freeRADIUS + openLDAP 安装和配置

说明:这篇文章只是记录小弟我在学习freeRADIUS的过程,由于我是刚刚学习到这方面的知识,大部分都是在网上网友的博客日志中找到的,看得实在太多了,我实在是不知道到底是从谁的博客中学习来的,所以,引用也不知道从哪位大哥记起,干脆就不写了,还望海涵。

 

 

 

 

##################   INSTALL openLDAP#########################

 

对于下面的参数 我都简写了,<openssl>代表相应版本的全称

1. install openssl

 

#tar xzvf <openssl.tar>

#cd <openssl>

#./config shared zlib

#make

 

#make test

 

#make install

 

 

首先将原来的openssl失效

#mv /usr/bin/openssl /usr/bin/openssl.OFF

 

#mv /usr/include/openssl /usr/include/openssl.OFF

 

使新安装的openssl生效

#ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

 

#ln -s /usr/local/ssl/include/openssl /usr/include/openssl

 

setup path for searching

 

# echo "/usr/local/ssl/lib" >> /esc/ld.so.conf

 

#ldconfig -v

 

 

2 install SASL

 

 

#tar  xzvf  <>

 

#cd <>

 

#./configure --prefix=/usr/local/sasl2 --enable-login --with-openssl=/usr/local/ssl

 

#make ; make install

 

#echo "/usr/local/sasl2/lib" >> /etc/ld.so.conf

 

#echo "/usr/local/sasl2/lib/sasl2" >> /etc/ld.so.conf

 

#ldconfig -v 

 

 

#rm -rf /usr/lib/libsasl*

 

#ln -s /usr/local/sasl2/lib/* /usr/lib

一定要新建目录这是sasl运行中需要的设置

 

#mkdir -pv /var/state/saslauthd

 

#saslauthd -a shadow

 

#testsaslauthd -u root -p rootPWD

验证你的本地帐户

<should see OK SUCCESS>

 

 

 

3. install BerkeleyDB <4.6>

 

#tar <>

#cd db<>/build_unix

 

#..dist/configure  --prefix=/usr/local/BerkeleyDB

 

#make&&make install

 

 

在安装openLDAP模块化的功能时需要这个东西libtool

* install libtool

 

first install the *.rpm from CD;

 

#cd /usr/share/libtool/libltdl

 

#./configure

 

#make && make install

 

 

 

4.install openLDAP

 

#tar <>

 

#cd <>

# env CPPFLAGS="-I/usr/local/BerkeleyDB/include -I/usr/local/sasl2/include" LDFLAGS="-L/usr/local/BerkeleyDB/lib -L/usrllocal/sasl2/lib -L/usr/local/sasl2/lib/sasl2" ./configure --

 

prefix=/usr/local/openldap --sysconfdir=/etc/openldap --enable-passwd --disable-ipv6 --enable-spasswd --enable-crypt --enable-modules --enable-accesslog=yes  --enable-ldap=mod --

 

enable-meta=mod --enable-rewrite=yes --with-proxycache=yes --enable-rwm=yes --enable-dynamic

 

#make depend

#make

#make test

#make install

 

说明:小弟在test的过程中一直发现有一个问题:second site1 not backend to the central master 什么的,但是也不影响后面的使用,也可能是我现在还没有使用到这个

 

功能。如有人知道一定告诉小弟。

 

 

 

 

 

 

 

 

######################################install freeRADIUS#############################

 

 

 

这个安装比较简单,就不说了。

 

################## configure for openLDAP + freeRADIUS #################

 

# cp /usr/local/share/doc/freeradius/examples/openldap.schema  /etc/openldap/openldap/schema/radius.schema

 

 

#gedit /etc/openldap/openldap/slapd.conf

 

 

一下是包含一定的schema文件,我的理解是:包含一定的定义结构体的文件。

include /etc/openldap/openldap/schema/core.schema

include /etc/openldap/openldap/schema/cosine.schema

include /etc/openldap/openldap/schema/ppolicy.schema

include /etc/openldap/openldap/schema/misc.schema

include /etc/openldap/openldap/schema/corba.schema

include /etc/openldap/openldap/schema/collective.schema

include /etc/openldap/openldap/schema/radius.schema

 

 

定义数据库

 

 

 

 

 

 

 

database bdb

 

suffix "dc=example,dc=com"

 

rootdn "cn=Manager,dc=example,dc=com"

 

# Cleartext passwords, especially for the rootdn, should

 

# be avoid.  See slappasswd(8) and slapd.conf(5) for details.

 

# Use of strong authentication encouraged.

 

rootpw secret

 

# The database directory MUST exist prior to running slapd AND 

 

# should only be accessible by the slapd and slap tools.

 

# Mode 700 recommended.

 

directory /usr/local/openldap/var/openldap-data

 

# Indices to maintain

 

index objectClass eq

 

index   uid  eq

 

 

 

2. add entry

 

 

 

start slapd

 

 

#/usr/local/openldap/libexec/slapd 

 

 

 

 

 

addentry.ldif

 

-------------------------------------

 

dn:dc=example,dc=com

 

objectclass:dcObject

 

objectclass:organization

 

o: example_O

 

dc:example

 

 

 

dn:cn=Manager,dc=example,dc=com

 

objectclass:organizationalRole

 

cn:Manager

 

--------------------------------------

 

 

 

 

#ldapadd -x -D "cn=Manager,dc=intel,dc=com" -W -f addentry.ldif

 

 

 

 

users

 

adduser.ldif

 

-------------------------------------

 

dn:uid=test,dc=example,dc=com

 

objectclass:account

 

objectclass:simpleSecurityObject

 

objectclass:radiusprofile

 

uid:test

 

userPassword:test

 

cn:test

 

 

 

dn:uid=hello,dc=example,dc=com

 

objectclass:account

 

objectclass:simpleSecurityObject

 

objectclass:radiusprofile

 

uid:hello

 

userPassword:hello

 

cn:hello

 

-------------------------------------

 

 

 

#ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f adduser.ldif

 

 

 

 

#ldapsearch -x -b "dc=example,dc=com" '(objectclass=*)'

 

 

 

 

 

 

#################################configure  freeRadius ###########################

 

#gedit /usr/local/etc/raddb/modules/ldap 

 

 

 

 

 

ldap{

 

server = "127.0.0.1"

identity = "cn=Manager,dc=example,dc=com"

password = secret

basedn = "dc=example,dc=com"

filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"

password_attribute = userPassword

}

 

 

 

 

 

 

# gedit /usr/local/etc/raddb/sites-enabled/default 

 

 

 

authorize{

 

 

#insert the item

 

ldap

 

}

 

 

 

authenticate{

 

 

#insert this item

Auth-Type LDAP {

ldap

}

 

}

 

 

 

 

#gedit /usr/local/etc/raddb/clients.conf 

 

 

#insert the item

 

client 192.168.0.0/24 {

secret = testing123-1

shortname = private-network-1

 

}

 

 

 

 

#gedit /usr/local/etc/raddb/proxy.conf 

 

 

 

insert the following

 

 

 

realm NULL{

 

type = radius

authhost = LOCAL

accthost = LOCAL

nostrip

}

 

 

 

realm example.com{

 

type = radius

authhost = LOCAL

accthost = LOCAL

}

 

 

 

 

#radiusd -X

 

 

 

#radtest hello hello localhost 0 testing123

posted @ 2010-01-09 18:33  dvking  阅读(2764)  评论(0编辑  收藏  举报