经过两天的摸索,原先想用JRadius做服务器的,后来看看也不算简单,就直接使用了FreeRadius+Mysql做认证,这样只要维护Mysql表中的数据就可以了!
安装配置步骤如下:
1、下载安装FreeRadius2.1.9+MySql5
2、安装FreeRadius
tar -zxvf freeradius2.1.9.tar.gz
./configure
make
makeinstall
3、测试freeradius是否已安装成功
如果程序正常运行,最后三行如下
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
4、与Mysql关联
启动Mysql
创建数据库用以及表
mysqladmin -u root -p create radius -- 创建radius 数据库
mysql -u root -peetry radius < /usr/local/etc/raddb/sql/mysql/schema.sql
mysql -u root -peetry radius < /usr/local/etc/raddb/sql/mysql/nas.sql
mysql -u root -peetry radius < /usr/local/etc/raddb/sql/mysql/ippool.sql
mysql -u root -peetry radius < /usr/local/etc/raddb/sql/mysql/admin.sql
mysql -u root -p
mysql> GRANT SELECT ON radius.* TO 'radius'@'localhost' IDENTIFIED BY 'radpass';
mysql> GRANT ALL on radius.radacct TO 'radius'@'localhost';
mysql> GRANT ALL on radius.radpostauth TO 'radius'@'localhost';
先加入一些组信息:
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type','=','Framed-User');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask','=','255.255.255.255');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask',':=','255.255.255.0');
然后加入用户信息:
mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('testuser', 'Password', 'testpwd');
然后把用户加到组里:
mysql> insert into radusergroup(username,groupname) values('testuser','user');
数据库的初始化到这边已结束,下面开如修改FreeRadius的配置文件
5、修改配置文件(注意 如果添加注释时#顶头写,去掉注释时采用vi x删除命令删除最好不要移动后面的内容)
(5.1)编辑/etc/raddb/sql.conf
Line 28 : database = "mysql"
Line 36: server = "localhost"
Line 38: login = "root"
Line 39: password =
(5.2)编辑/etc/raddb/sites-enabled/default
第152行files前加注释
第159行取消sql前的注释
第383 行取消sql前的注释
(5.3) 编辑/user/local/etc/raddb/sites-enabled/inner-tunnel
第111 行files前加注释
第118行取消sql前的注释
(5.4)编辑/usr/local/etc/raddb/eap.conf
第30行default_eap_type = md5改为default_eap_type = peap
(5.5)编辑/usr/local/etc/raddb/clients.conf,加入
client 192.168.0.0/24 { // 此次配置网段也可以 如:client 192.168.0.1
secret = tp-link //
shortname = radiusserver
}
(5.6)测试
# radtest sqltest testpwd localhost 1812 testing123
出现Access-Accept字样说明成功。
执行结果
[root@localhost raddb]# radtest sqltest testpwd localhost 1812 testing123
Sending Access-Request of id 180 to 127.0.0.1 port 1812
User-Name = "sqltest"
User-Password = "testpwd"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=180, length=32
Service-Type = Framed-User
Framed-IP-Netmask = 255.255.255.0
到此为止配置完成,重启一下Radius
如果要加用户则执行下面的语句
INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('sortec', 'Password', 'sortec');
insert into radusergroup(username,groupname) values('sortec','user');