STEP 1 : 根据标准教程配置Open×××
STEP 2 : 在http://www.nongnu.org/radiusplugin/下载radiusplugin_v2.0c.tar.gz,解压后make,编译得到radiusplugin.so,并将radiusplugin.cnf和radiusplugin.so复制到/etc/open***目录
STEP 3:修改radiusplugin.cnf,添加/修改server段:
server
{
# The UDP port for radius accounting.
acctport=1812
# The UDP port for radius authentication.
authport=1812
# The name or ip address of the radius server.
name=220.232.120.31
# How many times should the plugin send the if there is no response?
retry=2
# How long should the plugin wait for a response?
wait=10
# The shared secret.
sharedsecret=dkeytesting
}
server
{
# The UDP port for radius accounting.
acctport=1812
# The UDP port for radius authentication.
authport=1812
# The name or ip address of the radius server.
name=220.232.120.31
# How many times should the plugin send the if there is no response?
retry=2
# How long should the plugin wait for a response?
wait=10
# The shared secret.
sharedsecret=dkeytesting
}
acctport和authport应设为同一地址。
name应设为宁盾动态身份认证服务器的地址。
sharedsecret应与认证服务器中的“密钥”匹配:
name应设为宁盾动态身份认证服务器的地址。
sharedsecret应与认证服务器中的“密钥”匹配:
STEP 4:修改server.conf,添加;
plugin /etc/open***/radiusplugin.so /etc/open***/radiusplugin.cnf
client-cert-not-required #如果不再需要证书认证
username-as-common-name
client-cert-not-required #如果不再需要证书认证
username-as-common-name
STEP 5:在需要使用动态口令的客户PC上,修改Open××× GUI的配置项,示例如下:
client
dev tun
proto tcp
remote 192.168.1.1 1194 #根据Open×××服务器的配置决定
persist-key
persist-tun
ca ca.crt
auth-user-pass
ns-cert-type server
comp-lzo
verb 3
redirect-gateway def1
dev tun
proto tcp
remote 192.168.1.1 1194 #根据Open×××服务器的配置决定
persist-key
persist-tun
ca ca.crt
auth-user-pass
ns-cert-type server
comp-lzo
verb 3
redirect-gateway def1
STEP 6:启动Open××× GUI,右击托盘图标,点击“connect”,输入动态身份认证服务器中的“用户名”,“静态密码+动态密码”即可登录
:
![dkey_t6_2.jpg](http://www.ndkey.com.cn/p_w_picpaths/dkey_t6_2.jpg)
文章转载自>>
宁盾知识库
转载于:https://blog.51cto.com/dkey6/358559