusd 时可能会出现如下错误 Failed binding to authentication address *port 1812:Address already in use 【A2】用命令lsof -i:1812查看占用进程,应该就是freeradius本身,kill该进程,然后重新# radiusd -X便可以运行服务程序了。