搭建FreeRadius认证服务器

Kenzo.Ma

已于 2022-10-18 16:53:08 修改

阅读量3.7k

点赞数

分类专栏： # Deployment Linux 文章标签： linux centos radius

于 2020-01-09 15:50:55 首次发布

本文链接：https://blog.csdn.net/zzcmyssy/article/details/103908325

版权

Linux 同时被 2 个专栏收录

37 篇文章 1 订阅

订阅专栏

Deployment

9 篇文章 1 订阅

订阅专栏

1.yum源安装

shell> yum install freeradius

2.编辑认证用户信息

shell> vi /etc/raddb/users

最上方加入如下两行，testing用户名，密码123456，服务器返回“Hello，testing，认证成功！”

testing Cleartext-Password := "123456"
        Reply-Message := "Hello, %{User-Name},认证成功！"

3.编辑认证客户端信息

shell> vi /etc/raddb/clients.conf

最下方加入如下两行
client 1 {
    ipaddr = 192.168.90.116
    secret = 123456
}
client 2 {
    ipaddr = 192.168.1.110
    secret = 123456
}

注意：需要修改此文件中secret为123456

4.开启radius服务

shell> radiusd -X

5.client端测试

先安装freeradius-utils
shell> yum -y install freeradius-utils

shell> radtest testing 123456 10.3.6.10 0 123456

Sent Access-Request Id 91 from 0.0.0.0:41472 to 10.3.6.10:1812 length 77
        User-Name = "testing"
        User-Password = "123456"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
        Message-Authenticator = 0x00
        Cleartext-Password = "123456"
Received Access-Accept Id 91 from 10.3.6.10:1812 to 0.0.0.0:0 length 52
        Reply-Message = "Hello, testing,认证成功！"

6.加域认证

shell> vi /etc/raddb/proxy.conf

①注释原有realm，手动添加realm test.com {

######################################################################
#
#
#  This section defines a new-style "realm".  Note the in version 2.0,
#  there are many fewer configuration items than in 1.x for a realm.
#
#  Automatic proxying is done via the "realms" module (see "man
#  rlm_realm").  To manually proxy the request put this entry in the
#  "users" file:

#
#
#DEFAULT        Proxy-To-Realm := "realm_name"
#
#
#realm example.com {
realm test.com {
        #
        #  Realms point to pools of home servers.

②将此处secret改为实际认证secret

        #
        #  The shared secret use to "encrypt" and "sign" packets between
        #  FreeRADIUS and the home server.
        #
        #  The secret can be any string, up to 8k characters in length.
        #
        #  Control codes can be entered vi octal encoding,
        #       e.g. "\101\102" == "AB"
        #  Quotation marks can be entered by escaping them,
        #       e.g. "foo\"bar"
        #  Spaces or other "special" characters can be entered
        #  by putting quotes around the string.
        #       e.g. "foo bar"
        #            "foo;bar"
        #
        secret = qwer

7.client端测试

认证信息如下

username：testing@test.com
password：123456
secret：qwer

8.radius证书更新

shell> mkdir /etc/raddb/OldCerts

shell> cd /etc/raddb/certs

shell> mv ca.* server.* client.* /etc/raddb/OldCerts

shell> mv /etc/raddb/OldCerts/ca.cnf /etc/raddb/OldCerts/server.cnf /etc/raddb/OldCerts/client.cnf /etc/raddb/certs

shell> vim index.txt.attr	//将yes改为no

shell> vim ca.cnf			//将default_days和default_crl_days改为99999

shell> vim server.cnf		//将default_days和default_crl_days改为99999

shell> vim client.cnf		//将default_days和default_crl_days改为99999

shell> ./bootstrap			//生成新证书

shell> chmod 644 ca.key ca.pem server.*

shell> radiusd -X

Kenzo.Ma

关注

0
点赞
踩
11

收藏

觉得还不错? 一键收藏
0
评论
搭建FreeRadius认证服务器

1.yum源安装shell>yum install freeradius2.编辑认证用户信息shell>vi /etc/raddb/mods-config/files/authorize最上方加入如下两行，testing用户名，密码123456，认证成功则返回“Hello，testing，认证成功！”testing Cleartext-Password := "1234...
复制链接

扫一扫