Ubuntu 编译安装freeradius-server3
Ubuntu 编译安装freeradius-server3
- 1.下载freeradius-server-3
- 2.安装freeradius-server-3
- 3.配置freeradius-server-3
- 4.freeradius-server-3配置sql模块
1.下载freeradius-server-3
ftp://ftp.freeradius.org/pub/radius/freeradius-server-3.0.19.tar.gz
wget ftp://ftp.freeradius.org/pub/radius/freeradius-server-3.0.19.tar.gz
2.安装freeradius-server-3
tar zxvf freeradius-server-3.0.19.tar.gz
mv freeradius-server-3.0.19 radius
cd radius
./configure --prefix=/usr/local/radius
发生错误:configure: error: FreeRADIUS requires libtalloc
执行 apt-get install libtalloc-dev解决
./configure
发生错误:configure: error: failed linking to libcrypto. Use --with-openssl-lib-dir= , or --with-openssl=no (builds without OpenSSL)
解决办法:
apt-get install libssl-dev
make
make install
sudo ldconfig
3.配置freeradius-server-3
cp /usr/local/radius/sbin/radiusd /usr/bin/
chmod +x /usr/bin/radiusd
radiusd #启动
#报错:
Tue Oct 1 14:57:37 2019 : Info: Debugger not attached
Tue Oct 1 14:57:37 2019 : Error: Refusing to start with libssl version OpenSSL 1.0.2g 1 Mar 2016 0x1000207f (1.0.2g release) (in range 1.0.2 release - 1.0.2h rele)
Tue Oct 1 14:57:37 2019 : Error: Security advisory CVE-2016-6304 (OCSP status request extension)
Tue Oct 1 14:57:37 2019 : Error: For more information see https://www.openssl.org/news/secadv/20160922.txt
Tue Oct 1 14:57:37 2019 : Info: Once you have verified libssl has been correctly patched, set security.allow_vulnerable_openssl = ‘CVE-2016-6304’
解决办法:
vim /usr/local/radius/etc/raddb/radiusd.conf
security {
allow_vulnerable_openssl = ‘CVE-2016-6304’
}
配置软链接方便服务启动和测试
cd /usr/local/sbin
ln -s /usr/local/radius/sbin/radiusd ./
root@iZuf633l0ge76ux11c4tl9Z:/usr/local/sbin# ll
total 8
drwxr-xr-x 2 root root 4096 Oct 3 17:59 ./
drwxr-xr-x 15 root root 4096 Oct 3 17:50 …/
lrwxrwxrwx 1 root root 30 Oct 3 17:59 radiusd -> /usr/local/radius/sbin/radiusd*
cd /usr/bin
ln -s /usr/local/radius/bin/radtest ./
root@iZuf633l0ge76ux11c4tl9Z:/usr/bin# ll -h|grep radtest
lrwxrwxrwx 1 root root 29 Oct 3 18:07 radtest -> /usr/local/radius/bin/radtest*
radtest测试
radtest steve testing localhost 1812 testing123
命令 用户名 密码 Freeradius服务器IP地址 端口 通讯秘钥
radtest steve testing localhost 1812 testing123
root@iZuf633l0ge76ux11c4tl9Z:/usr/local/radius/etc/raddb# radtest steve testing 127.0.0.1 1812 testing123
Sent Access-Request Id 94 from 0.0.0.0:50517 to 127.0.0.1:1812 length 75
User-Name = “steve”
User-Password = “testing”
NAS-IP-Address = 172.19.152.159
NAS-Port = 1812
Message-Authenticator = 0x00
Cleartext-Password = “testing”
Received Access-Reject Id 94 from 127.0.0.1:1812 to 127.0.0.1:50517 length 20
(0) -: Expected Access-Accept got Access-Reject
拒绝失败
解决办法:
cd /usr/local/radius/etc/raddb
vim users
steve Cleartext-Password := “testing”
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 172.16.3.33,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = “std.ppp”,
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP
保存退出
再次执行:
radtest steve testing 127.0.0.1 1812 testing123
tail -f /usr/local/radius/var/log/radius/radius.log
查看日志:pap: User authenticated successfully
4.freeradius-server-3配置sql模块
配置sql模块
Configuration:
Create softlink for modules that you want to add.
cd /usr/local/radius/etc/raddb/mods-enabled/
#创建软链接
ln -s /usr/local/radius/etc/raddb/mods-available/sql ./
vim /usr/local/radius/etc/raddb/radiusd.conf
modules {
$INCLUDE mods-enabled/
}
#编辑sites-available default配置文件 /usr/local/radius/etc/sites-available/default
vim /usr/local/radius/etc/sites-available/default:
整个文件如下所示
#mysql来存储用户信息
authorize {
#files
sql
}
#sql来记录记账信息
accounting {
sql
}
#用户同时登录限制功能
session {
radutmp
#
# See “Simultaneous Use Checking Queries” in sql.conf
sql
}
#用户登录后进行数据记录功能
post-auth {
sql
}
编辑inner-tunnel
vim /usr/local/radius/etc/sites-available/inner-tunnel
authorize {
#files
sql
}
session {
radutmp
#
# See “Simultaneous Use Checking Queries” in sql.conf
sql
}
post-auth {
sql
}
Mysql数据库连接配置
vim /usr/local/radius/etc/raddb/mods-enabled/sql
注释mysql节点的tls 因为不需要安全连接,默认没有配置,需要自行配置
dialect = “mysql”
driver = “rlm_sql_${dialect}”
server = “127.0.0.1”
port = 3306
login = “root”
password = “root”
radius_db = “radius”
acct_table1 = “radacct”
acct_table2 = “radacct”
postauth_table = “radpostauth”
authcheck_table = “radcheck”
groupcheck_table = “radgroupcheck”
authreply_table = “radreply”
groupreply_table = “radgroupreply”
usergroup_table = “radusergroup”
delete_stale_sessions = yes
read_clients = yes
client_table = “nas”
启动radiusd -x
报错:
Debugger not attached
Creating attribute Unix-Group
Could not link driver rlm_sql_mysql: /usr/local/radius/lib/rlm_sql_mysql.so: cannot open shared object file: No such file or directory
Make sure it (and all its dependent libraries!) are in the search path of your system’s ld
/usr/local/radius/etc/raddb/mods-enabled/sql[20]: Instantiation failed for module “sql”
解决办法:
apt-get install libmysqlclient-dev
重新编译
./configure --prefix=/usr/local/radius
make
make install