Ubuntu下freeradius-server的安装
一、安装
(1)更新
#apt-get update
(2)下载
链接:ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.2.9.tar.bz2 资源:freeradius-server-2.2.9.tar.bz2
(3)解压
比如解压后文件夹为freeradius-server-2.2.9
(4)配置configure文件
#cd freeradius-server-2.2.9 #./configure
出现问题一: 问题描述: configure: error: in '/home/tessie/Downloads/freeradius-server-2.2.9': configure: error: failed locating OpenSSL headers. 问题解决: #aptitude install libssl-dev
出现问题二: 问题描述: Your system needs to have a fully qualified domain name(fqdn) in order to install the var-qmail packages. 问题解决: #gedit /etc/hosts 修改127.0.1.1 tessie-...machine为127.0.1.1 tessie-...machine.example.com tessie-...machine
(5)编译安装
#make #make install
二、测试
(1.1)
#radiusd -X //-X调试模式启动,注意是大写的X
出现问题三: 问题描述: radiusd: error while loading shared libraries: libfreeradius-radius-020209.so: cannot open shared object file: No such file or directory. 问题解决: #ldconfig
(1.2)
#radiusd -X //-X调试模式启动,注意是大写的X
出现问题四: 问题描述: Refusing to start with libssl version OpenSSL 1.0.1 14 Mar 2012 (in range 1.0.1-1.0.1f). 问题解决: #gedit /usr/local/etc/raddb/radiusd.conf 修改allow_vulnerable_openssl=no为allow_vulnerable_openssl=yes
(1.3)
#radiusd -X //-X调试模式启动,注意是大写的X
会出现很多.......+............+............
出现问题五: 问题描述: unable to write 'random state' 问题解决:
#gedit /usr/local/etc/raddb/radiusd.conf
修改allow_vulnerable_openssl=yes为allow_vulnerable_openssl=no
(1.4)
#radiusd -X //-X调试模式启动,注意是大写的X
出现问题六(同‘出现问题四’): 问题描述: Refusing to start with libssl version OpenSSL 1.0.1 14 Mar 2012 (in range 1.0.1-1.0.1f). 问题解决: #gedit /usr/local/etc/raddb/radiusd.conf 修改allow_vulnerable_openssl=no为allow_vulnerable_openssl=yes
(1.5)
#radiusd -X //-X调试模式启动,注意是大写的X
正常 出现Ready to process requests.
(2)
#gedit /usr/local/etc/raddb/users 在最前面添加testing Cleartext-Password := "password" //这一行中的testing为User-Name,password为User-Password
(3)
#radiusd -X //-X调试模式启动,注意是大写的X 正常 出现Ready to process requests.
(4)
保留步骤(3)的窗口,重新打开一个Terminal窗口,以超级用户身份运行:
#radtest testing password localhost 0 testing123 //"radtest [账号] [密码] [认证位址] [NAS端口] [秘钥]" //“testing123”是FreeRADIUS和NAS的共享密钥,client.conf中有定义
正常 出现
Sending Access-Request of id 57 to 127.0.0.1 port 1812
User-Name = "testing"
User-Password = "password"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=57, length=20
$$$至此,参照http://www.linuxidc.com/Linux/2015-03/115452.htm《FreeRadius安装过程记录》;
$$$http://blog.csdn.net/pdcxs007/article/details/44223925《FreeRadius 安装过程记录》等。
三、试用
(1)添加新的账号密码
#gedit /usr/local/etc/raddb/users 在最后面添加tessie Cleartext-Password := "tessie123"
(2)添加新的代理主机
#gedit /usr/local/etc/raddb/clients.conf
在最后面添加
client 10.10.200.0/24 {
secret = 111111 //secret的意思:Radiusaaa与NAS之间的key传送是密文,而且传的不是口令,而是MD5计算结果
shortname = tessie
}
(3)关闭防火墙
#iptables -F
(4)在WAN PC上测试
#radiusd -X //-X调试模式启动,注意是大写的X
#radtest tessie tessie123 10.10.200.100 0 111111 //"radtest [账号] [密码] [认证位址] [NAS端口] [秘钥]" //“111111”是FreeRADIUS和NAS的共享密钥,client.conf中有定义
正常 出现
Sending Access-Request of id 50 to 10.10.200.100 port 1812
User-Name = "tessie"
User-Password = "tessie123"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 10.10.200.100 port 1812, id=50, length=20
(5)在LAN PC上测试
#radtest tessie tessie123 10.10.200.100 0 111111 //"radtest [账号] [密码] [认证位址] [NAS端口] [秘钥]" //“111111”是FreeRADIUS和NAS的共享密钥,client.conf中有定义
正常 出现
Sending Access-Request of id 214 to 10.10.200.100 port 1812
User-Name = "tessie"
User-Password = "tessie123"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 10.10.200.100 port 1812, id=214, length=20
出现问题七:(maybe) 问题描述: radclient: received response to request we did not send. (id=231, socket 3) 问题解决: 设置路由器DMZ=192.168.0.77
posted on
2016-03-14 16:05 懒懒的小猪 阅读(
...) 评论(
...) 编辑 收藏