freeradius-server-2.1.12.tar.bz2+suse10 64+Oracle11配置
使用的环境
freeradius-server-2.1.12.tar.bz2
SUSE10 x86-64
Oracle11
配置关键:
freeradius-server和oracle服务器安装在一台机器上,
oracle已经安装好了。安装步骤可以参考网上的其他教程。
分开安装的没有成功。郁闷了,不搞了。
一、安装配置freeradius服务器步骤:
#bzip2 -dv freeradius-server-2.1.12.tar.bz2
#tar -xvf freeradius-server-2.1.12.tar
#cd freeradius-server-2.1.12
#./configure --prefix=/usr/local/freeradius
#make
#make install
#cd /usr/local/freeradius/sbin
#./radiusd -X
【Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/freeradius/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814】 ok
#cd /usr/local/freeradius/etc/raddb
在users文件第一行插入
test Cleartext-Password := "testing"
表示加入了一个用户,名字为test,密码为明文的testing。
本机客户端测试(client/server都在一台机器上):
保存文件后,重启服务器,
#./radiusd -X.
然后另开一个终端(作为client),
#cd /usr/local/freeradius/bin
发送验证请求
#./radtest test testing 127.0.0.1 0 testing123
返回的结果为
Sending Access-Request of id 163 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "testing"
NAS-IP-Address = 10.18.57.161
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=163, length=20
如果返回的结果的最后一行是 rad_recv: Access-Accept 那就说明本地测试成功了
如果最后一行是rad_recv: Access-Reject那就表示失败了
要其他IP地址的客户端访问radius服务器,就在文件clients.conf末尾添加
#cd /usr/local/freeradius/etc/raddb
#vi clients.conf
在末尾添加
client 10.18.20.155 {
ipaddr = 10.18.20.155
secret = testing123
shortname = clienttestos
nastype = other
}
用Radius Test 2.6在客户机10.18.20.155上测试,
显示如下内容,表示认证成功,结果如下:
------------------------------------
Sending Access-Request of id 118 to 10.18.57.161 port 1812
User-Name = "test"
Password = "testing"
rad_recv: Access-Accept packet from host 10.18.57.161 port 1812, id=118, length=20
Total approved auths: 1
Total denied auths: 0
Total lost auths: 0
Total time(secs): 0
----------------------------------
二、配置与Oracle数据库的连接步骤:
配置oracle数据
#su - oracle
-- 创建用户
create user radius identified by radpass;
GRANT CONNECT,RESOURCE,DBA to radius;
--创建表
#mkdir /home/oracle/sqls
将 /usr/local/etc/raddb/sql/oracle/schema.sql 拷贝到 /home/oracle/sql
--修改权限
#chown oracle:oinstall /home/oracle/sqls/schema.sql
#chmod 744 /home/oracle/sqls/schema.sql
切换到oracle
#su - oracle
$sqlplus radius/radpass@<yoursid>
SQL>start /home/oracle/sqls/schema.sql
SQL>alter table radacct modify groupname null; --非必须,如果报错,不用理会
SQL>CREATE TABLE nas (
id INT PRIMARY KEY,
nasname VARCHAR(128),
shortname VARCHAR(32),
type VARCHAR(30),
ports INT,
secret VARCHAR(60),
server VARCHAR(64),
community VARCHAR(50),
description VARCHAR(200)
);
SQL>CREATE SEQUENCE nas_seq START WITH 1 INCREMENT BY 1;
SQL>INSERT INTO radgroupreply VALUES (radgroupreply_seq.nextval, 'user','Service-Type','=','Framed-User');
SQL>INSERT INTO radgroupcheck VALUES (radgroupcheck_seq.nextval, 'user','Auth-Type','=','Local');
SQL>INSERT INTO radcheck VALUES (radcheck_seq.nextval, 'ora_usr','User-Password','==','ora_pwd');
SQL>INSERT INTO radusergroup VALUES (radusergroup_seq.nextval, 'ora_usr','user');
SQL>commit;
SQL>exit;
接下来对freeradius进行配置
编辑/usr/local/freeradius/etc/raddb/sql.conf
# vim /usr/local/freeradius/etc/raddb/sql.conf
修改配置文件中mysql的帐号及密码
#database = "mysql"
database = "oracle"
# Connection info:
server = “localhost”
port = 1521
login = "radius"
password = "radpass"
#radius_db = "radius"
radius_db = "(DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.18.57.161)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = portaldb)))"
编辑/usr/local/etc/raddb/sites-enabled/default
# vim /usr/local/freeradius/etc/raddb/sites-enabled/default
(行数仅供参考,版本不同行数也不同)
170行 files 前加 # 注释
177行 去掉 sql 前 # 注释
406行 去掉 sql 前 # 注释
编辑/usr/local/freeradius/etc/raddb/sites-enabled/inner-tunnel
# vim /usr/local/freeradius/etc/raddb/sites-enabled/inner-tunnel
124行 files 前加 # 注释
131行 去掉 sql 前 # 注释
编辑/usr/local/freeradius/etc/raddb/radiusd.conf
# vim /usr/local/freeradius/etc/raddb/radiusd.conf
去掉700行 $INCLUDE sql.conf 前的#注释
配置完成,启动测试
# radius -X (X必须是大写)
Could not link driver rlm_sql_oracle: rlm_sql_oracle.so: cannot open shared object file: No such file or directory
出现上面的错误,先要看一下有没有rlm_sql_oracle.so这个文件
# find / -name rlm_sql_oracle.so
多半是没有了,那么需要编译一个出来
回到之前解压的freeradius-server-2.1.12目录里
# cd ~/freeradius-server-2.1.12/src/modules/rlm_sql/drivers/rlm_sql_oracle
# ./configure --with-oracle-include-dir=${ORACLE_HOME}/rdbms/public --with-oracle-lib-dir=${ORACLE_HOME}/lib
将当前目录下的Makefile改成如下内容
------------------------------------------------------------------------------------------------
include ../../../../../Make.inc
TARGET = rlm_sql_oracle
SRCS = sql_oracle.c
RLM_SQL_CFLAGS = -I/opt/oracle/db/product/11.1.0/db_1/rdbms/public/ $(INCLTDL)
RLM_SQL_LIBS = -L/opt/oracle/db/product/11.1.0/db_1/lib -lclntsh -lm
include ../rules.mak
----------------------------------------------------------------------------------------------
# make && make install
重启
# radius -X
然后另开一个终端(作为client),
#cd /usr/local/freeradius/bin
发送验证请求
#./radtest rad_usr rad_pwd 127.0.0.1 0 testing123
三、freeradius和oracle连接错误排查 -- 我没有遇到
freeradius与oracle的连接配置完成,启动测试
# radius -X (X必须是大写)
出现如下错误提示:
Could not link driver rlm_sql_oracle: libnnz11.so: cannot open shared object file: No such file or directory
Make sure it (and all its dependent libraries!) are in the search path of your system's ld.
/usr/local/freeradius/etc/raddb/sql.conf[22]: Instantiation failed for module "sql"
/usr/local/freeradius/etc/raddb/sites-enabled/default[177]: Failed to load module "sql".
/usr/local/freeradius/etc/raddb/sites-enabled/default[69]: Errors parsing authorize section.
解决方法如下:
# echo ${ORACLE_HOME}/lib >> /etc/ld.so.conf
# ldconfig
再次启动:
# ./radiusd -X (X必须是大写)
出现如下错误提示:
/usr/local/freeradius/etc/raddb/sites-enabled/inner-tunnel[124]: Failed to load module "$files".
/usr/local/freeradius/etc/raddb/sites-enabled/inner-tunnel[47]: Errors parsing authorize section.
#cd /usr/local/freeradius/etc/raddb/sites-enabled
#vim inner-tunnel
修改124行,添加注释
# $files
若测试再出错,确认oracle用户名是否修改正确:
# vim /usr/local/freeradius/etc/raddb/sql.conf
修改配置文件中mysql的帐号及密码
# Connection info:
login = "radius"
password = "radpass"
--------------------------------------------------
用java代码进行认证测试
jradius-client.jar
freeradius-server-2.1.12.tar.bz2
SUSE10 x86-64
Oracle11
配置关键:
freeradius-server和oracle服务器安装在一台机器上,
oracle已经安装好了。安装步骤可以参考网上的其他教程。
分开安装的没有成功。郁闷了,不搞了。
一、安装配置freeradius服务器步骤:
#bzip2 -dv freeradius-server-2.1.12.tar.bz2
#tar -xvf freeradius-server-2.1.12.tar
#cd freeradius-server-2.1.12
#./configure --prefix=/usr/local/freeradius
#make
#make install
#cd /usr/local/freeradius/sbin
#./radiusd -X
【Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/freeradius/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814】 ok
#cd /usr/local/freeradius/etc/raddb
在users文件第一行插入
test Cleartext-Password := "testing"
表示加入了一个用户,名字为test,密码为明文的testing。
本机客户端测试(client/server都在一台机器上):
保存文件后,重启服务器,
#./radiusd -X.
然后另开一个终端(作为client),
#cd /usr/local/freeradius/bin
发送验证请求
#./radtest test testing 127.0.0.1 0 testing123
返回的结果为
Sending Access-Request of id 163 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "testing"
NAS-IP-Address = 10.18.57.161
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=163, length=20
如果返回的结果的最后一行是 rad_recv: Access-Accept 那就说明本地测试成功了
如果最后一行是rad_recv: Access-Reject那就表示失败了
要其他IP地址的客户端访问radius服务器,就在文件clients.conf末尾添加
#cd /usr/local/freeradius/etc/raddb
#vi clients.conf
在末尾添加
client 10.18.20.155 {
ipaddr = 10.18.20.155
secret = testing123
shortname = clienttestos
nastype = other
}
用Radius Test 2.6在客户机10.18.20.155上测试,
显示如下内容,表示认证成功,结果如下:
------------------------------------
Sending Access-Request of id 118 to 10.18.57.161 port 1812
User-Name = "test"
Password = "testing"
rad_recv: Access-Accept packet from host 10.18.57.161 port 1812, id=118, length=20
Total approved auths: 1
Total denied auths: 0
Total lost auths: 0
Total time(secs): 0
----------------------------------
二、配置与Oracle数据库的连接步骤:
配置oracle数据
#su - oracle
-- 创建用户
create user radius identified by radpass;
GRANT CONNECT,RESOURCE,DBA to radius;
--创建表
#mkdir /home/oracle/sqls
将 /usr/local/etc/raddb/sql/oracle/schema.sql 拷贝到 /home/oracle/sql
--修改权限
#chown oracle:oinstall /home/oracle/sqls/schema.sql
#chmod 744 /home/oracle/sqls/schema.sql
切换到oracle
#su - oracle
$sqlplus radius/radpass@<yoursid>
SQL>start /home/oracle/sqls/schema.sql
SQL>alter table radacct modify groupname null; --非必须,如果报错,不用理会
SQL>CREATE TABLE nas (
id INT PRIMARY KEY,
nasname VARCHAR(128),
shortname VARCHAR(32),
type VARCHAR(30),
ports INT,
secret VARCHAR(60),
server VARCHAR(64),
community VARCHAR(50),
description VARCHAR(200)
);
SQL>CREATE SEQUENCE nas_seq START WITH 1 INCREMENT BY 1;
SQL>INSERT INTO radgroupreply VALUES (radgroupreply_seq.nextval, 'user','Service-Type','=','Framed-User');
SQL>INSERT INTO radgroupcheck VALUES (radgroupcheck_seq.nextval, 'user','Auth-Type','=','Local');
SQL>INSERT INTO radcheck VALUES (radcheck_seq.nextval, 'ora_usr','User-Password','==','ora_pwd');
SQL>INSERT INTO radusergroup VALUES (radusergroup_seq.nextval, 'ora_usr','user');
SQL>commit;
SQL>exit;
接下来对freeradius进行配置
编辑/usr/local/freeradius/etc/raddb/sql.conf
# vim /usr/local/freeradius/etc/raddb/sql.conf
修改配置文件中mysql的帐号及密码
#database = "mysql"
database = "oracle"
# Connection info:
server = “localhost”
port = 1521
login = "radius"
password = "radpass"
#radius_db = "radius"
radius_db = "(DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.18.57.161)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = portaldb)))"
编辑/usr/local/etc/raddb/sites-enabled/default
# vim /usr/local/freeradius/etc/raddb/sites-enabled/default
(行数仅供参考,版本不同行数也不同)
170行 files 前加 # 注释
177行 去掉 sql 前 # 注释
406行 去掉 sql 前 # 注释
编辑/usr/local/freeradius/etc/raddb/sites-enabled/inner-tunnel
# vim /usr/local/freeradius/etc/raddb/sites-enabled/inner-tunnel
124行 files 前加 # 注释
131行 去掉 sql 前 # 注释
编辑/usr/local/freeradius/etc/raddb/radiusd.conf
# vim /usr/local/freeradius/etc/raddb/radiusd.conf
去掉700行 $INCLUDE sql.conf 前的#注释
配置完成,启动测试
# radius -X (X必须是大写)
Could not link driver rlm_sql_oracle: rlm_sql_oracle.so: cannot open shared object file: No such file or directory
出现上面的错误,先要看一下有没有rlm_sql_oracle.so这个文件
# find / -name rlm_sql_oracle.so
多半是没有了,那么需要编译一个出来
回到之前解压的freeradius-server-2.1.12目录里
# cd ~/freeradius-server-2.1.12/src/modules/rlm_sql/drivers/rlm_sql_oracle
# ./configure --with-oracle-include-dir=${ORACLE_HOME}/rdbms/public --with-oracle-lib-dir=${ORACLE_HOME}/lib
将当前目录下的Makefile改成如下内容
------------------------------------------------------------------------------------------------
include ../../../../../Make.inc
TARGET = rlm_sql_oracle
SRCS = sql_oracle.c
RLM_SQL_CFLAGS = -I/opt/oracle/db/product/11.1.0/db_1/rdbms/public/ $(INCLTDL)
RLM_SQL_LIBS = -L/opt/oracle/db/product/11.1.0/db_1/lib -lclntsh -lm
include ../rules.mak
----------------------------------------------------------------------------------------------
# make && make install
重启
# radius -X
然后另开一个终端(作为client),
#cd /usr/local/freeradius/bin
发送验证请求
#./radtest rad_usr rad_pwd 127.0.0.1 0 testing123
三、freeradius和oracle连接错误排查 -- 我没有遇到
freeradius与oracle的连接配置完成,启动测试
# radius -X (X必须是大写)
出现如下错误提示:
Could not link driver rlm_sql_oracle: libnnz11.so: cannot open shared object file: No such file or directory
Make sure it (and all its dependent libraries!) are in the search path of your system's ld.
/usr/local/freeradius/etc/raddb/sql.conf[22]: Instantiation failed for module "sql"
/usr/local/freeradius/etc/raddb/sites-enabled/default[177]: Failed to load module "sql".
/usr/local/freeradius/etc/raddb/sites-enabled/default[69]: Errors parsing authorize section.
解决方法如下:
# echo ${ORACLE_HOME}/lib >> /etc/ld.so.conf
# ldconfig
再次启动:
# ./radiusd -X (X必须是大写)
出现如下错误提示:
/usr/local/freeradius/etc/raddb/sites-enabled/inner-tunnel[124]: Failed to load module "$files".
/usr/local/freeradius/etc/raddb/sites-enabled/inner-tunnel[47]: Errors parsing authorize section.
#cd /usr/local/freeradius/etc/raddb/sites-enabled
#vim inner-tunnel
修改124行,添加注释
# $files
若测试再出错,确认oracle用户名是否修改正确:
# vim /usr/local/freeradius/etc/raddb/sql.conf
修改配置文件中mysql的帐号及密码
# Connection info:
login = "radius"
password = "radpass"
--------------------------------------------------
用java代码进行认证测试
jradius-client.jar
import net.sourceforge.jradiusclient.RadiusClient;
import net.sourceforge.jradiusclient.RadiusPacket;
import net.sourceforge.jradiusclient.packets.ChapAccessRequest;
import net.sourceforge.jradiusclient.packets.PapAccessRequest;
public class RadiusAuthService
{
/**
* 得到RadiusClient
* @param authport 服务器端口
* @param serverIp 服务器Ip
* @param shareSecret 密钥
* @return RadiusClient RadiusClient
*/
private RadiusClient getRadiusClient(int authport, String serverIp,
String shareSecret)
{
RadiusClient client = null;
try
{
client = new RadiusClient(serverIp, authport, 1813, shareSecret);
}
catch (Exception e)
{
e.printStackTrace();
}
return client;
}
/**
* 认证
* @param userName 用户名
* @param userPassWord 密码
* @param userAuthMode 认证模式(pap or chap)
* @param authPort 端口
* @param serverIP 服务器ip
* @param shareSecret 密钥
* @return 是否成功
*/
public boolean auth(String userName, String userPassWord,
String userAuthMode, int authPort, String serverIP,
String shareSecret)
{
Boolean isSucces = Boolean.FALSE;
RadiusPacket accessResponse = null;
RadiusClient client = null;
if (serverIP != null && !serverIP.equals(""))
{
client = getRadiusClient(authPort, serverIP, shareSecret);
}
RadiusPacket accessRequest = null;
try
{
if (userAuthMode.equalsIgnoreCase("chap"))
{
accessRequest = new ChapAccessRequest(userName, userPassWord);
}
else
{
accessRequest = new PapAccessRequest(userName, userPassWord);
}
// 连接认证服务器
accessResponse = client.authenticate(accessRequest);
int accessResponseResult = 0;
if (null != accessResponse)
{
accessResponseResult = accessResponse.getPacketType();
}
// 验证通过
if (RadiusPacket.ACCESS_ACCEPT == accessResponseResult
|| RadiusPacket.ACCESS_CHALLENGE == accessResponseResult)
{
isSucces = Boolean.TRUE;
}
// 验证不通过
else if (accessResponseResult == RadiusPacket.ACCESS_REJECT)
{
//
}
}
catch (Exception ex)
{
ex.printStackTrace();
}
return isSucces;
}
public static void main(String[] args)
{
Boolean authResult = Boolean.FALSE;
String userName = "ora_usr";
String userPassWord = "ora_pwd";
String userAuthMode = "";
int authPort = 1812;
String serverIP = "10.18.57.161";
String shareSecret = "testing123";
RadiusAuthService radiusAuthService = new RadiusAuthService();
authResult = radiusAuthService.auth(userName, userPassWord,
userAuthMode, authPort, serverIP, shareSecret);
System.out.println("-------------" + authResult);
}
}