freeradius软件获取
[root@Alicia ~]# cd /usr/local/src/
[root@Alicia src]# wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-3.0.6.tar.gz
--14:09:11-- ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-3.0.6.tar.gz
=> `freeradius-server-3.0.6.tar.gz'
Resolving ftp.freeradius.org... 195.154.231.44
Connecting to ftp.freeradius.org|195.154.231.44|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD /pub/freeradius ... done.
==> SIZE freeradius-server-3.0.6.tar.gz ... 4555887
==> PASV ... done. ==> RETR freeradius-server-3.0.6.tar.gz ... done.
Length: 4555887 (4.3M)
100%[=======================================>] 4,555,887 9.25K/s in 7m 55s
14:17:13 (9.36 KB/s) - `freeradius-server-3.0.6.tar.gz' saved [4555887]
[root@Alicia src]./configure --prefix=/usr/local/radius/
[root@Alicia src] make
[root@Alicia src]make installtest by myself to verify free-radius installed successfully
[root@Alicia radius]# sbin/radiusd -X
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/radius/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
[root@Alicia ~] yum install mysql-server
[root@Alicia ~] yum install mysql-devel
[root@Alicia ~]# service mysqld restart
Stopping mysqld: [ OK ]
Initializing MySQL database: Installing MySQL system tables...
OK
Filling help tables...
OK
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h Alicia password 'new-password'
Alternatively you can run:
/usr/bin/mysql_secure_installation
which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.
See the manual for more instructions.
You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &
You can test the MySQL daemon with mysql-test-run.pl
cd mysql-test ; perl mysql-test-run.pl
Please report any problems with the /usr/bin/mysqlbug script!
The latest information about MySQL is available on the web at
http://www.mysql.com
Support MySQL by buying support/licenses at http://shop.mysql.com
[ OK ]
Starting mysqld: [ OK ]
[root@Alicia ~]# mysqladmin -u root password 'password'
[root@Alicia ~]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.0.95 Source distribution
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql >
mysql> create database radius;
Query OK, 1 row affected (0.03 sec)
[root@Alicia radius]# cd /usr/local/radius/etc/raddb/sql/mysql/
[root@Alicia mysql]# mysql -u root -p radius < ./schema.sql
Enter password:
[root@Alicia mysql]# mysql -u root -p radius < ./nas.sql
Enter password:
[root@Alicia mysql]# mysql -u root -p
Enter password:
mysql> use radius;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> showtables;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'showtables' at line 1
mysql> show tables;
+------------------+
| Tables_in_radius |
+------------------+
| nas |
| radacct |
| radcheck |
| radgroupcheck |
| radgroupreply |
| radpostauth |
| radreply |
| radusergroup |
+------------------+
8 rows in set (0.00 sec)
mysql> insert into radcheck(username,attribute,op,value) values('alicia','User-Password',':=','password'); Query OK, 1 row affected (0.00 sec) mysql> insert into radcheck(username,attribute,op,value) values('Samsun','User-Password',':=','password'); Query OK, 1 row affected (0.00 sec) mysql> insert into radcheck(username,attribute,op,value) values('Laffan','User-Password',':=','password'); Query OK, 1 row affected (0.00 sec) mysql> insert into radcheck(username,attribute,op,value) values('Julia','User-Password',':=','password'); Query OK, 1 row affected (0.00 sec) mysql> insert into radusergroup(username,groupname) values('Samsun','qa') -> ; Query OK, 1 row affected (0.00 sec) mysql> insert into radusergroup(username,groupname) values('alicia','qa') -> ; Query OK, 1 row affected (0.00 sec) mysql> insert into radusergroup(username,groupname) values('Laffan','rd'); Query OK, 1 row affected (0.00 sec) mysql> insert into radusergroup(username,groupname) values('Julia','rd'); Query OK, 1 row affected (0.00 sec)
177 line uncomment sql
170 line comment files
406 line uncomment sql
[root@Alicia mysql]# vi /usr/local/radius/etc/raddb/sites-enabled/default
authorize {
chap
mschap
suffix
eap
170 # files
177 sql
pap
}
accounting {
detail
unix
radutmp
406 sql
}[root@Alicia mysql]# vi /usr/local/radius/etc/raddb/sql.conf
22 sql {
23 #
24 # Set the database to one of:
25 #
26 # mysql, mssql, oracle, postgresql
27 #
28 database = "mysql"
29
30 #
31 # Which FreeRADIUS driver to use.
32 #
33 driver = "rlm_sql_${database}"
34
35 # Connection info:
36 server = "localhost"
37 #port = 3306
38 login = "root"
39 password = "password"
40
41 # Database table configuration for everything except Oracle
42 radius_db = "radius"[root@Alicia mysql]# vi /usr/local/radius/etc/raddb/clients.conf
236 client 127.0.0.1 {
237 secret = password
238 shortname = localhost
239 nastype = other
240 }
241
242 client 10.8.117.45 {
243 secret = password
244 shortname = localhost
245 nastype = other
246 }
247 client 10.219.128.19 {
248 secret = password
249 shortname = localhost
250 nastype = other
251 }[root@Alicia mysql]# vi /usr/local/radius/etc/raddb/radiusd.conf
731 $INCLUDE ${confdir}/modules/
732
733 # Extensible Authentication Protocol
734 #
735 # For all EAP related authentications.
736 # Now in another file, because it is very large.
737 #
738 $INCLUDE eap.conf
739
740 # Include another file that has the SQL-related configuration.
741 # This is another file only because it tends to be big.
742 #
743 $INCLUDE sql.conf //uncomment
[root@Alicia radius]# sbin/radiusd -X
Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory
Make sure it (and all its dependent libraries!) are in the search path of your system's ld.
/usr/local/radius/etc/raddb/sql.conf[22]: Instantiation failed for module "sql"
/usr/local/radius/etc/raddb/sites-enabled/default[177]: Failed to find "sql" in the "modules" section.
/usr/local/radius/etc/raddb/sites-enabled/default[69]: Errors parsing authorize section.
加载sql失败
[root@Alicia sbin]# cd /usr/local/src/freeradius-server-2.2.6/src/modules/rlm_sql/drivers/rlm_sql_mysql/
[root@Alicia rlm_sql_mysql]# ./configure --with-dir=/usr/share/mysql/ --with-mysql-lib=/usr/lib/mysql/
[root@Alicia rlm_sql_mysql]# make
[root@Alicia src]# cd /usr/local/radius/
[root@Alicia radius]# cd sbin/
[root@Alicia sbin]# ./radiusd -X
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/radius/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
[root@ding ~]# echo "User-Name = Samsun, User-Password=password" | /usr/local/bin/radclient 10.8.118.100:1812 auth password
Received response ID 58, code 2, length = 20server log:
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/radius/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.8.116.8 port 51222, id=58, length=46
User-Name = "Samsun"
User-Password = "password"
# Executing section authorize from file /usr/local/radius/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "Samsun", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
[sql] expand: %{User-Name} -> Samsun
[sql] sql_set_user escaped user --> 'Samsun'
rlm_sql (sql): Reserving sql socket id: 31
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'Samsun' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'Samsun' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'Samsun' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'qa' ORDER BY id
[sql] User found in group qa
[sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'qa' ORDER BY id
rlm_sql (sql): Released sql socket id: 31
++[sql] = ok
++[expiration] = noop
++[logintime] = noop
++[pap] = updated
+} # group authorize = updated
Found Auth-Type = PAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Executing group from file /usr/local/radius/etc/raddb/sites-enabled/default
+group PAP {
[pap] login attempt with password "password"
[pap] Using clear text password "password"
[pap] User authenticated successfully
++[pap] = ok
+} # group PAP = ok
# Executing section post-auth from file /usr/local/radius/etc/raddb/sites-enabled/default
+group post-auth {
++[exec] = noop
+} # group post-auth = noop
Sending Access-Accept of id 58 to 10.8.116.8 port 51222
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 58 with timestamp +789
Ready to process requests.
[root@ding ~]# radtest alicia password 10.8.118.100:1812 0 password
Sending Access-Request of id 153 to 10.8.118.100 port 1812
User-Name = "alicia"
User-Password = "password"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 10.8.118.100 port 1812, id=153, length=20
server log:
rad_recv: Access-Request packet from host 10.8.116.8 port 40531, id=153, length=76
User-Name = "alicia"
User-Password = "password"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x65dc0b64af155a18136889edeaea43a5
# Executing section authorize from file /usr/local/radius/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "alicia", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
[sql] expand: %{User-Name} -> alicia
[sql] sql_set_user escaped user --> 'alicia'
rlm_sql (sql): Reserving sql socket id: 29
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'alicia' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'alicia' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'alicia' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'qa' ORDER BY id
[sql] User found in group qa
[sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'qa' ORDER BY id
rlm_sql (sql): Released sql socket id: 29
++[sql] = ok
++[expiration] = noop
++[logintime] = noop
++[pap] = updated
+} # group authorize = updated
Found Auth-Type = PAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Executing group from file /usr/local/radius/etc/raddb/sites-enabled/default
+group PAP {
[pap] login attempt with password "password"
[pap] Using clear text password "password"
[pap] User authenticated successfully
++[pap] = ok
+} # group PAP = ok
# Executing section post-auth from file /usr/local/radius/etc/raddb/sites-enabled/default
+group post-auth {
++[exec] = noop
+} # group post-auth = noop
Sending Access-Accept of id 153 to 10.8.116.8 port 40531
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 2 ID 153 with timestamp +998
Ready to process requests.
647
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
