freeradius client,freeradius server ,mysql安装以及集成总结
来源:互联网 发布:弹奏音乐的软件 编辑:程序博客网 时间:2024/05/29 09:55
Freeradius安装总结
一.操作系统
Centos 6.5
二.VPN服务器安装配置
1. 安装编译环境:yuminstall –y wget gcc gcc-c++ make
2. 安装PPP:yum install–y ppp
3. 安装PPTP VPN
方法一、
(1) 运行如下命令:
cat /dev/net/tun
返回的必须是:cat: /dev/net/tun: File descriptor in bad state
运行: cat /dev/ppp
返回的必须是:cat: /dev/ppp: No such device or address
如果上面返回的不是这两个结果的话,请与VPS客服联系开通ppp和tun权限.
(2) 下载vpn(CentOS6专用)一键安装包
wget http://www.hi-vps.com/shell/vpn_centos6.sh
chmod a+x vpn_centos6.sh
(3) 运行一键安装包
bash vpn_centos6.sh
会有三个选择:
1. 安装VPN服务
2. 修复VPN
3. 添加VPN用户
首先输入1,回车,VPS开始安装VPN服务.
(4) 添加VPN用户
bash vpn_centos6.sh
选择3,然后输入用户名和密码,OK
(5) 修复VPN服务
如果VPN拨号发生错误,可以试着修复VPN,然后重启VPS
bash vpn_centos6.sh
选择2,然后reboot
1,随机用户名或密码修改添加:
编辑“/etc/ppp/chap-secrets”,按照如下,替换红字部分:
用户名 pptpd密码 *
重启即可。
(6) 测试pptpd
如果是默认安装,你在任意路径打pptpd就可以了。
如果成功,你就会在
/var/log/messages里面看到
Feb 10 09:51:46 kdfng pptpd[926]: MGR: Manager processstarted
Feb 10 09:51:46 kdfng pptpd[926]: MGR: Maximum of 100connections available
方法二、
(1)wgethttp://hello-linux.googlecode.com/files/pptpd_with_freeradius_plugins.sh
或者wget http://mirrors.linuxeye.com/scripts/vpn_centos.sh
(2)chmod +x pptpd_with_freeradius_plugins.sh(使用脚本安装省事,该脚本中已经加入了freeradius的插件)
(3)./pptpd_with_freeradius_plugins.sh
三.FreeRADIUS客户端安装与配置
1. freeradius-client安装
(1)wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-client-1.1.7.tar.gz
(2) tarzxvf freeradius-client-1.1.7.tar.gz
(3) cdfreeradius-client-1.1.7
(4) ./configure
(5) make
(6) makeinstall
2. freeradius-client配置
(1)vi /usr/local/etc/radiusclient/radiusclient.conf将radius deadtime 0和bindaddr *的注释去掉
找到 authserver 和 acctserver 将值改为 localhost
(2)指定freeradius server地址,并设置通信密码
cat >>/usr/local/etc/radiusclient/servers<<EOF
localhost testing123
EOF
四.FreeRADIUS服务端安装与配置
1. 安装Mysql
(1) yum install mysql mysql-develmysql-server
(2) service mysqld start
(3) chkconfig mysqld on
(4) mysqladmin -uroot -p (初始密码一般为空,此处可直接回车)
2. 安装 freeradius-server
(1)wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.2.6.tar.gz
(2)tar zxf freeradius-server-2.2.6.tar.gz
(3)cd freeradius-server-2.2.6
(4)./configure | grep mysql
# grep 这步操作主要是查看mysql的几个参数是不是都是yes,如果不是,需要检查下mysql安装
注意:
问题一:在./configure回车后出现:configure: error: failed linking to libcrypto. Use --with-openssl-lib-dir=<path>, or --with-openssl=no (builds without OpenSSL)
解决办法:./configure --with-openssl=no
问题二:configure: WARNING: talloc library not found. Use --with-talloc-lib-dir=<path>.
configure: error: FreeRADIUS requires libtalloc
解决办法:yum install libtalloc-devel -y
(7) make && make install
最终显示:configure: WARNING: talloc library not found. Use --with-talloc-lib-dir=<path>.
configure: error: FreeRADIUS requires libtalloc
3. 基本文本数据的本地测试
(1)vi /usr/local/etc/raddb/users
找到 steve Cleartext-Password := “testing” ,取消该段的相关注释:
steve Cleartext-Password := "testing"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 172.16.3.33,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = "std.ppp",
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP
(2)radiusd –X # 进入debug日志输出模式
# 如果有出现(
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814表明正常启动成功了
注意:
问题一: Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 0x1000105f (1.0.1e release) (in range 1.0.1 dev - 1.0.1f release)
Security advisory CVE-2014-0160 (Heartbleed)
For more information see http://heartbleed.com
Once you have verified libssl has been correctly patched, set security.allow_vulnerable_openssl = 'CVE-2014-0160'
解决:修改etc/raddb下的radiusd.conf文件
找到allow_vulnerable_openssl = no,修改成allow_vulnerable_openssl = yes
问题二:Starting - reading configuration files ...
including dictionary file /usr/local/share/freeradius/dictionary
Errors reading dictionary: dict_init: /usr/local/share/freeradius/dictionary.microsoft[26]: The "encrypt=1" flag MUST be used with an explicit length for 'octets' data types
解决办法:注释掉dictionary.conf中的dhcp项即可!!
(3)重新打开一个窗口,执行下面这条命令
radtest steve testing localhost 1812 testing123 #用户名steve密码testing ,连接密钥testing123
# 出现 rad_recv: Access-Accept packet字样说明验证成功
五.freeradius和 mysql集成
mysqladmin -u root -p create radius
mysql -u root -p radius < /usr/local/etc/raddb/sql/mysql/schema.sql
mysql -u root -p radius < /usr/local/etc/raddb/sql/mysql/nas.sql
mysql -u root -p radius < /usr/local/etc/raddb/sql/mysql/ippool.sql
mysql -u root -p radius < /usr/local/etc/raddb/sql/mysql/wimax.sql
mysql -u root -p
mysql> GRANT SELECT ON radius.* TO 'radius'@'localhost' IDENTIFIED BY 'radpass';
mysql> GRANT ALL on radius.radacct TO 'radius'@'localhost';
mysql> GRANT ALL on radius.radpostauth TO 'radius'@'localhost';
mysql> use radius;
1. 加入组信息,本例中的组名为user
mysql> insert into radgroupreply (groupname,attribute,op,value) values
('user','Auth-Type',':=','Local');
mysql> insert into radgroupreply (groupname,attribute,op,value) values
('user','Service-Type','=','Framed-User');
mysql> insert into radgroupreply (groupname,attribute,op,value) values
('user','Framed-IP-Netmask',':=','255.255.255.0');
2. 加入用户信息
mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('benu', 'Password', 'benu123');
Query OK, 1 row affected (0.00 sec)
3. 用户加到组里
mysql> insert into radusergroup(username,groupname) values('benu','user');
4. 限制账户同时登陆次数
mysql> INSERT INTO radgroupcheck (GroupName, Attribute, op, Value) values
("benu", "Simultaneous-Use", ":=", "1");
vi /usr/local/etc/raddb/sql.conf
5. 设定数据库类型,帐号,密码,数据库,根据实际情况修改
6. 找到 readclients = yes取消前面的注释,取消该注释主要是启用nas表查询,clients.conf就可以不需要了
7. vi /usr/local/etc/raddb/radiusd.conf #查找$INCLUDE sql.conf(第700行),去掉#号
8. vi /usr/local/etc/raddb/sites-enabled/default
(1)找到authorize {}模块,注释掉files(170行),去掉sql前的#号(177行)
(2)找到accounting {}模块,注释掉radutmp(396行),去掉sql前面的#号(406行)
(3)找到session {}模块,注释掉radutmp(450行),去掉sql前面的#号(454行)
(4)找到post-auth {}模块,去掉sql前的#号(475行),去掉sql前的#号(563行)
9. vi /usr/local/etc/raddb/sites-enabled/inner-tunnel
(1) 找到authorize {}模块,注释掉files(124行),去掉sql前的#号(131行)
(2) 找到session {}模块,注释掉radutmp(251行),去掉sql前面的#号(255行)
(3) 找到post-auth {}模块,去掉sql前的#号(277行),去掉sql前的#号(301行)
10.正常启动FreeRADIUS并加入开机自启动项
(1)方法一、
cd /root
wget http://hello-linux.googlecode.com/files/radiusd
mv radiusd /etc/init.d/
chmod +x /etc/init.d/radiusd
vi /etc/init.d/radiusd
# 找到prefix=/usr/local/radius(第25行),将其改为prefix=/usr/local
/etc/init.d/radiusd start
vi /etc/rc.local
# 在最后一行插入/etc/init.d/radiusd start
(2)方法二、
鉴于谷歌的服务器登录不上去,故采用以下方式加启动项:
设置为开机自启动服务
把启动脚本文件复制到/etc/init.d目录下
cp /usr/local/sbin/rc.radiusd /etc/init.d/radius
# vi /etc/init.d/radius
在 #!/bin/sh一行后面加入:
# radiusd This shell script takes care of starting and stopping
# standalone radiusd.
#
# chkconfig: - 70 70
# description: free radius server.
# processname: /usr/local/sbin/radiusd
# config: /usr/local/etc/raddb
使用命令:
#chkconfig --add radius
#chkconfig radius on
11. 最终测试
# 用刚才插入数据库的用户名和密码来检验
radtest benu benu123 localhost 1812 testing123
# 出现 rad_recv: Access-Accept packet字样说明安装已经成功
至此,安装已完成。
- freeradius client,freeradius server ,mysql安装以及集成总结
- FreeRadius client 安装
- Linux下freeradius-server和freeradius-client的安装和验证
- FreeRADIUS + MySQL 安装配置笔记
- FreeRADIUS + MySQL 安装配置笔记
- freeradius
- freeradius
- FreeRADIUS + MySQL 安装配置笔记1
- Ubuntu安装 apache2 mysql php5 freeradius
- PPTP + FreeRADIUS + MySQL 安装与配置
- linux+FreeRadius+mysql+Apache安装搭建过程
- centos6安装配置freeradius和mysql
- ubuntu+freeradius+mysql.txt
- freeradius连接 mysql
- CentOS 6.5+freeradius+mysql
- freeradius关联mysql
- freeradius学习总结
- 在树莓派上安装GUI的FreeRadius(Raspberry PI based FreeRadius Server with GUI)
- Tree Recovery
- 命令行中执行带参数的java程序(Command-Line Arguments)
- ios developer tiny share-20160705
- Cocos2dx 3.x版本Cocos2dxDownloader.java文件报错
- 面试题(单例模式两种写法)
- freeradius client,freeradius server ,mysql安装以及集成总结
- 我用的一些mysql函数--
- AngularJS中$http.post问题
- dup()
- js笔记--错误处理与调试
- 如何用java计算两个日期之间间隔多少天
- SIFT--FPGA实现之降采样
- java多线程基础(5)-调度方式之暂停当前线程方式4-连接线程(join)
- EMW Tool Box 4.1 更改域名和端口讲解