ubuntu部署wifi+freeradius+mysql

radius协议:

RADIUS:Remote Authentication Dial In User Service,远程用户拨号认证系统由RFC2865,RFC2866定义,是目前应用最广泛的AAA协议。AAA是一种管理框架,因此,它可以用多种协议来实现。在实践中,人们最常使用远程访问拨号用户服务(Remote Authentication Dial In User Service,RADIUS)来实现AAA。

这里通过部署freeradius,backend为mysql,存储数据,来实现用户认证登录wifi。

###安装配置freeradius

  1. sudo apt-get update
  2. sudo apt-get install freeradius freeradius-mysql
    使用mysql作为backend,需要安装freeradius-mysql模块
  3. sudo vim /etc/freeradius/sites-enabled/default
    编辑default文件,注释掉files的相关行,取消注释sql的所有行,不要删除默认配置的任何行。
    4.sudo vim /etc/freeradius/sites-enabled/inner-tunnel
    取消注释sql的所有行,不要删除默认配置的任何行。
    5.sudo vim /etc/freeradius/radiusd.conf
    编辑radius.conf,取消注释$INCLUDE sql.conf
    6.sudo vim /etc/freeradius/sql.conf
sql {
	database = "mysql"
	server = "localhost"
	login = "radius"
	password = "radpass"
	radius_db = "radius"
	#uncomment read_groups
	read_groups = yes
	#uncomment readclients
	readclients = yes
}

###安装配置mysql

1.sudo apt-get install mysql-server
输入并重复新mysql root用户的密码
2.CREATE DATABASE radius;
3.CREATE USER 'radius'@'localhost' IDENTIFIED BY 'radpass';
4.GRANT ALL PRIVILEGES ON *.* TO 'sampleuser'@'localhost';
5.FLUSH PRIVILEGES;
导入freeradius的sql文件
6.mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql;
7.mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sql;
添加radius数据库中的数据
8.INSERT INTO nas VALUES (NULL , '0.0.0.0/0, 'myNAS', 'other', NULL , 'testing123', NULL , NULL , 'RADIUS Client');
9.INSERT INTO radcheck (username, attribute, op, value) VALUES ('thisuser', 'Cleartext-Password', ':=', 'thispassword');
10.INSERT INTO radusergroup (username, groupname, priority) VALUES ('thisuser', 'thisgroup', '1');
11.INSERT INTO radgroupreply (groupname, attribute, op, value) VALUES ('thisgroup', 'Service-Type', ':=', 'Framed-User'), ('thisgroup', 'Framed-Protocol', ':=', 'PPP'), ('thisgroup', 'Framed-Compression', ':=', 'Van-Jacobsen-TCP-IP');

###测试
clear-text password 测试
1.radtest leo 12345 127.0.0.1 1 testing123

ubuntu@ip-192-168-0-57:/etc/freeradius$ radtest thisuser thispassword 127.0.0.1 1 testing123
Sent Access-Request Id 58 from 0.0.0.0:56965 to 127.0.0.1:1812 length 78
	User-Name = "thisuser"
	User-Password = "thispassword"
	NAS-IP-Address = 192.168.0.57
	NAS-Port = 1
	Message-Authenticator = 0x00
	Cleartext-Password = "thispassword"
Received Access-Accept Id 58 from 127.0.0.1:1812 to 127.0.0.1:56965 length 38
	Service-Type = Framed-User
	Framed-Protocol = PPP
	Framed-Compression = Van-Jacobson-TCP-IP

测试通过后,可以使用测试路由器上配置实验了

友情链接
1.https://www.vpsserver.com/community/tutorials/10/setup-and-configuration-of-freeradius-mysql-on-ubuntu-14-04-64bit/
2.https://wiki.freeradius.org/guide/SQL-HOWTO-for-freeradius-3.x-on-Debian-Ubuntu

你可能感兴趣的:(linux,mysql)