|
|
一、安装FreeRadius 和 MySQL
[root@radius ~]# yum install freeradius2 freeradius2-mysql freeradius2-utils
[root@radius ~]# yum install mysql mysql-server
二、开启MySQL和Radius服务
[root@radius ~]# service mysqld start
[root@radius ~]# radiusd –X
[root@radius ~]# service radiusd start
三、设置服务开机启动
[root@radius ~]# chkconfig mysqld --level 2345 on
[root@radius ~]# chkconfig radiusd --level 2345 on
四、做个简单的测试(可选操作)
①定义一个radius客户端ip
[root@radius ~]# vim /etc/raddb/clients.conf
删除原来的所有
配置示例:
client localhost {
ipaddr = 127.0.0.1
secret = testing123
require_message_authenticator = no
nastype = other
}
②定义一个用户和密码
[root@radius ~]# vim /etc/raddb/users
在第一行添加
配置示例:
testing Cleartext-Password := "password"
③以调试模式开启radius
[root@radius ~]# radiusd –X
状态如下:
Ready to process requests.
④测试服务是否正常
[root@radius ~]# radtest testing password localhost 0 testing123
返回结果(关键是返回Access-Accept)示例:
Sending Access-Request of>
User-Name = "testing"
User-Password = "password"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812,>
五、创建一个MySQL数据库
[root@radius ~]# mysql -uroot –p
mysql> CREATE DATABASE radius;
mysql> GRANT ALL ON radius.* TO radius@localhost> mysql> exit
[root@radius ~]# cd /etc/raddb/sql/mysql/
[root@radius mysql]# mysql -uroot -p radius < schema.sql
六、检查一下是否创建成功
[root@radius mysql]# mysql -uroot -p
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| radius |
| test |
+--------------------+
4 rows in set (0.03 sec)
mysql> use radius
mysql> show tables;
+------------------+
| Tables_in_radius |
+------------------+
| radacct |
| radcheck |
| radgroupcheck |
| radgroupreply |
| radpostauth |
| radreply |
| radusergroup |
+------------------+
7 rows in set (0.00 sec)
七、配置FreeRadius使用SQL
[root@radius ~]# vim /etc/raddb/sql.conf
示例:
sql {
database = "mysql"
driver = "rlm_sql_${database}"
server = "localhost"
login = "radius"
password = "radpass"
radius_db = "radius"
acct_table1 = "radacct"
acct_table2 = "radacct"
postauth_table = "radpostauth"
authcheck_table = "radcheck"
authreply_table = "radreply"
groupcheck_table = "radgroupcheck"
groupreply_table = "radgroupreply"
usergroup_table = "radusergroup"
deletestalesessions = yes
sqltrace = no
sqltracefile = ${logdir}/sqltrace.sql
num_sql_socks = 5
connect_failure_retry_delay = 60
lifetime = 0
max_queries = 0
nas_table = "nas"
$INCLUDE sql/${database}/dialup.conf
}
[root@radius ~]# vim /etc/raddb/radiusd.conf
找到:
$INCLUDE sql.conf
去掉注释
以下区段需要注释掉files,去掉sql前的注释(没有则不需要)
[root@radius ~]# vim /etc/raddb/sites-available/default
authorize{}
accounting{}
session{}
post-auth{}
[root@radius ~]# vim /etc/raddb/sites-available/inner-tunnel
authorize {}
八、创建测试数据
①创建用户组[radgroupcheck]
②创建用户密码[radcheck]
③创建用户应答属性[radreply]
④创建组应答属性[radgroupreply]
下面是一个示例:
这个例子包含三个用户fredf,barney,dialrouter
fredf由NAS(网络接入服务器)动态分配ip
barney分配一个静态的ip
dialrouter表示的是一个典型的拨号路由
mysql> select * from radcheck;
+----+----------------+--------------------+------------------+------+
|>
+----+----------------+--------------------+------------------+------+
| 1 | fredf | Cleartext-Password | wilma | := |
| 2 | barney | Cleartext-Password | betty | := |
| 2 | dialrouter | Cleartext-Password | dialup | := |
+----+----------------+--------------------+------------------+------+
3 rows in set (0.01 sec)
mysql> select * from radreply;
+----+------------+-------------------+---------------------------------+------+
|>
+----+------------+-------------------+---------------------------------+------+
| 1 | barney | Framed-IP-Address | 1.2.3.4 | := |
| 2 | dialrouter | Framed-IP-Address | 2.3.4.1 | := |
| 3 | dialrouter | Framed-IP-Netmask | 255.255.255.255 | := |
| 4 | dialrouter | Framed-Routing | Broadcast-Listen | := |
| 5 | dialrouter | Framed-Route | 2.3.4.0 255.255.255.248 | := |
| 6 | dialrouter |>
+----+------------+-------------------+---------------------------------+------+
6 rows in set (0.01 sec)
mysql> select * from radgroupreply;
+----+-----------+--------------------+---------------------+------+
|>
+----+-----------+--------------------+---------------------+------+
| 34 | dynamic | Framed-Compression | Van-Jacobsen-TCP-IP | := |
| 33 | dynamic | Framed-Protocol | PPP | := |
| 32 | dynamic | Service-Type | Framed-User | := |
| 35 | dynamic | Framed-MTU | 1500 | := |
| 37 | static | Framed-Protocol | PPP | := |
| 38 | static | Service-Type | Framed-User | := |
| 39 | static | Framed-Compression | Van-Jacobsen-TCP-IP | := |
| 41 | netdial | Service-Type | Framed-User | := |
| 42 | netdial | Framed-Protocol | PPP | := |
+----+-----------+--------------------+---------------------+------+
12 rows in set (0.01 sec)
创建测试用户
INSERT INTO radcheck (username,attribute,op,value) VALUES ('dialrouter','Cleartext-Password',':=','dialup');
INSERT INTO radreply (username,attribute,op,value) VALUES ('dialrouter','Framed-IP-Address',':=','2.3.4.1');
INSERT INTO radreply (username,attribute,op,value) VALUES ('dialrouter','Framed-IP-Netmask',':=','255.255.255.255');
INSERT INTO radreply (username,attribute,op,value) VALUES ('dialrouter','Framed-Routing',':=','Broadcast-Listen');
INSERT INTO radreply (username,attribute,op,value) VALUES ('dialrouter','Framed-Route',':=','2.3.4.0 255.255.255.248');
INSERT INTO radreply (username,attribute,op,value) VALUES ('dialrouter','Idle-Timeout',':=','900');
INSERT INTO radgroupreply (groupname,attribute,op,value) VALUES ('netdial','Service-Type',':=','Framed-User');
INSERT INTO radgroupreply (groupname,attribute,op,value) VALUES ('netdial','Framed-Protocol',':=','PPP');
九、测试是否创建成功
[root@radius ~]# radiusd -X
[root@radius ~]# radtest dialrouter dialup localhost 1812 testing123
Sending Access-Request of>
User-Name = "dialrouter"
User-Password = "dialup"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812,>
Framed-IP-Address = 2.3.4.1
Framed-IP-Netmask = 255.255.255.255
Framed-Routing = Broadcast-Listen
Framed-Route = "2.3.4.0 255.255.255.248"
>
十、配置RouteOS 使用radius认证
[root@radius ~]# vim /etc/raddb/clients.conf
client RouterOS {
ipaddr = 192.168.137.50
secret = 111
shortname = RouterOS
nastype = other
}
RouteOS的配置如下:
附上参考链接:
http://wiki.freeradius.org/guide/SQL-HOWTO
http://wiki.freeradius.org/config/Operators
http://www.cnblogs.com/fly1988happy/archive/2011/12/15/2288554.html
http://www.cnblogs.com/eastson/archive/2012/07/11/2584937.html
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2018-9-30 11:36:30
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡