FreeRadius安装配置

自己整理的FreeRadius安装配置过程,大部分资料都是从网上收集的。每一步都经过验证,记录下来归档。


解压
tar -zxvf freeradius-server-2.1.12.tar.gz

cd freeradius-server-2.1.12

安装
./configure

make

make install

调试
radiusd -X

Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.

启动
radiusd

日志

/usr/local/var/log/radius/radius.log


测试
radtest [-d raddb_directory] user password radius-server nas-port-number secrect
nas-port-number:用不到,就为0即可
secret:就是在client.conf里的对应client的口令 (radius安装完后,本地client127.0.0.1的口令缺省就是testing123)

# radtest test test localhost 0 testing123
Sending Access-Request of id 48 to 127.0.0.1 port 1812
        User-Name = "test"
        User-Password = "test"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=48, length=20
尽管user,passwd都是假的,但只要收到Access-Reject,也证明FreeRADIUS 服务器已经正常启动

设置为开机自启动服务
把启动脚本文件复制到/etc/init.d目录下
cp /usr/local/sbin/rc.radiusd /etc/init.d/radius
# vi /etc/init.d/radius
在 #!/bin/sh 一行后面加入:
# radiusd      This shell script takes care of starting and stopping
#             standalone radiusd.
#
# chkconfig: - 70 70
# description: free radius server.
# processname: /usr/local/sbin/radiusd
# config: /usr/local/etc/raddb
使用命令:
#chkconfig --add radius
#chkconfig radius on

配置MySQL
创建数据库:create database radius;

进入usr/local/etc/raddb/sql/mysql下
#mysql -u root -p radius <scheme.sql 把表导入到数据库中
    导入后,可以在用命令
    #use radius;
    #show tabels;看到以下数据库表:
   +------------------+
   | Tables_in_radius |
   +------------------+
   | radacct          |
   | radcheck         |
   | radgroupcheck    |
   | radgroupreply    |
   | radpostauth      |
   | radreply         |
   | radusergroup     |
   +------------------+

修改usr/local/etc/raddb/site_enabled下的defoult文件,把authorize{} 、accounting {}中的sql前面的#去掉,并把authorize{} 中的files前加#

修改与mysql数据库连接的配置文件/usr/local/etc/raddb/sql.conf
     server = "localhost"
     login = "root"
     password = "数据库root的登陆密码"
     radius_db = "radius" //radius为数据库名

修改配置文件/usr/local/etc/raddb/radiusd.conf
  去掉$INCLUDE sql.conf前面的#号

如果出现“rlm_sql (sql): Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory”找不到驱动包的错误

 a:先安装mysql-devel 
 b:然后进入到freeradius的安装文件目录下的src/modules/rlm_sql/drivers/rlm_sql_mysql  运行命令:./configure --with-mysql-dir=/usr/share/mysql/ --with-mysql-lib-dir=/usr/lib/mysql/

 c:make

    make intall  

    这时候会把rlm_sql_mysql的驱动安装到/usr/local/lib目录下,但是必须把这些驱动copy到/usr/lib目录下才能正常运行:#cp -a /usr/local/lib/rlm_sql_mysql* /usr/lib


在数据库中加入测试帐号
     #mysql -u root -p
        Enter password:
       mysql> use radius;

     建立组信息:
     mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local');
      Query OK, 1 row affected (0.01 sec)

     mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type',':=','Framed-User');
      Query OK, 1 row affected (0.00 sec)

     mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Address',':=','255.255.255.255');
      Query OK, 1 row affected (0.00 sec)

     mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask',':=','255.255.255.0');
      Query OK, 1 row affected (0.01 sec)

     建立用户信息:
      mysql> insert into radcheck (username,attribute,op,value) values ('test','User-Password',':=','test');
      Query OK, 1 row affected (0.00 sec)

     将用户加入组中:
     mysql> insert into radusergroup (username,groupname) values ('test','user');
      Query OK, 1 row affected (0.01 sec)

     mysql>exit;退出数据库

测试
#radtest test test localhost 0 testing123

     Sending Access-Request of id 222 to 127.0.0.1 port 1812

     User-Name = "test"

     User-Password = "test"
     NAS-IP-Address = 127.0.0.1
     NAS-Port = 0

     rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=222, length=38

        Service-Type = Framed-User
        Framed-IP-Address = 255.255.255.255
        Framed-IP-Netmask = 255.255.255.0
 如果显示如上信息,则恭喜,freeradius安装配置成功。

你可能感兴趣的:(数据库,mysql,Authentication,query,insert,testing)