freeradius + mysql安装配置
该文档参考http://t.zoukankan.com/FlyingPuPu-p-7772410.html安装,仅做了微调。
一、准备工作
安装编译FreeRadius所需要的依赖
#安装wget、gcc、gcc-c++、make yum install –y wget gcc gcc-c++ make #安装libtalloc yum -y install libtalloc libtalloc-devel #安装openssl以及openssl头文件 yum install -y openssl openssl-devel
二、安装FreeRadius service端
如果需要跟mysql联动需要安装mysql相关依赖
yum install -y mysql-devel yum install -y freeradius-utils freeradius-mysql
安装freeradius:
tar -zxvf freeradius-server-release_3_2_0.tar.gz cd freeradius-server-release_3_2_0 ./configure make&make install
开放防火墙端口:
firewall-cmd --add-port=1812/udp --permanent firewall-cmd --add-port=1813/udp --permanent firewall-cmd --reload
试试看能否运行:
#开启freeRadius调试模式
radiusd -X
出现Ready to process requests表示安装成功。
修改本地用户文件
cd /usr/local/etc/raddb/ #修改users vi users # 查找 steve Cleartext-Password := "testing" (76-84行), 取消该段内容的注释。
重启radiusd -X,启动另一个窗口,输入命令
radtest steve testing localhost 0 testing123
接受到Access-Accept表示请求成功
Received Access-Accept Id 165 from 127.0.0.1:1812 to 127.0.0.1:58838 length 32
三、连接mysql配置
数据库相关配置:
进入数据库创建一个名为radius的数据库:
mysql -uroot -p ***** create database radius;
创建表,由于已经有表格式了直接通过文件创建:
mysql -uradius -p radius</usr/local/etc/raddb/mods-config/sql/main/mysql/schema.sql
查看表:
mysql> show tables; +------------------+ | Tables_in_radius | +------------------+ | nas | | radacct | | radcheck | | radgroupcheck | | radgroupreply | | radpostauth | | radreply | | radusergroup | +------------------+ 8 rows in set (0.00 sec)
加入组信息,本例中的组名为user
/*切换数据库*/
mysql> use radius;
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type','=','Framed-User');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask',':=','255.255.255.0');
# 在radcheck中插入一条用户信息
mysql> insert into radcheck(id,username,attribute,op,value) values('2','test','Cleartext-Password',':=','test123');
# 用户加到群组
mysql> insert into radusergroup(username,groupname) values('test','user');
进入FreeRadius目录:
cd /usr/local/etc/raddb/mods-available/
编辑sql文件:
# 修改修改driver="rlm_sql_null"为你所对应的数据库类型,此处修改为为“driver=rlm_sql_mysql”
vi sql
driver=rlm_sql_mysql
dialect = "mysql"
# 取消mysql的注释
server = "localhost"
port = 3306
login = "root"
password = "123456"
# Database table configuration for everything except Oracle
radius_db = "radius"
# 另外由于默认启用了ssl连接证书问题会报错,这里注销掉证书连接
mysql {
# If any of the files below are set, TLS encryption is enabled
# tls {
# ca_file = "/etc/ssl/certs/my_ca.crt"
# ca_path = "/etc/ssl/certs/"
# certificate_file = "/etc/ssl/certs/private/client.crt"
# private_key_file = "/etc/ssl/certs/private/client.key"
# cipher = "DHE-RSA-AES256-SHA:AES128-SHA"
#
# tls_required = yes
# tls_check_cert = no
# tls_check_cert_cn = no
# }
# If yes, (or auto and libmysqlclient reports warnings are
# available), will retrieve and log additional warnings from
# the server if an error has occured. Defaults to 'auto'
warnings = auto
}
给mods-enabled文件夹和mods-available文件夹下的sql文件做个软链接:
cd /usr/local/etc/raddb/mods-enabled ln -s /usr/local/etc/raddb/mods-available/sql ./
修改sites-enabled目录下的default文件
分别将authorize {}、accounting{}下的sql去掉注释,并且将file注释掉。
修改/usr/local/etc/raddb/radiusd.conf文件,将
取消注释radiusd.conf中的以下行:
$INCLUDE mods-enabled/sql
重启一下radiusd就可以测试了。
[root@localhost sites-enabled]# radtest test test123 localhost 0 testing123
Sent Access-Request Id 185 from 0.0.0.0:cb0e to 127.0.0.1:1812 length 74
User-Name = "test"
User-Password = "test123"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "test123"
Received Access-Accept Id 185 from 127.0.0.1:714 to 127.0.0.1:51982 length 32
Service-Type = Framed-User
Framed-IP-Netmask = 255.255.255.0
posted on 2022-07-26 16:03 torotoise512 阅读(1234) 评论(0) 编辑 收藏 举报
