KingsonXu 2017-01-18
Ubuntu 16.04.1 LTS下安装FreeRADIUS2.2.8并开启MySQL认证
sudo apt update
sudo apt upgrade
sudo apt-get install software-properties-common
sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
sudo add-apt-repository 'deb [arch=amd64,i386,ppc64el] http://mirrors.tuna.tsinghua.edu.cn/mariadb/repo/10.1/ubuntu xenial main'
sudo apt update
sudo apt install mariadb-server
用mysql来存储相关数据,安装vim是为了使用语法高亮方便一点,不是必须的。
sudo apt-get install freeradius freeradius-mysql vim
ps -ef |grep freeradius
vi /etc/freeradius/users
找到这一行
#steve Cleartext-Password:="testing"
将前面的#去掉
steve Cleartext-Password := "testing"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 172.16.3.33,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = "std.ppp",
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP
调试的命令为:
sudo freeradius -X
freeradius测试,新打开一个终端
radtest steve testing localhost 0 testing123
结果:
Sending Access-Request of id 44 to 127.0.0.1 port 1812
User-Name = "steve"
User-Password = "testing"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=44, length=71
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 172.16.3.33
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = Broadcast-Listen
Filter-Id = "std.ppp"
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Access-Accept表示成功
输入mysql -u root -p,输入密码
1)建立数据库并导入radius数据结构
mysql>create database radius;
mysql>grant all on radius.* to 'radius'@'localhost' identified by 'radpass';
mysql>flush privileges;
#mysql -u root -p radius </etc/freeradius/sql/mysql/schema.sql
2)建立组(在此新建组名称为user)
#mysql -u root -p
use radius;
insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local');
insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type',':=','Framed-User');
insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Address',':=','255.255.255.255');
insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask',':=','255.255.255.0');
3)建立用户(在此新建用户名为test,密码为testpwd)
insert into radcheck (username,attribute,op,value) values ('test','Cleartext-Password',':=','testpwd');
4)将用户加入组中:
insert into radusergroup (username,groupname) values ('test','user');
exit
5)开启SQL认证
vim /etc/freeradius/sql.conf
修改里面的用户名和密码:(下面为默认帐号密码,按数据库实际用户密码修改)
login = "radius"
password = " radpass"
vim /etc/freeradius/radiusd.conf将$INCLUDE sql.conf前的#去掉
vim /etc/freeradius/sites-available/default将sql前的#去掉
6)测试:
sudo freeradius -X,在另一终端执行radtest test testpw:d localhost 1812 testing123
获得结果:
Sending Access-Request of id 71 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "testpwd"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=71, length=38
Service-Type = Framed-User
Framed-IP-Address = 255.255.255.255
Framed-IP-Netmask = 255.255.255.0
Access-Accept表示成功
freeradius的配置见前面的文章; global_defs { router_id LVS_DEVEL_TEST }. vrrp_sync_group LVS_RA { group { VI_1