精華區 > 酷!學園 精華區
安裝 FreeRADIUS + Files + MySQL 認證
k1951223:
我是參考下列資料
架設freeradius+mysql 的radius服務器
http://www.yesky.com/20030306/1655467.shtml
想玩無線網路認證值得先看的文件
http://phorum.study-area.org/viewtopic.php?t=31918&highlight=radius
及其他網路上利用 google 查到的資料作的說明
安裝 FreeRADIUS + Files + MySQL 認證
1. 下載 FreeRADIUS
wget ftp://ftp.freeradius.org/pub/radius/freeradius-1.0.4.tar.gz
2. 解壓縮
tar zxvf freeradius-1.0.4.tar.gz
3. 安裝 FreeRADIUS
cd freeradius-1.0.4
./configure --localstatedir=/var --sysconfdir=/etc
make
make install
註: 有時候會報找不到文件rlm_sql_mysql這個時候只要把庫文件加入系統搜索的目錄裡
比如:
cp /usr/local/lib/* /usr/lib
4. 建立mysql的數據庫raius的表
MySQL root 登入
mysql -uroot -p密碼
建立 radius 資料庫
create database radius;
建立 radius 使用者
匯入 radius 資料表
cd src/modules/rlm_sql/drivers/rlm_sql_mysql
mysql -uroot -p密碼 radius < db_mysql.sql
建立相關資料
加入群組資料
mysql -uroot -p密碼 radius
--- 代碼: ---insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local');
insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type',':=','Framed-User');
insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Address',':=','255.255.255.254');
insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask',':=','255.255.255.0');
--- 程式碼結尾 ---
加入測試賬號
--- 代碼: ---insert into radcheck (username,attribute,op,value) values ('test','User-Password',':=','test');
--- 程式碼結尾 ---
測試賬號加入群組
--- 代碼: ---insert into usergroup (username,groupname) values ('test','user');
--- 程式碼結尾 ---
以後新增人員時只要使用下列命令
--- 代碼: ---insert into radcheck (username,attribute,op,value) values ('帳號','User-Password',':=','密碼');
insert into usergroup (username,groupname) values ('帳號','user');
--- 程式碼結尾 ---
4. 設定 RADIUS
更改freeradius的設置
cd /etc/raddb
備份原始設定檔
--- 代碼: ---cp /etc/raddb/radiusd.conf /etc/raddb/radiusd.conf-def
cp /etc/raddb/clients.conf /etc/raddb/clients.conf-def
cp /etc/raddb/sql.conf /etc/raddb/sql.conf-def
cp /etc/raddb/eap.conf /etc/raddb/eap.conf-def
cp /etc/raddb/users /etc/raddb/users-def
--- 程式碼結尾 ---
更改 radiusd.conf 部份設定 如下列
--- 代碼: ---user = root
group = root
hostname_lookups = yes
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = yes
log_auth = yes
log_auth_badpass = yes
log_auth_goodpass = yes
usercollide = no
lower_user = yes
lower_pass = no
nospace_user = no
nospace_pass = no
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
preproxy_usersfile = ${confdir}/preproxy_users
compat = no
}
detail {
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
detail auth_log {
detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
detailperm = 0600
}
detail reply_log {
detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d
detailperm = 0600
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
}
attr_filter {
attrsfile = ${confdir}/attrs
}
authorize {
preprocess
auth_log
attr_filter
chap
mschap
suffix
eap
files
sql
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
eap
}
preacct {
preprocess
acct_unique
suffix
files
}
accounting {
detail
radutmp
sql
}
session {
radutmp
sql
}
post-auth {
reply_log
sql
}
--- 程式碼結尾 ---
在 clients.conf 增加下列設定
--- 代碼: ---client 192.168.1.1 {
secret = testing123
shortname = test
}
--- 程式碼結尾 ---
更改 sql.conf 部份設定如下列
--- 代碼: ---sql {
driver = "rlm_sql_mysql"
server = "localhost" # MySQL 主機位置
login = "radius" # MySQL 帳號
password = "radius" # MySQL 密碼
radius_db = "radius" # MySQL 資料庫名稱
acct_table1 = "radacct"
acct_table2 = "radacct"
postauth_table = "radpostauth"
authcheck_table = "radcheck"
authreply_table = "radreply"
groupcheck_table = "radgroupcheck"
groupreply_table = "radgroupreply"
usergroup_table = "usergroup"
deletestalesessions = yes
sqltrace = yes
sqltracefile = ${logdir}/sqltrace.sql
num_sql_socks = 5
connect_failure_retry_delay = 60
sql_user_name = "%{User-Name}"
--- 程式碼結尾 ---
更改 eap.conf 部份設定如下列
--- 代碼: ---eap {
第 22 行 原 default_eap_type = md5
改為 default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
md5 {
}
leap {
}
gtc {
auth_type = PAP
}
# 取消下列幾行的註解
tls {
private_key_password = whatever
private_key_file = ${raddbdir}/certs/cert-srv.pem
certificate_file = ${raddbdir}/certs/cert-srv.pem
CA_file = ${raddbdir}/certs/demoCA/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
}
peap {
default_eap_type = mschapv2
}
mschapv2 {
}
}
--- 程式碼結尾 ---
更改 users 如下列
在第96行增加
--- 代碼: ---"testf" Auth-Type := Local, User-Password == "testf"
Reply-Message = "Hello, %u"
註解 第 154 ,155 行
#DEFAULT Auth-Type = System
# Fall-Through = 1
--- 程式碼結尾 ---
測試 flies 認證
radtest testf testf localhost 0 testing123
測試 MySQL 認證
radtest test test localhost 0 testing123
結果如下
[root@UI-linux raddb]# radtest testf testf localhost 0 testing123
Sending Access-Request of id 188 to 127.0.0.1:1812
User-Name = "testf"
User-Password = "testf"
NAS-IP-Address = UI-linux
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=188, length=34
Reply-Message = "Hello, testf"
[root@UI-linux raddb]# radtest test test localhost 0 testing123
Sending Access-Request of id 192 to 127.0.0.1:1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = UI-linux
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=192, length=38
Service-Type = Framed-User
Framed-IP-Address = 255.255.255.254
Framed-IP-Netmask = 255.255.255.0
[root@UI-linux raddb]#
chen123:
k1951223大大你好:
我已安裝了mysql-3.23.57及freeradius-1.1.2
但於匯入 radius 資料表
cd src/modules/rlm_sql/drivers/rlm_sql_mysql
mysql -uroot -p密碼 radius < db_mysql.sql
會出現db_mysql.sql檔案不存在
請問這個資料表是freeradius安裝好了後就自動產生的嗎?還是....?
抱歉!新手上路,請多加指導!!
k1951223:
chen123
那個 db_mysql.sql 檔案,是安裝時套件
內含的資料庫格式檔,可能是由於版本不同
而放置位置不同,可以用 locate mysql.sql
查一下主機內含有 mysql.sql 檔名的檔案
放置在那個位置
chen123:
--- 引述: "k1951223" ---chen123
那個 db_mysql.sql 檔案,是安裝時套件
內含的資料庫格式檔,可能是由於版本不同
而放置位置不同,可以用 locate mysql.sql
查一下主機內含有 mysql.sql 檔名的檔案
放置在那個位置
--- 引用結尾 ---
謝謝!
在/usr/local/share/doc/freeradius/examples/下找到mysql.sql並匯入完成!
另依大哥設定的方法設定後,並測試flies認證
出現下列訊息:
[root@radius examples]# radtest testf testf localhost 0 testing123
Sending Access-Request of id 185 to 127.0.0.1 port 1812
User-Name = "testf"
User-Password = "testf"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Re-sending Access-Request of id 185 to 127.0.0.1 port 1812
User-Name = "testf"
User-Password = "testf"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
:
radclient: no response from server for ID 185
並未測試成功,不知是否是NAS-IP-Address的問題?
後來以radiusd -X偵錯,訊息如下:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = yes
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "root"
main: group = "root"
main: usercollide = no
main: lower_user = "yes"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
There appears to be another RADIUS server running on the authentication port 1812
最後一行出現好像有別的RADIUS在跑1812埠對嗎?要怎麼修正這個錯誤呢?
還請大哥解惑!謝謝!!
yhsien:
--- 引述: "chen123" ---
--- 引述: "k1951223" ---chen123
那個 db_mysql.sql 檔案,是安裝時套件
內含的資料庫格式檔,可能是由於版本不同
而放置位置不同,可以用 locate mysql.sql
查一下主機內含有 mysql.sql 檔名的檔案
放置在那個位置
--- 引用結尾 ---
謝謝!
在/usr/local/share/doc/freeradius/examples/下找到mysql.sql並匯入完成!
另依大哥設定的方法設定後,並測試flies認證
出現下列訊息:
[root@radius examples]# radtest testf testf localhost 0 testing123
Sending Access-Request of id 185 to 127.0.0.1 port 1812
User-Name = "testf"
User-Password = "testf"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Re-sending Access-Request of id 185 to 127.0.0.1 port 1812
User-Name = "testf"
User-Password = "testf"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
:
radclient: no response from server for ID 185
並未測試成功,不知是否是NAS-IP-Address的問題?
後來以radiusd -X偵錯,訊息如下:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = yes
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "root"
main: group = "root"
main: usercollide = no
main: lower_user = "yes"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
There appears to be another RADIUS server running on the authentication port 1812
最後一行出現好像有別的RADIUS在跑1812埠對嗎?要怎麼修正這個錯誤呢?
還請大哥解惑!謝謝!!
--- 引用結尾 ---
應該是你裝好freeradius後就已經跑起來了
ps aux | grep radiusd
找出PID
kill -9 '你找到的PID'
結束掉原先已經在執行的radiusd之後再執行 radiusd -X
導覽
[0] 文章列表
[#] 下頁
前往完整版本