原文出处:http://peihexian.iteye.com/admin/blogs/2087206
安装centos6.5操作系统,然后按照http://www.haiyun.me/archives/centos-freeradius-daloradius-ros.html 这篇文章里面写的,安装mysql之类的
yum -y install httpd httpd-devel mysql mysql-server mysql-devel yum -y install php php-devel php-mysql php-common php-gd php-mbstring php-mcrypt php-xml /etc/init.d/httpd start /etc/init.d/mysqld start chkconfig httpd on chkconfig mysqld on mysqladmin -u root password 'newpassowrd'
然后可以通过yum命令快速安装freeradius,就是版本略低一点,命令为
yum install -y freeradius freeradius-mysql freeradius-utils
修改启用测试账户
找到radius的用户信息配置参数文件(将来换mysql数据库存用户账户的话这个文件就不用了), yum自动安装的在/etc/raddb路径里面 ,
vi /etc/raddb/users
,然后找到下面这段文字
#steve Cleartext-Password := "testing" # Service-Type = Framed-User, # Framed-Protocol = PPP, # Framed-IP-Address = 172.16.3.33, # Framed-IP-Netmask = 255.255.255.0, # Framed-Routing = Broadcast-Listen, # Framed-Filter-Id = "std.ppp", # Framed-MTU = 1500, # Framed-Compression = Van-Jacobsen-TCP-IP
然后把这段文字前面的#注释全部去掉后保存文件
首次启动
可以通过radiusd -X来做首次启动,注意首次启动必须是root账户才行,还有注意那个X是大写的.
如果看到下面的提示应该就是启动成功了:
Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests.
然后另外开一个终端运行 radtest yerunian test localhost 1812 testing123 进行测试,当出现rad_recv: Access-Accept 说明freeradius已经安装成功.
正常情况下的测试提示应该如下:
rad_recv: Access-Accept
测试无问题以后记得再次vi users,把这个测试账户相关的配置全部注释掉,然后关闭radiusd的调试进程,
killall -9 radiusd
chkconfig radiusd on
service radiusd start
可以通过新开一个终端窗 口,然后执行cat /usr/local/var/log/radius/radius.log 去查看启动日志看有没有错误。
以下开始配置freeradius了, 配置的方法参考了http://wenku.baidu.com/view/6209280b4a7302768f993901.html
cp /etc/raddb/clients.conf /etc/raddb/clients.conf.bak [root@localhost raddb]# grep -v \# /etc/raddb/clients.conf.bak >/etc/raddb/clients.conf [root@localhost raddb]# vi /etc/raddb/clients.conf
内容配置为:
client 127.0.0.1 {
ipaddr = 127.0.0.1
secret = testing123
shortname=localhost
}
需要注意,上面配置的127.0.0.1主要用于测试,将来真正的客户端要按照下面的信息进行补充
#将来你的真正的raidus计费客户端如routeros等需要在这里配置ip信息,例如
client x.x.x.x{ #这里的x.x.x.x就是你的routeros服务器内网口ip
ipaddr=x.x.x.x #routeros内网ip
secret=xxxxxxxxxx #你自己定义的密码
shortname=ros
}
cp /etc/raddb/sql/mysql/admin.sql /etc/raddb/sql/mysql/admin.sql.bak
grep -v ^# /etc/raddb/sql/mysql/admin.sql.bak > /etc/raddb/sql/mysql/admin.sql
vi /etc/raddb/sql/mysql/admin.sql
内容改成下面这个样子的 ;
CREATE USER 'radius'@'localhost';
SET PASSWORD FOR 'radius'@'localhost' = PASSWORD('radpass');
GRANT SELECT ON radius.* TO 'radius'@'localhost';
GRANT ALL ON radius.* TO 'radius'@'localhost';
mysql -u root -p 回车后输入mysql的root管理员帐号密码,然后
create database radius;
exit
再次mysql -u root -p 回车,输入密码后
然后执行source /etc/raddb/sql/mysql/admin.sql
然后 use radius 回车选中radius数据库, source /etc/raddb/sql/mysql/schema.sql回车,source /etc/raddb/sql/mysql/nas.sql回车,source /etc/raddb/sql/mysql/ippool.sql回车,flush privileges;回车,quit退出mysql管理控制台。
然后在linux终端里面执行
vi /etc/raddb/radiusd.conf
使劲往下翻页到module那块以后去掉 $INCLUDE sql.conf 这句话前面的# 和
$INCLUDE sql/mysql/counter.conf 前面的#后保存文件退出vi编辑器
然后vi /etc/raddb/sql.conf
找到readclients = yes这一行,去掉前面的#注释后保存退出vi编辑器。
然后vi /etc/raddb/sites-enabled/default
找到authorize,accounting,session这几个配置,将里面的sql全部启用就行了,就是把sql前面的#去掉就ok了。另外在authorize里面添加以下monthlytrafficcounter 这个按月统计配置项(我这里加了这个按月统计后出错了)。
参考文档是这个http://hong.im/2013/01/04/install-freeradius-on-centos-6-and-count-client-traffic/
到了这就他妈的终于配置完了,下面就是插入一条数据到mysql数据库中真实的测试一下了:
mysql -u root -p
use radius
INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('user1', 'Password','password1');
exit
service radiusd restart
radtest user1 password1 localhost 1812 testing123
成功的样子就是这样的:
[root@localhost raddb]# radtest user1 password1 localhost 1812 testing123 Sending Access-Request of id 155 to 127.0.0.1 port 1812 User-Name = "user1" User-Password = "password1" NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=155, length=20
安装与daloradius
从sf.net下载最新版的daloraidus,然后
tar zxvf daloradius-0.9-9.tar.gz
cp -R daloradius-0.9-9 /var/www
cd /var/www
mv daloradius-0.9-9 daloradius
mysql -u root -p
use radius
source /var/www/daloradius/contrib/db/mysql-daloradius.sql
vi /var/www/daloradius/library/daloradius.conf.php
把链接数据库的密码改对,就是用户名是前面创建的radius,密码是radpass
$configValues['CONFIG_DB_USER'] = 'radius'; $configValues['CONFIG_DB_PASS'] = 'radpass';
然后
vi /etc/httpd/conf/httpd.conf
在最后增加以下内容
Alias /myradius "/var/www/daloradius/" <Directory /var/www/daloradius/> Options None order deny,allow allow from all </Directory>
配置完成后 service httpd restart
然后开浏览器访问http://localhost/myradius的时候可以打开登录界面,输入用户名administrator,密码radius以后提交登录后界面无反应,cat /etc/httpd/logs/error_log 发现提示
PHP Fatal error: Class 'DB' not found in /var/www/daloradius/library/opendb.php on line 86, referer: http://localhost/myradius/login.php
这是缺少php相关扩展造成的,还得TMD继续折腾
按照http://blog.sina.com.cn/s/blog_541a3cf10101hjth.html 这篇文章说的,增加第三方源
更新yum源 有些必须包是不在默认标准库里,安装前的必要条件,需要添加RPM forge资料库 #wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm #wget http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt #rpm --import RPM-GPG-KEY.dag.txt #rpm -ivh rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
安装PHP及扩展 #yum install php php-mysql php-gd php-ldap php-xml php-mbstring 安装PEAR相关 #yum install php-pear php-pear-DB #pear channel-update pear.php.net #pear upgrade-all
都安装完以后service httpd restart ,再次登录daloradius就可以了。
接下来是改防火墙规则,开放80端口
/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
/sbin/iptables -I INPUT -p tcp --dport 1812 -j ACCEPT
/sbin/iptables -I INPUT -p tcp --dport 1813 -j ACCEPT
/sbin/iptables -I INPUT -p tcp --dport 1814 -j ACCEPT
INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('user','Auth-Type',':=','Local');
INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('user','Service-Type',':=','Framed-User');
INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('user','Framed-IP-Address',':=','255.255.255.255');
INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('user','Framed-IP-Netmask',':=','255.255.255.0');
INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('user','Acct-Interim-Interval',':=','600');
INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('user','Max-Monthly-Traffic',':=','5368709120');
INSERT INTO radgroupcheck (groupname,attribute,op,VALUE) VALUES ('user','Simultaneous-Use',':=','1');
vi /etc/raddb/dictionary
最后一行,添加
ATTRIBUTE Max-Monthly-Traffic 3003 integer
update request {
Group-Name := "%{sql:SELECT groupname FROM radusergroup WHERE username='%{User-Name}' ORDER BY priority}"
}
if ("%{sql: SELECT ifnull(SUM(acctinputoctets+acctoutputoctets),0) div 1024 FROM radacct WHERE username='%{User-Name}' AND date_format(acctstarttime, '%Y-%m-%d') >= date_format(now(),'%Y-%m-01') AND date_format(acctstoptime, '%Y-%m-%d') <= last_day(now());}" >= "%{sql: SELECT ifnull(value,0) div 1024 FROM radgroupreply WHERE groupname='%{Group-Name}' AND attribute='Max-Monthly-Traffic';}") {
reject
}
照着抄的童鞋们千万注意,我这里改了原作者的配置,多了两个div 1024,,我看原作者配置的是5G流量限制,实地测试超过3G流量就不让我登录了,应该就是计算结果溢出造成的,所以我改了sql语句.
如果以前测试用户登陆过,建议清理一下历史记录表,
mysql -u root -p
use radius
delete from radacct;
http://wiki.mikrotik.com/wiki/RouterOs_MySql_Freeradius
http://wiki.mikrotik.com/wiki/How_to_setup_up_RADIUS_for_use_with_MikroTik_-_By_Ramona