CentOS 5.7安装FreeRADIUS 1.1.3+MySQL 5.0.77结合RouteOS

一、安装FreeRadius 和 MySQL

[root@radius ~]# yum install freeradius2 freeradius2-mysql freeradius2-utils

[root@radius ~]# yum install mysql mysql-server

二、开启MySQL和Radius服务

[root@radius ~]# service mysqld start

[root@radius ~]# radiusd –X

[root@radius ~]# service radiusd start

三、设置服务开机启动

[root@radius ~]# chkconfig mysqld --level 2345 on

[root@radius ~]# chkconfig radiusd --level 2345 on

四、做个简单的测试（可选操作）

①定义一个radius客户端ip

[root@radius ~]# vim /etc/raddb/clients.conf

删除原来的所有

配置示例：

client localhost {
        ipaddr = 127.0.0.1
        secret = testing123
        require_message_authenticator = no
        nastype = other
}

②定义一个用户和密码

[root@radius ~]# vim /etc/raddb/users

在第一行添加

配置示例：

testing Cleartext-Password := "password"

③以调试模式开启radius

[root@radius ~]# radiusd –X

状态如下：

Ready to process requests.

④测试服务是否正常

[root@radius ~]# radtest testing password localhost 0 testing123

返回结果(关键是返回Access-Accept)示例：

Sending Access-Request of id 152 to 127.0.0.1 port 1812
        User-Name = "testing"
        User-Password = "password"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=152, length=20

五、创建一个MySQL数据库

[root@radius ~]# mysql -uroot –p

mysql> CREATE DATABASE radius;

mysql> GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radpass";

mysql> exit

[root@radius ~]# cd /etc/raddb/sql/mysql/

[root@radius mysql]# mysql -uroot -p radius < schema.sql

六、检查一下是否创建成功

[root@radius mysql]# mysql -uroot -p

mysql> show databases;

+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| radius             |
| test               |
+--------------------+
4 rows in set (0.03 sec)

mysql> use radius

mysql> show tables;

+------------------+
| Tables_in_radius |
+------------------+
| radacct          |
| radcheck         |
| radgroupcheck    |
| radgroupreply    |
| radpostauth      |
| radreply         |
| radusergroup     |
+------------------+
7 rows in set (0.00 sec)

七、配置FreeRadius使用SQL

[root@radius ~]# vim /etc/raddb/sql.conf

示例：

sql {
        database = "mysql"
        driver = "rlm_sql_${database}"
        server = "localhost"
        login = "radius"
        password = "radpass"
        radius_db = "radius"
        acct_table1 = "radacct"
        acct_table2 = "radacct"
        postauth_table = "radpostauth"
        authcheck_table = "radcheck"
        authreply_table = "radreply"
        groupcheck_table = "radgroupcheck"
        groupreply_table = "radgroupreply"
        usergroup_table = "radusergroup"
        deletestalesessions = yes
        sqltrace = no
        sqltracefile = ${logdir}/sqltrace.sql
        num_sql_socks = 5
        connect_failure_retry_delay = 60
        lifetime = 0
        max_queries = 0
        nas_table = "nas"
        $INCLUDE sql/${database}/dialup.conf
}

[root@radius ~]# vim /etc/raddb/radiusd.conf

找到：

$INCLUDE sql.conf

去掉注释

以下区段需要注释掉files，去掉sql前的注释（没有则不需要）

[root@radius ~]# vim /etc/raddb/sites-available/default

authorize{}

accounting{}

session{}

post-auth{}

[root@radius ~]# vim /etc/raddb/sites-available/inner-tunnel

authorize {}

八、创建测试数据

①创建用户组[radgroupcheck]

②创建用户密码[radcheck]

③创建用户应答属性[radreply]

④创建组应答属性[radgroupreply]

下面是一个示例：

这个例子包含三个用户fredf，barney，dialrouter

fredf由NAS(网络接入服务器)动态分配ip

barney分配一个静态的ip

dialrouter表示的是一个典型的拨号路由

      mysql> select * from radcheck;
      +----+----------------+--------------------+------------------+------+
      | id | UserName       | Attribute          | Value            | Op   | 
      +----+----------------+--------------------+------------------+------+
      |  1 | fredf          | Cleartext-Password | wilma            | :=   |
      |  2 | barney         | Cleartext-Password | betty            | :=   |
      |  2 | dialrouter     | Cleartext-Password | dialup           | :=   |
      +----+----------------+--------------------+------------------+------+
      3 rows in set (0.01 sec)
 
      mysql> select * from radreply;
 
      +----+------------+-------------------+---------------------------------+------+
      | id | UserName   | Attribute         | Value                           | Op   |
      +----+------------+-------------------+---------------------------------+------+
      |  1 | barney     | Framed-IP-Address | 1.2.3.4                         | :=   |
      |  2 | dialrouter | Framed-IP-Address | 2.3.4.1                         | :=   |
      |  3 | dialrouter | Framed-IP-Netmask | 255.255.255.255                 | :=   |
      |  4 | dialrouter | Framed-Routing    | Broadcast-Listen                | :=   |
      |  5 | dialrouter | Framed-Route      | 2.3.4.0 255.255.255.248         | :=   |
      |  6 | dialrouter | Idle-Timeout      | 900                             | :=   |
      +----+------------+-------------------+---------------------------------+------+
      6 rows in set (0.01 sec)
 
      mysql> select * from radgroupreply;
      +----+-----------+--------------------+---------------------+------+
      | id | GroupName | Attribute          | Value               | Op   |
      +----+-----------+--------------------+---------------------+------+
      | 34 | dynamic   | Framed-Compression | Van-Jacobsen-TCP-IP | :=   |
      | 33 | dynamic   | Framed-Protocol    | PPP                 | :=   |
      | 32 | dynamic   | Service-Type       | Framed-User         | :=   |
      | 35 | dynamic   | Framed-MTU         | 1500                | :=   |
      | 37 | static    | Framed-Protocol    | PPP                 | :=   |
      | 38 | static    | Service-Type       | Framed-User         | :=   |
      | 39 | static    | Framed-Compression | Van-Jacobsen-TCP-IP | :=   |
      | 41 | netdial   | Service-Type       | Framed-User         | :=   |
      | 42 | netdial   | Framed-Protocol    | PPP                 | :=   |
      +----+-----------+--------------------+---------------------+------+
      12 rows in set (0.01 sec)

创建测试用户

INSERT INTO radcheck (username,attribute,op,value) VALUES ('dialrouter','Cleartext-Password',':=','dialup');
INSERT INTO radreply (username,attribute,op,value) VALUES ('dialrouter','Framed-IP-Address',':=','2.3.4.1');
INSERT INTO radreply (username,attribute,op,value) VALUES ('dialrouter','Framed-IP-Netmask',':=','255.255.255.255');
INSERT INTO radreply (username,attribute,op,value) VALUES ('dialrouter','Framed-Routing',':=','Broadcast-Listen');
INSERT INTO radreply (username,attribute,op,value) VALUES ('dialrouter','Framed-Route',':=','2.3.4.0 255.255.255.248');
INSERT INTO radreply (username,attribute,op,value) VALUES ('dialrouter','Idle-Timeout',':=','900');
INSERT INTO radgroupreply (groupname,attribute,op,value) VALUES ('netdial','Service-Type',':=','Framed-User');
INSERT INTO radgroupreply (groupname,attribute,op,value) VALUES ('netdial','Framed-Protocol',':=','PPP');

九、测试是否创建成功

[root@radius ~]# radiusd -X

[root@radius ~]# radtest dialrouter dialup localhost 1812 testing123

Sending Access-Request of id 148 to 127.0.0.1 port 1812
        User-Name = "dialrouter"
        User-Password = "dialup"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=148, length=69
        Framed-IP-Address = 2.3.4.1
        Framed-IP-Netmask = 255.255.255.255
        Framed-Routing = Broadcast-Listen
        Framed-Route = "2.3.4.0 255.255.255.248"
        Idle-Timeout = 900

十、配置RouteOS 使用radius认证

[root@radius ~]# vim /etc/raddb/clients.conf

client RouterOS {
        ipaddr = 192.168.137.50
        secret = 111
        shortname = RouterOS
        nastype = other
}

RouteOS的配置如下：

 

附上参考链接：

http://wiki.freeradius.org/guide/SQL-HOWTO

http://wiki.freeradius.org/config/Operators

http://www.cnblogs.com/fly1988happy/archive/2011/12/15/2288554.html

http://www.cnblogs.com/eastson/archive/2012/07/11/2584937.html

本文出自 “吴章未的博客” 博客，谢绝转载！