编译,安装,测试freeradius-server-3.0.12.tar.bz2

#tar -jxvf freeradius-server-3.0.12.tar.bz2

#cd freeradius-server-3.0.12/

#./configure

打印的信息显示有一个错误,信息如下

 

checking for perl... /usr/bin/perl
checking for snmpget... no
configure: WARNING: snmpget not found - Simultaneous-Use and checkrad may not work
checking for snmpwalk... no
configure: WARNING: snmpwalk not found - Simultaneous-Use and checkrad may not work
checking for rusers... /usr/bin/rusers
/opt/vsftp/he/freeradius-server-3.0.12/missing: Unknown `--is-lightweight' option
Try `/opt/vsftp/he/freeradius-server-3.0.12/missing --help' for more information
configure: WARNING: 'missing' script is too old or missing
checking for locate... /usr/bin/locate
checking for dirname... /usr/bin/dirname
checking for grep... (cached) /usr/bin/grep
checking for _talloc in -ltalloc... no
checking for _talloc in -ltalloc in /usr/lib64... no
checking for _talloc in -ltalloc in /usr/lib64/samba... no
checking for _talloc in -ltalloc in /usr/local/lib... no
checking for _talloc in -ltalloc in /opt/lib... no
configure: WARNING: talloc library not found. Use --with-talloc-lib-dir=<path>.
configure: error: FreeRADIUS requires libtalloc

 

信息显示没有安装libtalloc,但是执行yum安装显示是已安装的:

[root@fedora freeradius-server-3.0.12]# yum install libtalloc
Redirecting to '/usr/bin/dnf install libtalloc' (see 'man yum2dnf')

上次元数据过期检查:2:39:30 前,执行于 Wed Dec 14 08:08:38 2016。
软件包 libtalloc-2.1.8-1.fc25.x86_64 已安装,跳过
依赖关系解决。
无需任何处理。
完毕!
[root@fedora freeradius-server-3.0.12]#

解决办法,安装libtalloc-devel:

[root@fedora freeradius-server-3.0.12]# yum install libtalloc-devel -y
Redirecting to '/usr/bin/dnf install libtalloc-devel -y' (see 'man yum2dnf')

上次元数据过期检查:2:41:21 前,执行于 Wed Dec 14 08:08:38 2016。
依赖关系解决。
=======================================
Package 架构 版本 仓库 大小
=======================================
安装:
libtalloc-devel x86_64 2.1.8-1.fc25 fedora 59 k

事务概要
=======================================
安装 1 软件包

总下载:59 k
安装大小:92 k
下载软件包:
libtalloc-devel-2.1.8-1.fc25.x86_64.rpm 22 kB/s | 59 kB 00:02 
--------------------------------------------------------------
总计 9.3 kB/s | 59 kB 00:06 
运行事务检查
事务检查成功。
运行事务测试
事务测试成功。
运行事务
安装: libtalloc-devel-2.1.8-1.fc25.x86_64 1/1 
验证: libtalloc-devel-2.1.8-1.fc25.x86_64 1/1

已安装:
libtalloc-devel.x86_64 2.1.8-1.fc25

完毕!
[root@fedora freeradius-server-3.0.12]#

问题解决,再次./configure,没有再打印这个错误信息, 说明这个问题解决,而是打印了下一个错误信息:

checking for utmpx.h... yes
checking winsock.h usability... no
checking winsock.h presence... no
checking for winsock.h... no
checking for net/if.h... yes
checking for DH_new in -lcrypto... no
checking for DH_new in -lcrypto in /usr/lib64... no
checking for DH_new in -lcrypto in /usr/local/lib... no
checking for DH_new in -lcrypto in /opt/lib... no
configure: error: in `/opt/vsftp/he/freeradius-server-3.0.12':
configure: error: failed linking to libcrypto. Use --with-openssl-lib-dir=<path>, or --with-openssl=no (builds without OpenSSL)
See `config.log' for more details
[root@fedora freeradius-server-3.0.12]#

信息显示链接不到libcrypto,执行

#rpm -qa |grep libcrypto

#

没有信息打印,说明没有安装libcrypto,  libcrypto包含在openssl安装包里,OpenSSL 包含2个主要的库: libssl and libcrypto.

所以解决办法就是安装openssl:

#yum install openssl openssl-devel

运行./configure显示这个问题解决,并且没有报其它错误信息.

至此,./configure执行完全成功.

接下来要 执行make 命令.

#make

make命令被正确 执行

可以在./build/bin目录找到radiusd程序,这个就是radius server程序.

接下来安装这个 server:

----------------------------------------------------------------------------------------------------------------

[root@fedora freeradius-server-3.0.12]# make install

----------------------------------------------------------------------------------------------------------------

成功安装.

 

执行下面命令,以超级身份运行:

#radiusd -X

 

运行正常,显示:

#Ready to process requests

 

按照官方文档测试方法,在文件 /usr/local/etc/raddb/users 的最前面添加:

testing Cleartext-Password := “password123”
testing 是用户名,  password123 是明文格式的密码.

再次运行radiusd,在运行radiusd时会说是端口已经被使用,是因为系统服务已经自动运行。关闭之后再运行即可:
#sudo service freeradius stop 
#sudo radiusd -X

正常运行.

 

接下来用radtest来测试服务器:

# radtest testing password123 127.0.0.1 0 testing123

返回结果:

[root@fedora ~]# radtest testing password123 127.0.0.1 0 testing123
(0) Error parsing "stdin": Failed resolving "fedora.hexiaowang" to IPv4 address: Name or service not known
[root@fedora ~]# 
fedora.hexiaowang 是我给我的Fedora 25取的计算机名称.
这个错误是程序无法把计算机名 fedora.hexiaowang 映射成IP.解决办法,把 fedora.hexiaowang 映射成 本机IP 127.0.0.1 添加到 /etc/hosts 文件.
这是添加之前的hosts文件:
[root@fedora etc]# cat hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
[root@fedora etc]#

这是添加之后的hosts文件:

[root@fedora etc]# cat hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 fedora.hexiaowang
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
[root@fedora etc]#

 

再次执行radtest测试服务器 # radtest testing password123 127.0.0.1 0 testing123 ,结果显示:

[root@fedora etc]# radtest testing password123 127.0.0.1 0 testing123
Sent Access-Request Id 171 from 0.0.0.0:33368 to 127.0.0.1:1812 length 77
    User-Name = "testing"
    User-Password = "password123"
    NAS-IP-Address = 127.0.0.1
    NAS-Port = 0
    Message-Authenticator = 0x00
    Cleartext-Password = "password123"
Received Access-Reject Id 171 from 127.0.0.1:1812 to 0.0.0.0:0 length 35
    Reply-Message = "Hello,testing"
(0) -: Expected Access-Accept got Access-Reject
[root@fedora etc]#

收到 Access-Reject 消息,表示请求失败,测试没通过.解决办法:把 radiusd.conf 文件里的禁止写log(no)改成允许(yes)

#vi /usr/local/etc/raddb/radiusd.conf

修改后的 radiusd.conf 文件片段如下:

        #  dynamic expansion macro:  %{debug: 1}, where the debug level
        #  for this request is set to '1' (or 2, 3, etc.).  e.g.
        #
        #       ...
        #       update control {
        #              Tmp-String-0 = "%{debug:1}"
        #       }
        #       ...
        #
        #  The attribute that the value is assigned to is unimportant,
        #  and should be a "throw-away" attribute with no side effects.
        #
        #requests = ${logdir}/radiusd-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d.log

        #
        #  Which syslog facility to use, if ${destination} == "syslog"
        #
        #  The exact values permitted here are OS-dependent.  You probably
        #  don't want to change this.
        #
        syslog_facility = daemon

        #  Log the full User-Name attribute, as it was found in the request.
        #
        # allowed values: {no, yes}
        #
        stripped_names = yes

        #  Log authentication requests to the log file.
        #
        #  allowed values: {no, yes}
        #
        auth = yes

        #  Log passwords with the authentication requests.

 

再次执行radtest测试服务器 # radtest testing password123 127.0.0.1 0 testing123 ,结果显示:

[root@fedora main]# ./radtest testing password123 127.0.0.1 0 testing123
Sent Access-Request Id 6 from 0.0.0.0:53539 to 127.0.0.1:1812 length 77
    User-Name = "testing"
    User-Password = "password123"
    NAS-IP-Address = 127.0.0.1
    NAS-Port = 0
    Message-Authenticator = 0x00
    Cleartext-Password = "password123"
Received Access-Accept Id 6 from 127.0.0.1:1812 to 0.0.0.0:0 length 35
    Reply-Message = "Hello,testing"
[root@fedora main]#

收到 Access-Accept 即表示测试成功!

配置 radius server 端:

  修改服务器端记录客户端的配置文件 /etc/raddb/clients.conf 文件,该文件默认值提供了本机测试的 local 配置,即:安装完后默认只允许本机的client客户端访问radius服务器。

  # 只允许本机的客户端访问
  client localhost {
  ipaddr = 127.0.0.1
  secret = testing123
}
  
  # 添加一个子网 192.168.230.0/24 的网段可访问
  client 192.168.230.0/24 {
        secret          = alonesword
  shortname       = lan-w3pc
  }
  

  保存文件 /etc/raddb/clients.conf

重启radius服务.

常见问题:

  【Q1】启动 radiusd 时可能会出现如下错误

  error while loading shared libraries: libfreera....
  

  【A1】解决的方法是在/etc/ld.so.conf文件中添加一行/usr/local/lib,然后在root用户下运行命令ldconfig即可
  【Q2】启动 radiusd 时可能会出现如下错误

  Failed binding to authentication address *port 1812:Address already in use
  

  【A2】用命令lsof -i:1812查看占用进程,应该就是freeradius本身,kill该进程,然后重新# radiusd -X便可以运行服务程序了。

 

posted @ 2016-12-14 14:53  菠萝布丁  阅读(5926)  评论(0编辑  收藏  举报