ubuntu 18.04 radius 服务安装配置

环境信息:

$ cat /etc/os-release 
NAME="Ubuntu"
VERSION="18.04.6 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.6 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic

安装软件

sudo apt-get install freeradius freeradius-utils freeradius-ldap freeradius-mysql

服务端配置

用户配置:

# vim /etc/freeradius/3.0/users

#steve    Cleartext-Password := "testing"
#        Service-Type = Framed-User,
#        Framed-Protocol = PPP,
#        Framed-IP-Address = 172.16.3.33,
#        Framed-IP-Netmask = 255.255.255.0,
#        Framed-Routing = Broadcast-Listen,
#        Framed-Filter-Id = "std.ppp",
#        Framed-MTU = 1500,
#        Framed-Compression = Van-Jacobsen-TCP-IP
改为:
# test为新用户名,123456为新密码        
test    Cleartext-Password := "123456"
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 172.16.3.33,
        Framed-IP-Netmask = 255.255.255.0,
        Framed-Routing = Broadcast-Listen,
        Framed-Filter-Id = "std.ppp",
        Framed-MTU = 1500,
        Framed-Compression = Van-Jacobsen-TCP-IP

key配置:

# vim /etc/freeradius/3.0/clients.conf

client localhost {
        #       hostname    (radius.example.com)
        ipaddr = 127.0.0.1
		...
        #  OR, you can use an IPv6 address, but not both
		#       ipv6addr = ::   # any.  ::1 == localhost

        secret          = testing123

重启服务使配置生效:

sudo /etc/init.d/freeradius restart
sudo service freeradius restart

基本功能测试:

1 服务端运行:

sudo service freeradius stop
sudo freeradius -X            #前台运行, 开启调试模式
sudo freeradius                #后台运行模式

2 客户端测试:

radtest Username Password ServerIP Port Secret
radtest 用户名 密码 地址 端口 key

客户端测试1:

$ radtest test 123456 localhost 1812 testing123
Sent Access-Request Id 42 from 0.0.0.0:54282 to 127.0.0.1:1812 length 74
	User-Name = "test"
	User-Password = "123456"
	NAS-IP-Address = 192.168.1.120
	NAS-Port = 1812
	Message-Authenticator = 0x00
	Cleartext-Password = "123456"
Received Access-Accept Id 42 from 127.0.0.1:1812 to 0.0.0.0:0 length 71
	Service-Type = Framed-User
	Framed-Protocol = PPP
	Framed-IP-Address = 172.16.3.33
	Framed-IP-Netmask = 255.255.255.0
	Framed-Routing = Broadcast-Listen
	Filter-Id = "std.ppp"
	Framed-MTU = 1500
	Framed-Compression = Van-Jacobson-TCP-IP

添加新测试用户:

新增用户(test2: 1111111)

# vim /etc/freeradius/3.0/users

test    Cleartext-Password := "123456"
test2   Cleartext-Password := "111111"   #新增
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 172.16.3.33,
        Framed-IP-Netmask = 255.255.255.0,
        Framed-Routing = Broadcast-Listen,
        Framed-Filter-Id = "std.ppp",
        Framed-MTU = 1500,
        Framed-Compression = Van-Jacobsen-TCP-IP

注:注意tab对齐。

服务端重新运行:

sudo freeradius -X

客户端测试:

$ radtest test 123456 localhost 1812 testing123
Sent Access-Request Id 171 from 0.0.0.0:56737 to 127.0.0.1:1812 length 74
	User-Name = "test"
	User-Password = "123456"
	NAS-IP-Address = 192.168.1.120
	NAS-Port = 1812
	Message-Authenticator = 0x00
	Cleartext-Password = "123456"
Received Access-Accept Id 171 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
$ radtest test2 111111 localhost 1812 testing123
Sent Access-Request Id 99 from 0.0.0.0:50440 to 127.0.0.1:1812 length 75
	User-Name = "test2"
	User-Password = "111111"
	NAS-IP-Address = 192.168.1.120
	NAS-Port = 1812
	Message-Authenticator = 0x00
	Cleartext-Password = "111111"
Received Access-Accept Id 99 from 127.0.0.1:1812 to 0.0.0.0:0 length 71
	Service-Type = Framed-User
	Framed-Protocol = PPP
	Framed-IP-Address = 172.16.3.33
	Framed-IP-Netmask = 255.255.255.0
	Framed-Routing = Broadcast-Listen
	Filter-Id = "std.ppp"
	Framed-MTU = 1500
	Framed-Compression = Van-Jacobson-TCP-IP

配置客户端访问控制

服务端配置:

新增配置

# vim /etc/freeradius/3.0/clients.conf
#新增配置
client 192.168.1.0/24 {
        secret = testing456
        shortname = access-network-1
}

服务端重新运行

sudo freeradius -X

客户端测试:

$ radtest test 123456 192.168.1.120 1812 testing456
Sent Access-Request Id 89 from 0.0.0.0:55729 to 192.168.1.120:1812 length 74
	User-Name = "test"
	User-Password = "123456"
	NAS-IP-Address = 192.168.1.120
	NAS-Port = 1812
	Message-Authenticator = 0x00
	Cleartext-Password = "123456"
Received Access-Accept Id 89 from 192.168.1.120:1812 to 0.0.0.0:0 length 20
ubuntu@ubuntu-dev-machine:~$ radtest test2 111111 192.168.1.120 1812 testing456
Sent Access-Request Id 2 from 0.0.0.0:50689 to 192.168.1.120:1812 length 75
	User-Name = "test2"
	User-Password = "111111"
	NAS-IP-Address = 192.168.1.120
	NAS-Port = 1812
	Message-Authenticator = 0x00
	Cleartext-Password = "111111"
Received Access-Accept Id 2 from 192.168.1.120:1812 to 0.0.0.0:0 length 71
	Service-Type = Framed-User
	Framed-Protocol = PPP
	Framed-IP-Address = 172.16.3.33
	Framed-IP-Netmask = 255.255.255.0
	Framed-Routing = Broadcast-Listen
	Filter-Id = "std.ppp"
	Framed-MTU = 1500
	Framed-Compression = Van-Jacobson-TCP-IP

缺点:每次新增用户都需要重启服务端服务,且用户新增用户方式不友好,需要修改/etc/freeradius/3.0/users文件。
解决方案:radius + 数据库

你可能感兴趣的:(ubuntu,linux,运维)