Ubuntu 16.04.1 LTS下安装FreeRADIUS2.2.8并开启MySQL认证

KingsonXu 2017-01-18

Ubuntu 16.04.1 LTS下安装FreeRADIUS2.2.8并开启MySQL认证

更新系统

sudo apt update

sudo apt upgrade

安装MariaDB

sudo apt-get install software-properties-common

sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8

sudo add-apt-repository 'deb [arch=amd64,i386,ppc64el] http://mirrors.tuna.tsinghua.edu.cn/mariadb/repo/10.1/ubuntu xenial main'

sudo apt update

sudo apt install mariadb-server

安装freeradius

用mysql来存储相关数据,安装vim是为了使用语法高亮方便一点,不是必须的。

sudo apt-get install freeradius freeradius-mysql vim

ps -ef |grep freeradius 

测试freeradius

vi /etc/freeradius/users

 

找到这一行

#steve Cleartext-Password:="testing"

 

将前面的#去掉

steve  Cleartext-Password := "testing"

        Service-Type = Framed-User,

        Framed-Protocol = PPP,

        Framed-IP-Address = 172.16.3.33,

        Framed-IP-Netmask = 255.255.255.0,

        Framed-Routing = Broadcast-Listen,

        Framed-Filter-Id = "std.ppp",

        Framed-MTU = 1500,

        Framed-Compression = Van-Jacobsen-TCP-IP

 

调试的命令为:

sudo freeradius -X

freeradius测试,新打开一个终端

radtest steve testing localhost 0 testing123

结果:

Sending Access-Request of id 44 to 127.0.0.1 port 1812

        User-Name = "steve"

        User-Password = "testing"

        NAS-IP-Address = 127.0.1.1

        NAS-Port = 0

        Message-Authenticator = 0x00000000000000000000000000000000

rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=44, length=71

        Service-Type = Framed-User

        Framed-Protocol = PPP

        Framed-IP-Address = 172.16.3.33

       Framed-IP-Netmask = 255.255.255.0

        Framed-Routing = Broadcast-Listen

        Filter-Id = "std.ppp"

        Framed-MTU = 1500

        Framed-Compression = Van-Jacobson-TCP-IP

Access-Accept表示成功

将radius和mysql融合

输入mysql -u root -p,输入密码

1)建立数据库并导入radius数据结构

mysql>create database radius;

mysql>grant all on radius.* to 'radius'@'localhost' identified by 'radpass';

mysql>flush privileges;

#mysql -u root -p radius </etc/freeradius/sql/mysql/schema.sql

 

2)建立组(在此新建组名称为user)

#mysql -u root -p

use radius;

insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local');

insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type',':=','Framed-User');

insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Address',':=','255.255.255.255');

insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask',':=','255.255.255.0');

 

3)建立用户(在此新建用户名为test,密码为testpwd)

insert into radcheck (username,attribute,op,value) values ('test','Cleartext-Password',':=','testpwd');

 

4)将用户加入组中:

insert into radusergroup (username,groupname) values ('test','user');

exit

5)开启SQL认证

vim /etc/freeradius/sql.conf

修改里面的用户名和密码:(下面为默认帐号密码,按数据库实际用户密码修改)

login = "radius"

password = " radpass"

vim /etc/freeradius/radiusd.conf将$INCLUDE sql.conf前的#去掉

vim /etc/freeradius/sites-available/default将sql前的#去掉

6)测试:

sudo freeradius -X,在另一终端执行radtest test testpw:d localhost 1812 testing123

获得结果:

Sending Access-Request of id 71 to 127.0.0.1 port 1812

        User-Name = "test"

        User-Password = "testpwd"

        NAS-IP-Address = 127.0.1.1

        NAS-Port = 1812

        Message-Authenticator = 0x00000000000000000000000000000000

rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=71, length=38

        Service-Type = Framed-User

        Framed-IP-Address = 255.255.255.255

        Framed-IP-Netmask = 255.255.255.0

Access-Accept表示成功

相关推荐