自己整理的FreeRadius安装配置过程,大部分资料都是从网上收集的。每一步都经过验证,记录下来归档。
解压
tar -zxvf freeradius-server-2.1.12.tar.gz
cd freeradius-server-2.1.12
安装
./configure
make
make install
调试
radiusd -X
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
启动
radiusd
日志
/usr/local/var/log/radius/radius.log
测试
radtest [-d raddb_directory] user password radius-server nas-port-number secrect
nas-port-number:用不到,就为0即可
secret:就是在client.conf里的对应client的口令 (radius安装完后,本地client127.0.0.1的口令缺省就是testing123)
# radtest test test localhost 0 testing123
Sending Access-Request of id 48 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=48, length=20
尽管user,passwd都是假的,但只要收到Access-Reject,也证明FreeRADIUS 服务器已经正常启动
设置为开机自启动服务
把启动脚本文件复制到/etc/init.d目录下
cp /usr/local/sbin/rc.radiusd /etc/init.d/radius
# vi /etc/init.d/radius
在 #!/bin/sh 一行后面加入:
# radiusd This shell script takes care of starting and stopping
# standalone radiusd.
#
# chkconfig: - 70 70
# description: free radius server.
# processname: /usr/local/sbin/radiusd
# config: /usr/local/etc/raddb
使用命令:
#chkconfig --add radius
#chkconfig radius on
配置MySQL
创建数据库:create database radius;
进入usr/local/etc/raddb/sql/mysql下
#mysql -u root -p radius <scheme.sql 把表导入到数据库中
导入后,可以在用命令
#use radius;
#show tabels;看到以下数据库表:
+------------------+
| Tables_in_radius |
+------------------+
| radacct |
| radcheck |
| radgroupcheck |
| radgroupreply |
| radpostauth |
| radreply |
| radusergroup |
+------------------+
修改usr/local/etc/raddb/site_enabled下的defoult文件,把authorize{} 、accounting {}中的sql前面的#去掉,并把authorize{} 中的files前加#
修改与mysql数据库连接的配置文件/usr/local/etc/raddb/sql.conf
server = "localhost"
login = "root"
password = "数据库root的登陆密码"
radius_db = "radius" //radius为数据库名
修改配置文件/usr/local/etc/raddb/radiusd.conf
去掉$INCLUDE sql.conf前面的#号
如果出现“rlm_sql (sql): Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory”找不到驱动包的错误
a:先安装mysql-devel
b:然后进入到freeradius的安装文件目录下的src/modules/rlm_sql/drivers/rlm_sql_mysql 运行命令:./configure --with-mysql-dir=/usr/share/mysql/ --with-mysql-lib-dir=/usr/lib/mysql/
c:make
make intall
这时候会把rlm_sql_mysql的驱动安装到/usr/local/lib目录下,但是必须把这些驱动copy到/usr/lib目录下才能正常运行:#cp -a /usr/local/lib/rlm_sql_mysql* /usr/lib
在数据库中加入测试帐号
#mysql -u root -p
Enter password:
mysql> use radius;
建立组信息:
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local');
Query OK, 1 row affected (0.01 sec)
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type',':=','Framed-User');
Query OK, 1 row affected (0.00 sec)
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Address',':=','255.255.255.255');
Query OK, 1 row affected (0.00 sec)
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask',':=','255.255.255.0');
Query OK, 1 row affected (0.01 sec)
建立用户信息:
mysql> insert into radcheck (username,attribute,op,value) values ('test','User-Password',':=','test');
Query OK, 1 row affected (0.00 sec)
将用户加入组中:
mysql> insert into radusergroup (username,groupname) values ('test','user');
Query OK, 1 row affected (0.01 sec)
mysql>exit;退出数据库
测试
#radtest test test localhost 0 testing123
Sending Access-Request of id 222 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=222, length=38
Service-Type = Framed-User
Framed-IP-Address = 255.255.255.255
Framed-IP-Netmask = 255.255.255.0
如果显示如上信息,则恭喜,freeradius安装配置成功。