Linux freeradius server
freeradius软件获取
[root@Alicia ~]# cd /usr/local/src/ [root@Alicia src]# wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-3.0.6.tar.gz --14:09:11-- ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-3.0.6.tar.gz => `freeradius-server-3.0.6.tar.gz‘ Resolving ftp.freeradius.org... 195.154.231.44 Connecting to ftp.freeradius.org|195.154.231.44|:21... connected. Logging in as anonymous ... Logged in! ==> SYST ... done. ==> PWD ... done. ==> TYPE I ... done. ==> CWD /pub/freeradius ... done. ==> SIZE freeradius-server-3.0.6.tar.gz ... 4555887 ==> PASV ... done. ==> RETR freeradius-server-3.0.6.tar.gz ... done. Length: 4555887 (4.3M) 100%[=======================================>] 4,555,887 9.25K/s in 7m 55s 14:17:13 (9.36 KB/s) - `freeradius-server-3.0.6.tar.gz‘ saved [4555887] [root@Alicia src]./configure --prefix=/usr/local/radius/ [root@Alicia src] make [root@Alicia src]make install
test by myself to verify free-radius installed successfully
[root@Alicia radius]# sbin/radiusd -X Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /usr/local/radius/var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests.基于mysql的radius开始进行关联
[root@Alicia ~] yum install mysql-server [root@Alicia ~] yum install mysql-devel [root@Alicia ~]# service mysqld restart Stopping mysqld: [ OK ] Initializing MySQL database: Installing MySQL system tables... OK Filling help tables... OK To start mysqld at boot time you have to copy support-files/mysql.server to the right place for your system PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER ! To do so, start the server, then issue the following commands: /usr/bin/mysqladmin -u root password ‘new-password‘ /usr/bin/mysqladmin -u root -h Alicia password ‘new-password‘ Alternatively you can run: /usr/bin/mysql_secure_installation which will also give you the option of removing the test databases and anonymous user created by default. This is strongly recommended for production servers. See the manual for more instructions. You can start the MySQL daemon with: cd /usr ; /usr/bin/mysqld_safe & You can test the MySQL daemon with mysql-test-run.pl cd mysql-test ; perl mysql-test-run.pl Please report any problems with the /usr/bin/mysqlbug script! The latest information about MySQL is available on the web at http://www.mysql.com Support MySQL by buying support/licenses at http://shop.mysql.com [ OK ] Starting mysqld: [ OK ]设置mysql账号root/password
[root@Alicia ~]# mysqladmin -u root password ‘password‘ [root@Alicia ~]# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 3 Server version: 5.0.95 Source distribution Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement. mysql >在mysql中增加相关表项和记录
mysql> create database radius; Query OK, 1 row affected (0.03 sec) [root@Alicia radius]# cd /usr/local/radius/etc/raddb/sql/mysql/ [root@Alicia mysql]# mysql -u root -p radius < ./schema.sql Enter password: [root@Alicia mysql]# mysql -u root -p radius < ./nas.sql Enter password: [root@Alicia mysql]# mysql -u root -p Enter password: mysql> use radius; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> showtables; ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘showtables‘ at line 1 mysql> show tables; +------------------+ | Tables_in_radius | +------------------+ | nas | | radacct | | radcheck | | radgroupcheck | | radgroupreply | | radpostauth | | radreply | | radusergroup | +------------------+ 8 rows in set (0.00 sec)配置freeradiusmysql> insert into radcheck(username,attribute,op,value) values(‘alicia‘,‘User-Password‘,‘:=‘,‘password‘); Query OK, 1 row affected (0.00 sec) mysql> insert into radcheck(username,attribute,op,value) values(‘Samsun‘,‘User-Password‘,‘:=‘,‘password‘); Query OK, 1 row affected (0.00 sec) mysql> insert into radcheck(username,attribute,op,value) values(‘Laffan‘,‘User-Password‘,‘:=‘,‘password‘); Query OK, 1 row affected (0.00 sec) mysql> insert into radcheck(username,attribute,op,value) values(‘Julia‘,‘User-Password‘,‘:=‘,‘password‘); Query OK, 1 row affected (0.00 sec) mysql> insert into radusergroup(username,groupname) values(‘Samsun‘,‘qa‘) -> ; Query OK, 1 row affected (0.00 sec) mysql> insert into radusergroup(username,groupname) values(‘alicia‘,‘qa‘) -> ; Query OK, 1 row affected (0.00 sec) mysql> insert into radusergroup(username,groupname) values(‘Laffan‘,‘rd‘); Query OK, 1 row affected (0.00 sec) mysql> insert into radusergroup(username,groupname) values(‘Julia‘,‘rd‘); Query OK, 1 row affected (0.00 sec)
177 line uncomment sql 170 line comment files 406 line uncomment sql [root@Alicia mysql]# vi /usr/local/radius/etc/raddb/sites-enabled/default authorize { chap mschap suffix eap 170 # files 177 sql pap } accounting { detail unix radutmp 406 sql }
[root@Alicia mysql]# vi /usr/local/radius/etc/raddb/sql.conf 22 sql { 23 # 24 # Set the database to one of: 25 # 26 # mysql, mssql, oracle, postgresql 27 # 28 database = "mysql" 29 30 # 31 # Which FreeRADIUS driver to use. 32 # 33 driver = "rlm_sql_${database}" 34 35 # Connection info: 36 server = "localhost" 37 #port = 3306 38 login = "root" 39 password = "password" 40 41 # Database table configuration for everything except Oracle 42 radius_db = "radius"
[root@Alicia mysql]# vi /usr/local/radius/etc/raddb/clients.conf 236 client 127.0.0.1 { 237 secret = password 238 shortname = localhost 239 nastype = other 240 } 241 242 client 10.8.117.45 { 243 secret = password 244 shortname = localhost 245 nastype = other 246 } 247 client 10.219.128.19 { 248 secret = password 249 shortname = localhost 250 nastype = other 251 }
[root@Alicia mysql]# vi /usr/local/radius/etc/raddb/radiusd.conf 731 $INCLUDE ${confdir}/modules/ 732 733 # Extensible Authentication Protocol 734 # 735 # For all EAP related authentications. 736 # Now in another file, because it is very large. 737 # 738 $INCLUDE eap.conf 739 740 # Include another file that has the SQL-related configuration. 741 # This is another file only because it tends to be big. 742 # 743 $INCLUDE sql.conf //uncomment启动server端radius
[root@Alicia radius]# sbin/radiusd -X Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory Make sure it (and all its dependent libraries!) are in the search path of your system‘s ld. /usr/local/radius/etc/raddb/sql.conf[22]: Instantiation failed for module "sql" /usr/local/radius/etc/raddb/sites-enabled/default[177]: Failed to find "sql" in the "modules" section. /usr/local/radius/etc/raddb/sites-enabled/default[69]: Errors parsing authorize section. 加载sql失败 [root@Alicia sbin]# cd /usr/local/src/freeradius-server-2.2.6/src/modules/rlm_sql/drivers/rlm_sql_mysql/ [root@Alicia rlm_sql_mysql]# ./configure --with-dir=/usr/share/mysql/ --with-mysql-lib=/usr/lib/mysql/ [root@Alicia rlm_sql_mysql]# make [root@Alicia src]# cd /usr/local/radius/ [root@Alicia radius]# cd sbin/ [root@Alicia sbin]# ./radiusd -X Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /usr/local/radius/var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests.client端测试
[root@ding ~]# echo "User-Name = Samsun, User-Password=password" | /usr/local/bin/radclient 10.8.118.100:1812 auth password Received response ID 58, code 2, length = 20
server log: Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /usr/local/radius/var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 10.8.116.8 port 51222, id=58, length=46 User-Name = "Samsun" User-Password = "password" # Executing section authorize from file /usr/local/radius/etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No ‘@‘ in User-Name = "Samsun", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] No EAP-Message, not doing EAP ++[eap] = noop [sql] expand: %{User-Name} -> Samsun [sql] sql_set_user escaped user --> ‘Samsun‘ rlm_sql (sql): Reserving sql socket id: 31 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = ‘%{SQL-User-Name}‘ ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = ‘Samsun‘ ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = ‘%{SQL-User-Name}‘ ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = ‘Samsun‘ ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = ‘%{SQL-User-Name}‘ ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = ‘Samsun‘ ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = ‘%{Sql-Group}‘ ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = ‘qa‘ ORDER BY id [sql] User found in group qa [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = ‘%{Sql-Group}‘ ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = ‘qa‘ ORDER BY id rlm_sql (sql): Released sql socket id: 31 ++[sql] = ok ++[expiration] = noop ++[logintime] = noop ++[pap] = updated +} # group authorize = updated Found Auth-Type = PAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # Executing group from file /usr/local/radius/etc/raddb/sites-enabled/default +group PAP { [pap] login attempt with password "password" [pap] Using clear text password "password" [pap] User authenticated successfully ++[pap] = ok +} # group PAP = ok # Executing section post-auth from file /usr/local/radius/etc/raddb/sites-enabled/default +group post-auth { ++[exec] = noop +} # group post-auth = noop Sending Access-Accept of id 58 to 10.8.116.8 port 51222 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 58 with timestamp +789 Ready to process requests.client端alicia测试
[root@ding ~]# radtest alicia password 10.8.118.100:1812 0 password Sending Access-Request of id 153 to 10.8.118.100 port 1812 User-Name = "alicia" User-Password = "password" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Accept packet from host 10.8.118.100 port 1812, id=153, length=20
server log: rad_recv: Access-Request packet from host 10.8.116.8 port 40531, id=153, length=76 User-Name = "alicia" User-Password = "password" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Message-Authenticator = 0x65dc0b64af155a18136889edeaea43a5 # Executing section authorize from file /usr/local/radius/etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No ‘@‘ in User-Name = "alicia", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] No EAP-Message, not doing EAP ++[eap] = noop [sql] expand: %{User-Name} -> alicia [sql] sql_set_user escaped user --> ‘alicia‘ rlm_sql (sql): Reserving sql socket id: 29 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = ‘%{SQL-User-Name}‘ ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = ‘alicia‘ ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = ‘%{SQL-User-Name}‘ ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = ‘alicia‘ ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = ‘%{SQL-User-Name}‘ ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = ‘alicia‘ ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = ‘%{Sql-Group}‘ ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = ‘qa‘ ORDER BY id [sql] User found in group qa [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = ‘%{Sql-Group}‘ ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = ‘qa‘ ORDER BY id rlm_sql (sql): Released sql socket id: 29 ++[sql] = ok ++[expiration] = noop ++[logintime] = noop ++[pap] = updated +} # group authorize = updated Found Auth-Type = PAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # Executing group from file /usr/local/radius/etc/raddb/sites-enabled/default +group PAP { [pap] login attempt with password "password" [pap] Using clear text password "password" [pap] User authenticated successfully ++[pap] = ok +} # group PAP = ok # Executing section post-auth from file /usr/local/radius/etc/raddb/sites-enabled/default +group post-auth { ++[exec] = noop +} # group post-auth = noop Sending Access-Accept of id 153 to 10.8.116.8 port 40531 Finished request 2. Going to the next request Waking up in 4.9 seconds. Cleaning up request 2 ID 153 with timestamp +998 Ready to process requests.
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。