CentOS 5.4 pptp + freeradius2 +mysql +daloradius 完美整合(图文并茂)
来源:互联网 发布:软件license设计方案 编辑:程序博客网 时间:2024/05/24 07:35
只写操作的过程,其它没有相应的说明!!
CentOS 5.4下配置pptpd服务器已经在其它篇章中有描述,这里为文章的链接入口<< CentOS release 5.4 (Final) 配置PPTP VPN服务器(初步)>>
!!本文也是在此基础上做的改变,请先参照上述文章,完成PPTP VPN服务器的构建,再做如下步骤!!
一、安装相关配置包
1、安装httpd、mysql及php相关包
[root@localhost ~]# yum -y install httpd httpd-devel mysql mysql-server mysql-devel[root@localhost ~]# yum -y install php php-devel php-mysql php-common php-gd php-mbstring php-mcry
2、配置httpd服务:
[root@localhost ~]# netstat -ant |grep 80[root@localhost ~]# /etc/init.d/httpd startStarting httpd: [ OK ][root@localhost ~]# vi /etc/sysconfig/iptables[root@localhost ~]# grep 80 /etc/sysconfig/iptables-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT #增加此行[root@localhost ~]# /etc/init.d/iptables restartFlushing firewall rules: [ OK ]Setting chains to policy ACCEPT: filter nat [ OK ]Unloading iptables modules: [ OK ]Applying iptables firewall rules: [ OK ]Loading additional iptables modules: ip_conntrack_netbios_n[ OK ][root@localhost ~]# chkconfig httpd --listhttpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off[root@localhost ~]# chkconfig httpd on #设置httpd自动启动[root@localhost ~]# chkconfig httpd --listhttpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off[root@localhost ~]# netstat -ant |grep 80tcp 0 0 :::80 :::* LISTEN
3、启动mysql数据库:
[root@localhost ~]# /etc/init.d/mysqld startInitializing MySQL database: Installing MySQL system tables...OKFilling help tables...OKTo start mysqld at boot time you have to copysupport-files/mysql.server to the right place for your systemPLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !To do so, start the server, then issue the following commands:/usr/bin/mysqladmin -u root password 'new-password'/usr/bin/mysqladmin -u root -h localhost.localdomain password 'new-password'Alternatively you can run:/usr/bin/mysql_secure_installationSee the manual for more instructions.You can start the MySQL daemon with:cd /usr ; /usr/bin/mysqld_safe &You can test the MySQL daemon with mysql-test-run.plcd mysql-test ; perl mysql-test-run.plPlease report any problems with the /usr/bin/mysqlbug script!The latest information about MySQL is available on the web athttp://www.mysql.comSupport MySQL by buying support/licenses at http://shop.mysql.com [ OK ]Starting mysqld: [ OK ]4、设置数据库密码;
[root@localhost ~]# mysqladmin -u root password 'leekwen'
5、安装Freeradius2相关包
[root@localhost ~]# yum install -y freeradius2 freeradius2-mysql freeradius2-utils
6、启动radius进程,调试模式:
[root@localhost ~]# radiusd -XFreeRADIUS Version 2.1.12, for host i386-redhat-linux-gnu, built on Jan 9 2013 at 05:02:57Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. ... adding new socket proxy address * port 51738Listening on authentication address * port 1812Listening on accounting address * port 1813Listening on command file /var/run/radiusd/radiusd.sockListening on authentication address 127.0.0.1 port 18120 as server inner-tunnelListening on proxy address * port 1814Ready to process requests.
7、开启另外一个终端进行测试,如图:
8、如果结果与上图不同,请临时关闭防火墙后,临时关闭防火墙命令如下:
[root@localhost ~]# iptables -F
重新运行测试命令:
[root@localhost ~]# radtest steve testing localhost 1812 testing123##############
# !!error !! #
##############
Failed binding to authentication address * port 1812: Address already in use
/etc/raddb/radiusd.conf[240]: Error binding to port for 0.0.0.0 port 1812
请先用 lsof 命令查看,再用 killall -9 radiusd命令结束后,重新开启服务后,在进行测试!
二、下载ppp源码文件,集成ppp client:
1、下载源码:
[root@localhost ~]# wget ftp://ftp.samba.org/pub/ppp/ppp-2.4.4.tar.gz--2013-07-01 18:33:36-- ftp://ftp.samba.org/pub/ppp/ppp-2.4.4.tar.gz => `ppp-2.4.4.tar.gz'Resolving ftp.samba.org... 216.83.154.106, 2001:470:1f05:1a07::1Connecting to ftp.samba.org|216.83.154.106|:21... connected.Logging in as anonymous ... Logged in!==> SYST ... done. ==> PWD ... done.==> TYPE I ... done. ==> CWD /pub/ppp ... done.==> SIZE ppp-2.4.4.tar.gz ... 688763==> PASV ... done. ==> RETR ppp-2.4.4.tar.gz ... done.Length: 688763 (673K)100%[===========================================>] 688,763 135K/s in 5.3s2013-07-01 18:33:45 (127 KB/s) - `ppp-2.4.4.tar.gz' saved [688763]
2、解压并做相关配置
[root@localhost ~]# tar zxf ppp-2.4.4.tar.gz[root@localhost ~]# cp -R ppp-2.4.4/pppd/plugins/radius/etc/ /etc/radiusclient[root@localhost ~]# cp /etc/radiusclient/radiusclient.conf /etc/radiusclient/radiusclient.conf.bak[root@localhost ~]# vi /etc/radiusclient/radiusclient.conf行号 修改前的配置文件 修改后的配置文件25 issue /usr/local/etc/radiusclient/issue 修改为:issue /etc/radiusclient/issue46 servers /usr/local/etc/radiusclient/servers 修改为:servers /etc/radiusclient/servers50 dictionary /usr/local/etc/radiusclient/dictionary 修改为:dictionary /etc/radiusclient/dictionary61 mapfile /usr/local/etc/radiusclient/port-id-map 修改为:mapfile /etc/radiusclient/port-id-map说明:修改相关配置文件的路径,确保radiusclient.conf这个文件中radiusclient相关的路径都是“/etc/radiusclient”开头的.
3、配置字典文件:
[root@localhost ~]# ls -l /etc/radiusclient/dictionary*-rw-r--r-- 1 root root 7656 Jul 1 18:34 /etc/radiusclient/dictionary-rw-r--r-- 1 root root 12295 Jul 1 18:34 /etc/radiusclient/dictionary.ascend-rw-r--r-- 1 root root 1395 Jul 1 18:34 /etc/radiusclient/dictionary.compat-rw-r--r-- 1 root root 599 Jul 1 18:34 /etc/radiusclient/dictionary.merit-rw-r--r-- 1 root root 2649 Jul 1 18:34 /etc/radiusclient/dictionary.microsoft[root@localhost ~]# vi /etc/radiusclient/dictionary行号 文件内容253 INCLUDE /etc/radiusclient/dictionary.microsoft254 INCLUDE /etc/radiusclient/dictionary.merit #增加此行255 INCLUDE /etc/radiusclient/dictionary.ascend #增加此行256 INCLUDE /etc/radiusclient/dictionary.compat #增加此行
4、在pptpd服务中添加freeradius插件:
[root@localhost ~]# vi /etc/ppp/options.pptpd行号 文件内容128 # put plugins here129 # (putting them higher up may cause them to sent messages to the pty)130 plugin /usr/lib/pppd/2.4.4/radius.so #增加此行131 plugin /usr/lib/pppd/2.4.4/radattr.so #增加此行132 radius-config-file /etc/radiusclient/radiusclient.conf #增加此行[root@localhost ~]# tail -n 3 /etc/ppp/options.pptpdplugin /usr/lib/pppd/2.4.4/radius.soplugin /usr/lib/pppd/2.4.4/radattr.soradius-config-file /etc/radiusclient/radiusclient.conf
三、建立radius数据库及导入相应的数据库表:
可采用命令或使用Navicat for MySQL工具来完成:
1、radius中提供了mysql的导入文件:
[root@localhost ~]# ls /etc/raddb/sql/mysql/*.sql -l-rw-r----- 1 root radiusd 661 Jan 9 02:04 /etc/raddb/sql/mysql/admin.sql-rw-r----- 1 root radiusd 452 Jan 9 02:04 /etc/raddb/sql/mysql/cui.sql-rw-r----- 1 root radiusd 761 Jan 9 02:04 /etc/raddb/sql/mysql/ippool.sql-rw-r----- 1 root radiusd 399 Jan 9 02:04 /etc/raddb/sql/mysql/nas.sql-rw-r----- 1 root radiusd 4318 Jan 9 02:04 /etc/raddb/sql/mysql/schema.sql-rw-r----- 1 root radiusd 407 Jan 9 02:04 /etc/raddb/sql/mysql/wimax.sql
2、这里采用了命令方式,首先建立radius数据库:
为了方便以后使用Navicat for MySQL工具管理Mysql数据库,所以做了权限等方便的修改:
3、具体操作可复制代码:
[root@localhost ~]# mysql -uroot -pEnter password:Welcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 4Server version: 5.0.95 Source distributionCopyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respectiveowners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> show databases;+--------------------+| Database |+--------------------+| information_schema || mysql || test |+--------------------+3 rows in set (0.00 sec)mysql> CREATE DATABASE radius DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;Query OK, 1 row affected (0.00 sec)mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'leekwen' WITH GRANT OPTION;Query OK, 0 rows affected (0.00 sec)mysql> flush PRIVILEGES;Query OK, 0 rows affected (0.00 sec)mysql> \q;Bye[root@localhost ~]# mysql -uroot -p radius < /etc/raddb/sql/mysql/admin.sqlEnter password:[root@localhost ~]# mysql -uroot -p radius < /etc/raddb/sql/mysql/cui.sqlEnter password:[root@localhost ~]# mysql -uroot -p radius < /etc/raddb/sql/mysql/ippool.sqlEnter password:[root@localhost ~]# mysql -uroot -p radius < /etc/raddb/sql/mysql/nas.sqlEnter password:[root@localhost ~]# mysql -uroot -p radius < /etc/raddb/sql/mysql/schema.sqlEnter password:[root@localhost ~]# mysql -uroot -p radius < /etc/raddb/sql/mysql/wimax.sqlEnter password:
4、防火墙中关于数据库相关的设置:
[root@localhost ~]# grep 3306 /etc/sysconfig/iptables[root@localhost ~]# vi /etc/sysconfig/iptables[root@localhost ~]# /etc/init.d/iptables restartFlushing firewall rules: [ OK ]Setting chains to policy ACCEPT: filter nat [ OK ]Unloading iptables modules: [ OK ]Applying iptables firewall rules: [ OK ]Loading additional iptables modules: ip_conntrack_netbios_n[ OK ][root@localhost ~]# grep 3306 /etc/sysconfig/iptables-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
四、修改radius的相关配置文件:
[root@localhost ~]# cp /etc/raddb/radiusd.conf /etc/raddb/radiusd.conf.bak[root@localhost ~]# vi /etc/raddb/radiusd.conf行号 | 修改后配置 | 未修改的配置700 | $INCLUDE sql.conf | # $INCLUDE sql.conf <------去掉注释#712 | $INCLUDE sql/mysql/counter.conf| # $INCLUDE sql/mysql/counter.conf <------去掉注释#[root@localhost ~]# cp /etc/raddb/sql.conf /etc/raddb/sql.conf.bak[root@localhost ~]# vi /etc/raddb/sql.conf行号 | 修改后配置 | 未修改的配置38 | login = "root" | login = "radius" <------修改连接mysql的用户名39 | password = "leekwen" | password = "radpass"<------修改连接mysql的密码100 | readclients = yes | #readclients = yes <------去掉注释#
说明:如果在运行radiusd -X 时会加载配置文件;
如果看到加载的配置文件时,出现下面的错误:
!!! Error !!!
Duplicate virtual server "inner-tunnel" in file /etc/raddb/sites-enabled/inner-tunnel:11
and file /etc/raddb/sites-enabled/inner-tunnel.bak:11
请将/etc/raddb/sites-enabled/inner-tunnel.bak 与 /etc/raddb/sites-enabled/default.bak全部删除,
这也是为什么下面在编辑前没有备份这两个文件的原因:
[root@localhost ~]# vi /etc/raddb/sites-enabled/default行号 | 修改后配置 | 未修改的配置170 # files | files <------增加注释#177 sql | # sql <------去掉注释#372 # files | files <------增加注释#406 sql | # sql <------去掉注释#454 sql | # sql <------去掉注释#475 sql | # sql <------去掉注释#[root@localhost ~]# vi /etc/raddb/sites-enabled/inner-tunnel行号 | 修改后配置 | 未修改的配置124 # files | files <------增加注释#131 sql | # sql <------去掉注释#255 sql | # sql <------去掉注释#277 sql | # sql <------去掉注释#2、启动radiusd服务,并在数据库总插入测试账号,并查看测试结果!
3、测试通过后,修改默认密钥密码:
[root@localhost ~]# cp /etc/raddb/clients.conf /etc/raddb/clients.conf.bak[root@localhost ~]# vi /etc/raddb/clients.conf行号 | 修改后配置 | 未修改的配置101 secret = leekwen | secret = testing123
4、重新启动相关服务后,进行数据库用户测试!
5、此测试通过后,进行客户端的拨号连接,并在服务端查看客户端的拨号日志:
6、到此,已经完成了,pptpd + freeradius2 + mysql 三者之间的整合,后续章节中将增加前台配置页面daloradius,用它提供一个友好的配置界面!!
- CentOS 5.4 pptp + freeradius2 +mysql +daloradius 完美整合(图文并茂)
- Centos+Freeradius+Mysql+daloRADIUS进行ROS PPPOE验证(实验)
- Ubuntu下配置FreeRADIUS + PPTP/L2TP + Mysql + daloRADIUS
- CentOS PPTP配置FreeRADIUS+DaloRADIUS实现高级用户控制+流量控制
- CentOS PPTP配置FreeRADIUS+DaloRADIUS实现高级用户控制+流量控制
- centos 5.Freeradius2.1 mysql 5.0成功安装配置笔记
- CentOS 6.2 PPTP FreeRADIUS MySQL搭建VPN
- CentOS release 5.4 (Final) 配置PPTP VPN服务器(初步)
- PPTP +Radius + DaloRadius 打造VPN用户/流量管理平台
- openvpn+mysql+freeradius+daloradius认证
- centos下搭建vpn(pptp)
- FreeRadius2.1.9+Mysql 配置Radius认证
- centos pptp+l2tp+radius+mysql+tc限速,安装配置
- Centos6.2 Openvpn,Routeros Radius Mysql daloRADIUS
- Centos 搭建PPTP VPN
- VPN: centos vps + pptp
- centos搭建虚拟pptp
- centos 搭建PPTP
- EM算法(expectation-maximization algorithm)
- 诺基亚仍然能从廉价诺基亚105手机上取得利润
- 原武大校长刘道玉给清华大学的公开信
- HTML基础
- DedeCms后台登录空白
- CentOS 5.4 pptp + freeradius2 +mysql +daloradius 完美整合(图文并茂)
- 二进制
- linux命令终极学习-awk
- oracle 修改dbid和dbname
- Oracle空间数据库的逻辑迁移
- 在Ubuntu为Android硬件抽象层(HAL)模块编写JNI方法提供Java访问硬件服务接口 (学习老罗的)
- 网站上flv,MP4等格式的视频文件播放不出来的解决办法
- Reservoir Sampling 蓄水池抽样
- jvm的stack和heap,JVM内存模型,垃圾回收策略,分代收集,增量收集(转)