平台:Centos 7 x86_64
1,安装源并更新
yum install -y epel-release
rpm -Uvh http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm
yum update -y
2,安装基本库
yum install -y install gcc gcc-c++ openssl openssl-devel pcre pcre-devel libtalloc-devel hiredis* ykclient libpcap libpcap-devel libnl-devel libnl net-snmp net-snmp-utils
3,安装mysql
yum install -y mysql-community-server mysql-devel mysql-connector-odbc libdbi-dbd-mysql
4,启动mysql服务
systemctl enable mysqld.service
systemctl start mysqld.service
mysql_secure_installation
5,安装freeradius
wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-3.0.12.tar.gz
tar zxvf freeradius-server-3.0.12.tar.gz
cd freeradius-server-3.0.12
./configure --with-modules=rlm_sql_mysql
make && make install
6.测试
vi /usr/local/etc/raddb/users
找到这一行
#steve Cleartext-Password:="testing"
将前面的#去掉
steve Cleartext-Password := "testing"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 172.16.3.33,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = "std.ppp",
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP
radiusd -X
提示Refusing to start with libssl version OpenSSL 1.0.1e
vi /usr/local/etc/raddb/radiusd.conf
找到allow_vulnerable_openssl = no,修改成allow_vulnerable_openssl = yes
再次输入
radiusd -X
新打开一个终端
radtest steve testing localhost 0 testing123
结果:
Sent Access-Request Id 41 from 0.0.0.0:46471 to 127.0.0.1:1812 length 75
User-Name = "steve"
User-Password = "testing"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "testing"
Received Access-Accept Id 41 from 127.0.0.1:1812 to 0.0.0.0:0 length 71
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 172.16.3.33
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = Broadcast-Listen
Filter-Id = "std.ppp"
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
accept即成了 ^_^
7,将radius和mysql融合
cd /usr/local/etc/raddb/mods-enabled
ln -s ../mods-available/sql sql
vi /usr/local/etc/raddb/mods-available/sql
找到driver = “rlm_sql_null”修改为driver = “rlm_sql_mysql”
将这几行的注释去掉
server = "localhost"
port = 3306
login = "radius"
password = "radpass"
保存后退出。
输入mysql -u root -p,输入密码
1)建立数据库并导入radius数据结构
mysql>create database radius;
mysql>grant all on radius.* to 'radius'@'localhost' identified by 'radpass';
mysql>flush privileges;
#mysql -u root -p radius < /usr/local/etc/raddb/mods-config/sql/main/mysql/schema.sql
2)建立组(在此新建组名称为user)
use radius;
insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local');
insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type',':=','Framed-User');
insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Address',':=','255.255.255.255');
insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask',':=','255.255.255.0');
3)建立用户(在此新建用户名为test,密码为testpwd)
insert into radcheck (username,attribute,op,value) values ('test','Cleartext-Password',':=','testpwd');
4)将用户加入组中:
insert into radusergroup (username,groupname) values ('test','user');
exit
测试:radiusd -X,在另一终端执行radtest test testpwd localhost 1812 testing123
获得结果
Sending Access-Request of id 247 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "testpwd"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=247, length=38
Service-Type = Framed-User
Framed-IP-Address = 255.255.255.255
Framed-IP-Netmask = 255.255.255.0
Accept!成了!!
接下来加需要认证的服务器,比如
vi /usr/local/etc/raddb/clients.conf
追加
client 192.168.10.8{
secret = testing123(认证的密钥)
shortname = jp01
}
认证试试。。。^_^
简单安装:
yum install -y freeradius freeradius-utils freeradius-mysql
1236
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
