原文地址:http://www.zhukun.net/archives/5375
PPTP + FreeRADIUS + MySQL 安装与配置
FreeRADIUS 是实现 RADIUS 协议的开源软件,而 RADIUS 主要用来实现认证(Authentication)、授权(Authorization)以及计费(Accounting)功能。本文内容在Centos 5.7 32bit下测试成功。
一,VPN服务器安装配置
# 安装编译环境
yum install -y wget gcc gcc-c++ make |
# 安装ppp
yum install -y ppp |
# 安装PPTP VPN
wget http://hello-linux.googlecode.com/files/pptpd_with_freeradius_plugins.sh chmod +x pptpd_with_freeradius_plugins.sh ./pptpd_with_freeradius_plugins.sh |
注意:此PPTP VPN脚本已经加入了FreeRADIUS插件,不能脱离FreeRADIUS独立使用。如果你只想安装PPTP
VPN的话,请不要使用此脚本。
此时如果提示“错误691:由于域上的用户名和/或密码无效而拒绝访问”,请不要担心,这是正常的。
二,FreeRADIUS 客户端安装与配置
# freeradius-client安装
cd /root wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-client-1.1.6.tar.gz tar zxvf freeradius-client-1.1.6.tar.gz cd freeradius-client-1.1.6 ./configure && make && make install |
# freeradius-client配置
vi /usr/local/etc/radiusclient/radiusclient.conf |
找到 authserver 和 acctserver 将值改为 localhost
将 radius_deadtime 0 和 bindaddr *
将这两项注释掉(或者通过以下命令来注释之)
sed -i ‘s/radius_deadtime/\#radius_deadtime/g‘ /usr/local/etc/radiusclient/radiusclient.conf sed -i ‘s/bindaddr/\#bindaddr/g‘ /usr/local/etc/radiusclient/radiusclient.conf |
# 指定FreeRADIUS Server地址,并设置通信密码
cat >>/usr/local/etc/radiusclient/servers<<EOF localhost testing123 EOF |
注意:这里的通信密码不建议更改!经本人测试,更改后使用不正常。
# 增加字典。这一步很重要!否则windows客户端无法连接服务器
wget -c http://hello-linux.googlecode.com/files/dictionary.microsoft mv ./dictionary.microsoft /usr/local/etc/radiusclient/ cat >>/usr/local/etc/radiusclient/dictionary<<EOF INCLUDE /usr/local/etc/radiusclient/dictionary.sip INCLUDE /usr/local/etc/radiusclient/dictionary.ascend INCLUDE /usr/local/etc/radiusclient/dictionary.merit INCLUDE /usr/local/etc/radiusclient/dictionary.compat INCLUDE /usr/local/etc/radiusclient/dictionary.microsoft EOF |
三,FreeRADIUS 服务端安装与配置
# 安装 mysql
yum install mysql mysql-devel mysql-server service mysqld start chkconfig mysqld on mysqladmin -uroot -p password 新密码 # 此时会让你输入原密码,一般 mysql 安装好以后的初始密码为空,因此直接回车即可 # 如果使用非上述方式安装了MySQL(比如lnmp一键安装包里自带的mysql),请执行以下两条语句 ln -s /usr/local/mysql/bin/mysql /usr/bin ln -s /usr/local/mysql/bin/mysqladmin /usr/bin |
# 安装 freeradius-server
wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.1.12.tar.gz tar zxf freeradius-server-2.1.12.tar.gz cd freeradius-server-2.1.12 ./configure | grep mysql # grep 这步操作主要是查看mysql的几个参数是不是都是yes,如果不是,需要检查下mysql安装. make && make install |
# 基本文本数据的本地测试
vi /usr/local/etc/raddb/users # 找到 steve Cleartext-Password := “testing” , 取消该段的相关注释 steve Cleartext-Password := "testing" Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 172.16.3.33,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = "std.ppp",
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP
|
radiusd -X # 进入debug日志输出模式 # 如果有出现 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /usr/local/var/run/radiusd/radiusd.sock Listening on proxy address * port 1814 Ready to process requests. # 这些字样说明正常启动成功了 # 重新打开一个窗口,执行下面这条命令 radtest steve testing localhost 1812 testing123 # 用户名steve密码testing , 连接密钥testing123 # 出现 rad_recv: Access-Accept packet 字样说明验证成功 |
# freeradius 和 mysql 集成
mysqladmin -u root -p create radius mysql -u root -p radius < /usr/local/etc/raddb/sql/mysql/schema.sql mysql -u root -p radius < /usr/local/etc/raddb/sql/mysql/nas.sql mysql -u root -p radius < /usr/local/etc/raddb/sql/mysql/ippool.sql mysql -u root -p radius < /usr/local/etc/raddb/sql/mysql/wimax.sql mysql -u root -p mysql> GRANT SELECT ON radius.* TO ‘radius‘@‘localhost‘ IDENTIFIED BY ‘radpass‘; mysql> GRANT ALL on radius.radacct TO ‘radius‘@‘localhost‘; mysql> GRANT ALL on radius.radpostauth TO ‘radius‘@‘localhost‘; mysql> use radius; # 加入组信息,本例中的组名为user mysql> insert into radgroupreply (groupname,attribute,op,value) values (‘user‘,‘Auth-Type‘,‘:=‘,‘Local‘); mysql> insert into radgroupreply (groupname,attribute,op,value) values (‘user‘,‘Service-Type‘,‘=‘,‘Framed-User‘); mysql> insert into radgroupreply (groupname,attribute,op,value) values (‘user‘,‘Framed-IP-Netmask‘,‘:=‘,‘255.255.255.0‘); # 加入用户信息 mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES (‘sqltest‘, ‘Password‘, ‘testpwd‘); # 用户加到组里 mysql> insert into radusergroup(username,groupname) values(‘sqltest‘,‘user‘); # 限制账户同时登陆次数 mysql> INSERT INTO radgroupcheck (GroupName, Attribute, op, Value) values("user", "Simultaneous-Use", ":=", "1"); |
vi /usr/local/etc/raddb/sql.conf # 设定数据库类型,帐号,密码,数据库,根据实际情况修改 # 找到 readclients = yes 取消前面的注释,取消该注释主要是启用nas表查询,clients.conf就可以不需要了 vi /usr/local/etc/raddb/radiusd.conf # 查找$INCLUDE sql.conf(第700行),去掉#号 vi /usr/local/etc/raddb/sites-enabled/default # 找到authorize {}模块,注释掉files(170行),去掉sql前的#号(177行) # 找到accounting {}模块,注释掉radutmp(396行),去掉sql前面的#号(406行) # 找到session {}模块,注释掉radutmp(450行),去掉sql前面的#号(454行) # 找到post-auth {}模块,去掉sql前的#号(475行),去掉sql前的#号(563行) vi /usr/local/etc/raddb/sites-enabled/inner-tunnel # 找到authorize {}模块,注释掉files(124行),去掉sql前的#号(131行) # 找到session {}模块,注释掉radutmp(251行),去掉sql前面的#号(255行) # 找到post-auth {}模块,去掉sql前的#号(277行),去掉sql前的#号(301行) |
# 正常启动 FreeRADIUS 并加入开机自启动项
cd /root wget http://hello-linux.googlecode.com/files/radiusd mv radiusd /etc/init.d/ chmod +x /etc/init.d/radiusd vi /etc/init.d/radiusd # 找到prefix=/usr/local/radius(第25行),将其改为prefix=/usr/local /etc/init.d/radiusd start vi /etc/rc.local # 在最后一行插入/etc/init.d/radiusd start |
# 最终测试
# 用刚才插入数据库的用户名和密码来检验 radtest sqltest testpwd localhost 1812 testing123 # 出现 rad_recv: Access-Accept packet 字样说明安装已经成功 |
至此,安装已完成。
可能出现的问题:
/usr/local/etc/raddb/sites-enabled/inner-tunnel[118]: Failed to find module “sql”. /usr/local/etc/raddb/sites-enabled/inner-tunnel[34]: Errors parsing authorize section. # 在系统里找下是否有rlm_sql_mysql.so这个文件,如果没有,那么依次执行以下命令: cd /root/freeradius-server-2.1.12/src/modules/rlm_sql/drivers/rlm_sql_mysql ./configure --with-mysql-dir=/var/lib/mysql --with-mysql-lib-dir=/var/lib/mysql/lib --with-mysql-include-dir=/var/lib/mysql/include make && make install cd /usr/local/lib cp rlm_sql_mysql.* /root/freeradius-server-2.1.12/src/modules/rlm_sql/drivers/rlm_sql_mysql/ |
radiusd -X radiusd: error while loading shared libraries:libfreeradius-radius-2.1.12.so: cannot open shared object file: No such file or directory 执行以下命令即可: ldconfig |
本文参考:
系统之家
WangYan Blog