|
1.首先下载要安装的软件包如下: radiusclient-0.3.2.tar.gz ppp-2.4.3.tar.gz freeradius-server-2.1.12.tar.gz 在安装之前要确保pppoe-server已经安装 [iyunv@localhost ~]# rpm -q rp-pppoe ppp rp-pppoe-3.5-32.1 ppp-2.4.4-2.el5 2.安装freeradius-server [iyunv@localhost ~]# tar xvf freeradius-server-2.1.12.tar.gz [iyunv@localhost freeradius-server-2.1.12]# ./configure [iyunv@localhost freeradius-server-2.1.12]# make && make install 进入以下目录就会看到安装的信息 [iyunv@localhost freeradius-server-2.1.12]# cd /usr/local/bin/ [iyunv@localhost bin]# ls radclient radcrypt radlast radtest radzap radconf2xml radeapclient radsqlrelay radwho smbencrypt [iyunv@localhost bin]# cd /usr/local/sbin/ [iyunv@localhost sbin]# ls checkrad radacct radexample radlogin radstatus rc.radiusd login.radius raddebug radiusd radmin radwatch [iyunv@localhost sbin]# cd /usr/local/etc/raddb/ [iyunv@localhost raddb]# ls acct_users clients.conf ldap.attrmap sites-available attrs dictionary modules sites-enabled attrs.access_challenge eap.conf policy.conf sql attrs.access_reject example.pl policy.txt sql.conf attrs.accounting_response experimental.conf preproxy_users sqlippool.conf attrs.pre-proxy hints proxy.conf templates.conf certs huntgroups radiusd.conf users 3.测试radius [iyunv@localhost raddb]#vi users 去掉前面的注释 steve Cleartext-Password := "testing" [iyunv@localhost]#radius -X ... adding new socket proxy address * port 52873 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /usr/local/var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. 证明能正常启动 [iyunv@localhost]#radtest steve testing localhost 0 testing123 看到Access-Accept证明测试成功 4.安装radiusclient 不安装就会缺少依赖的文件 [iyunv@localhost ~]# tar xvf radiusclient-0.3.2.tar.gz [iyunv@localhost radiusclient-0.3.2]# ./configure [iyunv@localhost radiusclient-0.3.2]# make && make install 5.配置pppd使其与radius一起工作 [iyunv@localhost ~]# tar xvf ppp-2.4.3.tar.gz [iyunv@localhost ]#mkdir /etc/ppp/radius [iyunv@localhost ]#cp ppp-2.4.3/pppd/plugins/radius/etc/* /etc/ppp/radius 6.配置pppoe 配置/etc/ppp/pppoe-server-options文件 # PPP options for the PPPoE server # LIC: GPL require-chap login lcp-echo-interval 10 lcp-echo-failure 2 ms-dns 202.106.0.20 ms-dns 8.8.8.8 noipdefault noipx nodefaultroute proxyarp noktune plugin /usr/lib/pppd/2.4.4/radius.so radius-config-file /etc/ppp/radius/radiusclient.conf logfile /var/log/pppd.log //记录拨号信息 配置/etc/ppp/ chap-secrets # Secrets for authentication using CHAP # client server secret IP addresses ttt * 123 * 然后可以启动pppoe服务了,命令是: # /usr/sbin/pppoe-server -I eth0 -L 192.168.85.132 -R 172.16.10.20 -N 20 通过电脑就可以拨号连接了 7.通过数据库拨号认证,下来安装配置数据库 yum install mysql-server mysql-devel 创建数据库 [iyunv@localhost ~]mysql -p #create database radius; #exit; [iyunv@localhost ~]cd /usr/local/etc/raddb/sql/mysql [iyunv@localhost ~]mysql -p radius <./schema.sql [iyunv@localhost ~]mysql -p radius <./nas.sql 8.修改配置文件vi sites-enabled/default ,去掉sql前的注释,注释掉files authorize { chap mschap suffix eap #files sql pap }
accounting{ detail unix radiutmp sql } session { radutmp # # See "Simultaneous Use Checking Queries" in sql.conf sql }
修改与mysql数据库连接的配置文件/usr/local/etc/raddb/sql.conf //只修改这几处 server ="localhost" login = “root” password = "数据库登录密码" radius_db = "数据库名" 修改radius的配置文件,在目录/usr/local/etc/raddb/radiusd.conf中 去掉这一行的注释 $ INCLUDE sql.conf 此时启动radius -X会报错 现在来安装一下rlm_sql_mysql cd /root/freeradius-server-2.1.12/src/modules/rlm_sql/drivers/rlm_sql_mysql ./configure --with-mysql-dir=/usr/share/mysql/ --with-mysql-lib/=/usr/lib/mysql/ make make install 9.向数据库添加用户测试 insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local');
insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type',':=','Framed-User');
insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Address',':=','255.255.255.254'); insert into radgroupcheck (groupname, attribute, op, value) values ('user', ' Framed-IP-Netmask', ':=', '255.255.255.0'); 然后加入用户信息:
insert into radcheck (username,attribute,op,value) values ('test','User-Password',':=','test'); 然后把用户加到组里:
insert into usergroup(username,groupname) values('test','user');
mysql> select * from radcheck; +----+----------+---------------+----+-------+ | id | username | attribute | op | value | +----+----------+---------------+----+-------+ | 1 | test | User-Password | := | test | +----+----------+---------------+----+-------+ 1 row in set (0.00 sec) 现在来测试有没有成功:
[iyunv@localhost raddb]# radiusd -X 安装完后默认只允许本机的client客户端访问radius服务器 [iyunv@localhost raddb]# vim clients.conf # 只允许本机的客户端访问 client localhost { ipaddr = 127.0.0.1 secret = testing123 } # 添加一个子网 192.168.230.0/24 的网段可访问 client 192.168.230.0/24 { secret = testing123 shortname = lan-w3pc } 另开一个终端测试本机
[iyunv@localhost]# radtest test test 127.0.0.1 0 testing123 看Access-Accept 字样就说明成功了 10.pppoe结合radius认证 让pppoe服务使用freeradius服务器进行验证
首先更改/etc/ppp/pppoe-server-options,添加一行设置 # PPP options for the PPPoE server # LIC: GPL require-chap login lcp-echo-interval 10 lcp-echo-failure 2 ms-dns 202.106.0.20 ms-dns 8.8.8.8 noipdefault noipx nodefaultroute proxyarp noktune plugin /usr/lib/pppd/2.4.4/radius.so radius-config-file /etc/ppp/radius/radiusclient.conf logfile /var/log/pppd.log 最重要的是配置/etc/ppp/radiuds/radiusclient.conf # General settings auth_order radius login_tries 4 login_timeout 60 nologin /sbin/nologin issue /etc/ppp/radius/issue authserver 【服务器IP】:1812 acctserver 【服务器IP】:1813 servers /etc/ppp/radius/servers dictionary /etc/ppp/radius/dictionary login_radius /usr/local/sbin/login.radius seqfile /var/run/radius.seq mapfile /etc/ppp/radius/port-id-map default_realm radius_timeout 10 radius_retries 3 login_local /bin/login 主要就是修改相应文件的路径,根据自己选择 编辑 servers ,设定radius 服务器的位置 [iyunv@localhost radius]# cat servers #Server Name or Client/Server pair Key 【服务器IP】 testing123 编辑 dictionary ,修改一些路径设置,主要是最后一个dictionary.microsoft 的路径设置 vi /etc/ppp/radius/dictionary INCLUDE /etc/ppp/radius/dictionary.microsoft 11.拨号认证 在电脑上打开宽带连接
连接成功后可以看到分配的Ip
到此结束
| 
QQ群⑧:
窥视卡
雷达卡
发表于 2017-9-15 09:20:16
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡