环境:RHEL5.1 x86
AMP + daloradius(web management)
安装pptpd
- wget http://downloads.sourceforge.net/project/poptop/pptpd/pptpd-1.3.4/pptpd-1.3.4.tar.gz
- rpmbuild -tb pptpd-1.3.4.tar.gz//生成rpm包,我比较喜欢用rpm的方式来安装,用起来比较方便,没有rpmbuild这条命令的,自行用rpm或者yum的方式安装下rpm-build)
- rpm -ivh /usr/src/redhat/RPMS/i386/pptpd-1.3.4-1.i386.rpm //安装软件
- rpm -ql pptpd //查看安装了那些文件,一目了然。知道rpm的好处了吧
- ps: pptpd 运行依赖于ppp,一般系统缺省都安装的ppp包。
- rpm -qa |grep ppp //如果没有的话,装之
配置pptpd
#vi /etc/pptpd.conf //修改如下内容
- option /etc/ppp/options
- #logwtmp
- localip 192.168.0.1
- remoteip 192.168.0.2-254
#vi/etc/ppp/options.pptpd //修改如下
- name pptpd
- refuse-pap
- refuse-chap
- refuse-mschap
- require-mschap-v2
- require-mppe-128
- proxyarp
- lock
- nobsdcomp
- novj
- novjccomp
- nologfd
- idle 2592000
- ms-dns 8.8.8.8
- logfile /var/log/pptpd.log
- #plugin /usr/lib/pppd/2.4.4/radius.so
- #radius-config-file /usr/local/etc/radiusclient/radiusclient.conf
- #上面两行是加载radius模块,我们暂且注释掉,先测试下pptpd能否正常运行。
#vi /etc/ppp/chap-secrets //windows ***拨号使用的密码文件。添加一行
- test pptpd test *
- 一个账号写一行,从左到右分别是用户名、服务器名、密码、IP地址。一般我们只需要改用户名和密码。
OK,配置完成。启动pptpd服务。
#service pptpd start
在windows上***拨进来试试。test:test。拨不进来的多看看/var/log/message。
pptpd服务测试成功后,开始整合freeradius。
开启radius模块
#vi /etc/ppp/options.pptpd //去掉最后两行的注释
- plugin /usr/lib/pppd/2.4.4/radius.so
- radius-config-file /usr/local/etc/radiusclient/radiusclient.conf
安装freeradius-server(mysql)
参考: http://orzee.blog.51cto.com/3105498/620563
安装freeradius-client, 并启用sql模式
- wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-client-1.1.6.tar.gz
- tar zxvf freeradius-client-1.1.6.tar.gz
- cd freeradius-client-1.1.6
- ./configure && make && make install
配置freeradius-clinet
#vi /usr/local/etc/radiusclient/radiusclient.conf
authserver和acctserver值改为freeradius-server的地址,如果在本机上则不用改。
注释掉radius_deadtime 0 和bindaddr *两行
#vi /usr/local/etc/radiusclient/servers
- localhost testing123 //此处跟server和client.conf一致。
新建dictionary.microsoft字典,没有这个字典windows上***拨不上来
#vi /usr/local/etc/radiusclient/dictionary.microsoft
- #
- # Microsoft's VSA's, from RFC 2548
- #
- # $Id: dictionary.microsoft,v 1.1 2002/03/06 13:23:09 dfs Exp $
- #
- VENDOR Microsoft 311 Microsoft
- ATTRIBUTE MS-CHAP-Response 1 string Microsoft
- ATTRIBUTE MS-CHAP-Error 2 string Microsoft
- ATTRIBUTE MS-CHAP-CPW-1 3 string Microsoft
- ATTRIBUTE MS-CHAP-CPW-2 4 string Microsoft
- ATTRIBUTE MS-CHAP-LM-Enc-PW 5 string Microsoft
- ATTRIBUTE MS-CHAP-NT-Enc-PW 6 string Microsoft
- ATTRIBUTE MS-MPPE-Encryption-Policy 7 string Microsoft
- # This is referred to as both singular and plural in the RFC.
- # Plural seems to make more sense.
- ATTRIBUTE MS-MPPE-Encryption-Type 8 string Microsoft
- ATTRIBUTE MS-MPPE-Encryption-Types 8 string Microsoft
- ATTRIBUTE MS-RAS-Vendor 9 integer Microsoft
- ATTRIBUTE MS-CHAP-Domain 10 string Microsoft
- ATTRIBUTE MS-CHAP-Challenge 11 string Microsoft
- ATTRIBUTE MS-CHAP-MPPE-Keys 12 string Microsoft
- ATTRIBUTE MS-BAP-Usage 13 integer Microsoft
- ATTRIBUTE MS-Link-Utilization-Threshold 14 integer Microsoft
- ATTRIBUTE MS-Link-Drop-Time-Limit 15 integer Microsoft
- ATTRIBUTE MS-MPPE-Send-Key 16 string Microsoft
- ATTRIBUTE MS-MPPE-Recv-Key 17 string Microsoft
- ATTRIBUTE MS-RAS-Version 18 string Microsoft
- ATTRIBUTE MS-Old-ARAP-Password 19 string Microsoft
- ATTRIBUTE MS-New-ARAP-Password 20 string Microsoft
- ATTRIBUTE MS-ARAP-PW-Change-Reason 21 integer Microsoft
- ATTRIBUTE MS-Filter 22 string Microsoft
- ATTRIBUTE MS-Acct-Auth-Type 23 integer Microsoft
- ATTRIBUTE MS-Acct-EAP-Type 24 integer Microsoft
- ATTRIBUTE MS-CHAP2-Response 25 string Microsoft
- ATTRIBUTE MS-CHAP2-Success 26 string Microsoft
- ATTRIBUTE MS-CHAP2-CPW 27 string Microsoft
- ATTRIBUTE MS-Primary-DNS-Server 28 ipaddr Microsoft
- ATTRIBUTE MS-Secondary-DNS-Server 29 ipaddr Microsoft
- ATTRIBUTE MS-Primary-NBNS-Server 30 ipaddr Microsoft
- ATTRIBUTE MS-Secondary-NBNS-Server 31 ipaddr Microsoft
- #ATTRIBUTE MS-ARAP-Challenge 33 string Microsoft
- #
- # Integer Translations
- #
- # MS-BAP-Usage Values
- VALUE MS-BAP-Usage Not-Allowed 0
- VALUE MS-BAP-Usage Allowed 1
- VALUE MS-BAP-Usage Required 2
- # MS-ARAP-Password-Change-Reason Values
- VALUE MS-ARAP-PW-Change-Reason Just-Change-Password 1
- VALUE MS-ARAP-PW-Change-Reason Expired-Password 2
- VALUE MS-ARAP-PW-Change-Reason Admin-Requires-Password-Change 3
- VALUE MS-ARAP-PW-Change-Reason Password-Too-Short 4
- # MS-Acct-Auth-Type Values
- VALUE MS-Acct-Auth-Type PAP 1
- VALUE MS-Acct-Auth-Type CHAP 2
- VALUE MS-Acct-Auth-Type MS-CHAP-1 3
- VALUE MS-Acct-Auth-Type MS-CHAP-2 4
- VALUE MS-Acct-Auth-Type EAP 5
- # MS-Acct-EAP-Type Values
- VALUE MS-Acct-EAP-Type MD5 4
- VALUE MS-Acct-EAP-Type OTP 5
- VALUE MS-Acct-EAP-Type Generic-Token-Card 6
- VALUE MS-Acct-EAP-Type TLS 13
- #
- # Experimental extensions, configuration only (for check-items)
- # Names/numbers as per the MERIT extensions (if possible).
- #
- ATTRIBUTE NAS-Identifier 32 string
- ATTRIBUTE Proxy-State 33 string
- ATTRIBUTE Login-LAT-Service 34 string
- ATTRIBUTE Login-LAT-Node 35 string
- ATTRIBUTE Login-LAT-Group 36 string
- ATTRIBUTE Framed-AppleTalk-Link 37 integer
- ATTRIBUTE Framed-AppleTalk-Network 38 integer
- ATTRIBUTE Framed-AppleTalk-Zone 39 string
- ATTRIBUTE Acct-Input-Packets 47 integer
- ATTRIBUTE Acct-Output-Packets 48 integer
- # 8 is a MERIT extension.
- VALUE Service-Type Authenticate-Only 8
包含相关字典文件
#vi /usr/local/etc/radiusclient/dictionary //在末尾添加
- INCLUDE /usr/local/etc/radiusclient/dictionary.sip
- INCLUDE /usr/local/etc/radiusclient/dictionary.ascend
- INCLUDE /usr/local/etc/radiusclient/dictionary.merit
- INCLUDE /usr/local/etc/radiusclient/dictionary.compat
- INCLUDE /usr/local/etc/radiusclient/dictionary.microsoft
----------------------安装完成------------------
开始测试
启动pptpd、radius等服务。
我们在daloradius上新建一个用户,然后就可以用这个用户拨号了。