Ubuntu 8.04下安装freeradius,并使用freeradius实现用户论证!
发表于 : 2008-08-06 9:16
1.Download freeradius软件!
http://freeradius.org/download.html
2.安装mysql数据库
建议Ubuntu下用“新立得软件包管理器”安装mysql 5.0,需先安装mysql数据库,因为freeradius会查找相关库文件。
3.安装freeradius
root@ns:/software# cd /software/
root@ns:/software# ls free*
freeradius-server-2.0.5.tar.gz
root@ns:/software# tar -zxvf freeradius-server-2.0.5.tar.gz
root@ns:/software# ls free*
freeradius-server-2.0.5.tar.gz
freeradius-server-2.0.5
root@ns:/software# cd freeradius-server-2.0.5
root@ns:/software/freeradius-server-2.0.5# ./configure
root@ns:/software/freeradius-server-2.0.5#make
root@ns:/software/freeradius-server-2.0.5#make install
4.测试freeradius是否正常安装!
root@ns:/software/freeradius-server-2.0.5# radiusd -X
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
出现以上信息证明freeradius安装正常!
5.配置数据库
root@ns:/etc#
root@ns:/etc# cd /usr/local/etc/raddb/sql/mysql
root@ns:/usr/local/etc/raddb/sql/mysql#
root@ns:/usr/local/etc/raddb/sql/mysql# ls
admin.sql counter.conf dialup.conf ippool.conf ippool.sql nas.sql schema.sql
root@ns:/usr/local/etc/raddb/sql/mysql#
root@ns:/usr/local/etc/raddb/sql/mysql# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 11
Server version: 5.0.51a-3ubuntu5.2 (Ubuntu)
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> create database radius;
Query OK, 1 row affected (0.02 sec)
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| radius |
+--------------------+
4 rows in set (0.00 sec)
mysql> exit
root@ns:/usr/local/etc/raddb/sql/mysql#
root@ns:/usr/local/etc/raddb/sql/mysql# mysql -uroot -p radius<schema.sql
root@ns:/usr/local/etc/raddb/sql/mysql# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 11
Server version: 5.0.51a-3ubuntu5.2 (Ubuntu)
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> use radius;
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type','=','Framed-User');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask','=','255.255.255.255');
mysql> insert into radgroupcheck (groupname, attribute, op, value) values ("user", "Auth-Type", ":=", "Local");
mysql> insert into radcheck (username,attribute,op,value) values ('test-user1','User-Password','==','test-passwd1');
mysql> insert into usergroup(username,groupname) values('test-user1','user');
6.测试freeradius与mysql是否正常运行
(1)打开一个终端,运行radiusd -X
root@ns:/etc# radiusd -X
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
(2)新开一个终端用mysql数据库中的用户去测试
root@ns:/etc# radtest 'test-user1 test-password1 127.0.0.1 0 mysql
Sending Access-Request of id 26 to 127.0.0.1 port 1812
User-Name = "test-user1"
User-Password = "test-password"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=26, length=20
root@ns:/etc#
从以上信息可以看出,freeradius与mysql的联动已经成功!
freeradius与mysql安装并调试好之后,就要和设备联动,例如VPN帐号的论证可以通过freeradius服务器认证,只需要在设备上配置AAA认证使用radius服务器认证,选项有:
freeradius server ip、freeradius server port(authentication默认1276)、secret password。
最后测试!(PS:步骤稍微省略了一点,有问题可以跟帖!)
http://freeradius.org/download.html
2.安装mysql数据库
建议Ubuntu下用“新立得软件包管理器”安装mysql 5.0,需先安装mysql数据库,因为freeradius会查找相关库文件。
3.安装freeradius
root@ns:/software# cd /software/
root@ns:/software# ls free*
freeradius-server-2.0.5.tar.gz
root@ns:/software# tar -zxvf freeradius-server-2.0.5.tar.gz
root@ns:/software# ls free*
freeradius-server-2.0.5.tar.gz
freeradius-server-2.0.5
root@ns:/software# cd freeradius-server-2.0.5
root@ns:/software/freeradius-server-2.0.5# ./configure
root@ns:/software/freeradius-server-2.0.5#make
root@ns:/software/freeradius-server-2.0.5#make install
4.测试freeradius是否正常安装!
root@ns:/software/freeradius-server-2.0.5# radiusd -X
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
出现以上信息证明freeradius安装正常!
5.配置数据库
root@ns:/etc#
root@ns:/etc# cd /usr/local/etc/raddb/sql/mysql
root@ns:/usr/local/etc/raddb/sql/mysql#
root@ns:/usr/local/etc/raddb/sql/mysql# ls
admin.sql counter.conf dialup.conf ippool.conf ippool.sql nas.sql schema.sql
root@ns:/usr/local/etc/raddb/sql/mysql#
root@ns:/usr/local/etc/raddb/sql/mysql# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 11
Server version: 5.0.51a-3ubuntu5.2 (Ubuntu)
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> create database radius;
Query OK, 1 row affected (0.02 sec)
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| radius |
+--------------------+
4 rows in set (0.00 sec)
mysql> exit
root@ns:/usr/local/etc/raddb/sql/mysql#
root@ns:/usr/local/etc/raddb/sql/mysql# mysql -uroot -p radius<schema.sql
root@ns:/usr/local/etc/raddb/sql/mysql# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 11
Server version: 5.0.51a-3ubuntu5.2 (Ubuntu)
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> use radius;
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type','=','Framed-User');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask','=','255.255.255.255');
mysql> insert into radgroupcheck (groupname, attribute, op, value) values ("user", "Auth-Type", ":=", "Local");
mysql> insert into radcheck (username,attribute,op,value) values ('test-user1','User-Password','==','test-passwd1');
mysql> insert into usergroup(username,groupname) values('test-user1','user');
6.测试freeradius与mysql是否正常运行
(1)打开一个终端,运行radiusd -X
root@ns:/etc# radiusd -X
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
(2)新开一个终端用mysql数据库中的用户去测试
root@ns:/etc# radtest 'test-user1 test-password1 127.0.0.1 0 mysql
Sending Access-Request of id 26 to 127.0.0.1 port 1812
User-Name = "test-user1"
User-Password = "test-password"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=26, length=20
root@ns:/etc#
从以上信息可以看出,freeradius与mysql的联动已经成功!
freeradius与mysql安装并调试好之后,就要和设备联动,例如VPN帐号的论证可以通过freeradius服务器认证,只需要在设备上配置AAA认证使用radius服务器认证,选项有:
freeradius server ip、freeradius server port(authentication默认1276)、secret password。
最后测试!(PS:步骤稍微省略了一点,有问题可以跟帖!)